From patchwork Mon Feb 9 14:24:38 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amaury Couderc X-Patchwork-Id: 80788 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7B2AE81BCE for ; Mon, 9 Feb 2026 14:25:19 +0000 (UTC) Received: from MRWPR03CU001.outbound.protection.outlook.com (MRWPR03CU001.outbound.protection.outlook.com [40.107.130.65]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.48335.1770647117442862364 for ; Mon, 09 Feb 2026 06:25:18 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@est.tech header.s=selector1 header.b=N6uJCEO8; spf=pass (domain: est.tech, ip: 40.107.130.65, mailfrom: amaury.couderc@est.tech) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=aHaw9ViZ3DjVK0IifUNIR7jWbSeqr+cdSqSBbg8SFr9bkO/b5A1jALOdLIrsIZteYMMSIJMyqPsZxZuZV5ls247843njP/JYKt2Naah3J/qbQK+OjYd7fk89HbVTdpm5Qq06lj8lH41MFgfvihqsa76680+i2xRYLQlmUNdZV+N5dNx6ML3Vf+58wnNC3qJpULENw/Wajjppa3EMr/ILMWgKQhmjrPstnWShbY68XoA5qLxxivW3pucTzC69vJxNhs0Rq0aYSlh5p2zk6tMJrcoJZc2qqW5wYcQKa6lsDs39v/szLA/LW/sc3seXL5qYHvj8usRp+t5kJmKU2bjROg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UxI9mcen1iPr8yo5ou9SaE76khnUt9QaqryBjlgR9lA=; b=ZKHpfYTXMp/pN+nQcA3wHMoRnqrLArnKMVWN50qYDI25QE7NyLelAImfZNV2LQua2DNDkZFDvRG48BNugZs4O6CIhwEdhVr+jEC746LBp3NHq252hV3uh6Ejtevfuk0Olrcn3art52WRJq2oVaCcso6hwnu6rF1dUt7smHMMr2FneLMPkzvEsDzbn2TOjMMpQEahCS0hp0QETqMcj0+TmdGs8Y5gOLwArLM865MNsdeY+F8rck1JnGZ90ABsBdHYSjOy6xkmOkcQSc/EsLpDjgObWl9oagcHda8xLfHwZmKZpr5RYV3VVOWWgn/ADav55clsuf5JMGFKYh8GSlTAHg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UxI9mcen1iPr8yo5ou9SaE76khnUt9QaqryBjlgR9lA=; b=N6uJCEO80a3/1I40SOvMHpCgI7fD7E+FgQLL3m7HCDGeLirAFeUijP8evAA2rynhZXKL3UyefBYykRR9d8J6l3VAG9kC5yFFJzDZ68M3vU+g2QMkLRh34lrkqhbY1hpdRxWr2STFIjC6zRbITfAfRhkRjsvZ8xH+TROzMW7J5wxa9Vbx5XFZxxb2I9U9cM/7St8yCmOoOxnvVP/oYb3y5jgciBZEzFn2GzR5l7wvSh7Kh0uAqIbe/LmEoz3TnBEIk5sOLueNGvxIk2pWInt8fdQ8hjGwNebj2MPvpw08MPPYEZhLeSvXmsHqm2A0v6vzGnPFekSN56BL3tDUsT7CjA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AMBP189MB3196.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:6ad::11) by DU4P189MB2684.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:55d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9587.18; Mon, 9 Feb 2026 14:25:13 +0000 Received: from AMBP189MB3196.EURP189.PROD.OUTLOOK.COM ([fe80::1afd:f059:542:3d95]) by AMBP189MB3196.EURP189.PROD.OUTLOOK.COM ([fe80::1afd:f059:542:3d95%3]) with mapi id 15.20.9587.013; Mon, 9 Feb 2026 14:25:13 +0000 From: amaury.couderc@est.tech To: openembedded-core@lists.openembedded.org Subject: [OE-core] [whinlatter] [PATCH 1/2] avahi: patch CVE-2025-68468 Date: Mon, 9 Feb 2026 15:24:38 +0100 Message-ID: <20260209142506.55783-1-amaury.couderc@est.tech> X-Mailer: git-send-email 2.43.0 X-ClientProxiedBy: LO4P265CA0048.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:2ac::8) To AMBP189MB3196.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:6ad::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AMBP189MB3196:EE_|DU4P189MB2684:EE_ X-MS-Office365-Filtering-Correlation-Id: 3b58a618-ac5a-48e3-bfa6-08de67e70a21 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024; X-Microsoft-Antispam-Message-Info: M9xC82SlMc4MMZ1ZF7rDjt+Yrz+ZrY017wwUrFZ4YEjP9hlPAJygWocvYrveuINIWAmLpe5FnZyYg78/21poz9sQprV/rzMoq9XEpy/vd0Hxeipet+BfPY7Y5/4cKlwNMxFNeEl72Jkg9udC85+/K2A8HMgiH+6TfjbnKgbagKEiYf8+YNwfm3SMxO/4jSqO5oURnj+lEXDZEXB7UCEwwp3MGAYQ6dnYpiVU+GkT5suwevZaXTxBf4uMDHRAXuw+n27DR1JLRrwHKPaxp6hUpevS62bzEpJEymG3G+3gH2KD/7vNLX29HlFIF1lKzkzlPwCVysMPETeZ+W63EJc0/Jj1FHAOLrcAggSZ4d+dOM/jXNZ3JNjW+TGDH83o6zFSpz9GlngtDJhEbSHNJi18IXbQspVyGxOVkKSEGUnlsdf6a1TeYnwuGpvfmB5bqWTmO3sho875G+IjZlJFXGjypUDJOEJNn2r3TQ208cs9Ct5wEB34XrSONPpDJAFV+Ho4lptmKd4KKumPttAEf0DYiCDkHL8LF9vGBAf1HFsiXFlNUeXfjotONPtmQ/nSxBGBtsOm4G4MHINL15kaWNXnuuDm1+03Lg9aGNvaN98R1EyPFgNaLLYYxrELp6jCRRdFdD8GVb9tJjSFzE3nTmIF0nsM1ma+3a+uYuR4Ph50aayLMtSvHuWWx+vwz+Jim2JuVkzB/6wDJwWWvjjfK5U3UboIyYbyQQd/s5MoVl5qcxbXESF1K/kTZNnoOE6nvIUEuJHUHmHK1QIK+DTQT4xU0btx5R0s/OSeMxb8zBH5HgviXdXnAylR3A+vxYIIRoKFMcJET2HnCxI0T/1bSkjalCQWsU501DgtWPCeTZXzCPj5A5dWoYGiXwIPr3WqZ2Dw570m/d49F7REQph6M4C7w2HhW/1INdq/xypKfyr5UM+OL3WwI1BR1qIC+PNuBcIytpz1YifDjM0n+T8v6YEWPWqdtB84WtggE+HKVgZztUGZkQvuZ+TGXWrQ5AUYp1WxjDkLLDOjqRoyTHuyAUQStr3tywbCsJm9fGOsOB1yakuEsdKd+JwMJg13nd4vSncXjq75mnH+skTgR/Xxdzd7ioB0jQyP4mCW6Nm8I/ZeW1WXcwcKynxEtgFcWY4/jnbuRmD+CcNlNhbgCcy19chabLCZkNVm1qohjFdVthnv/3IvLAic+ImaJ60goeTGNxK+tpbKZXQeltpQdLSkjNz8jvCWst+pzkGNsbX1HtcPgsSZp2XYpBgNmZD9fEVf/tnqyyl4UoA+rQmaacHP1z5gd7pQnNvdTNC5JvD6l+CA3yfZGyfQHfVR8U24BR26CLt6jPauJDSSUSaemaW0pHaCCkqaLtGBhSGR7Y3bfOwxxjOb3jOe4S84ySDlKUfBh4KhSMIVimE2+ApcHZWn9+nZZ3Lfw1qiKQA0WtBsFwYcwlUkyQyvgYXmp8qBLua3xCDv6IEwFlq//m87j8AwsJa25QvZRGV2F2q4zt1p429hki7kL39zgsmZF7eS/4hrh0J8 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AMBP189MB3196.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: /1BgGCP5Ps2I2Op6GoJg2Gds/9kWxfGp+Rccodk+ua6QbECb61CH1ghCMXWIB9igIWfLCELNGbZj2khiECgZXuguKgwN+NlUtw9lJAUhb1Kzio/9OTGpqQ86Ge9eDx0SxuQeNv+TY3rwwyeOXn/DGaag0jjf9Mft6YAFjp2Ok9xxZgm9vKbKs8QcWsZKhpN12oXFgR3C5IyhFj7P2d+rNz3usvsxzv9n2NfpOaRAt26pq4WuL3FDXe0FSt2a1xFEKe6Onsi1PTyXk+ke0GbDeYxxIvh8hihx758ldN0afHoKQJJONBSf3/B093N+bfdK3k0mAoO+A4P1cl5oWy/MQqH1Djn1vbpCHOVFT3bqZGG2+J02VhZfUqsuOQe83jI1jk0EMWDpD/PdK31zMBiwKR9UezB113IkM++0Ac3N+yhvwB1oq3LJQtD7CCHlC6qex/uAwIcU2qVFCTwjTXLnvN+isUL/ZMyahmkNkAh+ksyOtzo3USqWurgVPok6TiOT2tFyiiVi9QyMn18yd4uiKPqwVKKExA5dcliFPKKXAGLm09Ih2lKspFKqILun8gUVvxRuK6AELIXgEvvjJ664Ka9K0IZS33OCFxM0OMn61W+kCpX82QZ2jamw8ge61DAv9t2RE+fF+5LanFC/QMHqWXVC0GOZv14ayBAN5hOs2jqKz9nhBSC9cwam9lwxqQXFGeR61P30BTCOaDUow28czS1eTEl3CDoYChHRniz0UoUFM0fMbr9e+oHPE4koIC9kaJ+wZle3Zx2RPY/ytrGYH+72RVGNmfuU9oyK7I+jK6vx09lgtacb5S9HR8K7ByxHRJJqggRBRPhs3qlZv6JfYsEq6PbUrPG0NuibJ+8u50JfDc/dZPnPoJDlwIzvtYmbcXNoxAHgmNXxnj5BNeOoYa8gqw8/U1FMV5mxW5Nm5UZDCaiC27cWatYTlhjuG5dJI5OotBxejlOwuJW6BiVuJF4u6nN3Wbxxvufl/BAo0BVpdwpfxtHPm3FUIg6j9CpNfikk2NsLbVfbutFqVxt1P0T44W98GfwbyqT0QAiUL1Kz6t2X3oACe3TNOgeIrnma0UV5+dPbP79Dh1kxNuiXBeoGplnOWoOrLYRUqmiCMglkChTgutNSvlGwsUzpmPZZFz/30mPZ7X36bRRrxh0OJxbdftgR/4Hn46sEi9lUz4PYd28110GdlUmU8wNasWAXyGJ/MRhFQeQUPGNtKyJ6WokCDYP1rRU5VjnKnFObuzUaLlw1ZG1X++/z1Tc4fHpSD5st/v7GanVedogz4b9Nm6s8sAxSaLtcoBF4dJF9vRjapRX2Txa66DqH2l9UauLkx8+cNX3YRbG7qj6HwT+iELzuGTbr95ZKUn01QRvAw2wdO6BaKnmB76d5p7yb/uYPmnOIJmCqONy4nnxIepnHfuTLqEoM7skE/YPYnUML3YAKYV3OfKe6bS7+ijvPZ3tEicq7A5TYgnq8ys2nYVnKJcYNXv+3xOA4mTbfoSh2xFWHsbuaCUfbVk6yFgLXkX0UbQWcTtV2hmMk54baiF1STy3LZQ1KDN8Q69ySuiGxodJa98SWC0aDs6tNprlqpR18NIQTQHY4tvettRStjQK9poDxiOxocoa5EcswfIYlsVh+GDdHfpzSZQfumse9xeL6oT1VTAi7pCzvy83WL7R31NAjBEBT4SzN6fgFAw+3TK4+RifyOmWEg0mOBlh9+K6B2DGvtdNOkRvHLjE0iUZ7/g== X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: 3b58a618-ac5a-48e3-bfa6-08de67e70a21 X-MS-Exchange-CrossTenant-AuthSource: AMBP189MB3196.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2026 14:25:13.8733 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: pftCFc5jaBImvNIgXUV3Ko2O4aJ/EepjJmnJ1xS6EX3QVvzHcKk4MevN967Rs1Crxj4D1ydxezbo29lpu1bnkg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU4P189MB2684 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 09 Feb 2026 14:25:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230803 From: Amaury Couderc Signed-off-by: Amaury Couderc --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 + .../avahi/files/CVE-2025-68468.patch | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index bd61c39dbf..4efb29a7d3 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -38,6 +38,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ file://CVE-2024-52616.patch \ file://CVE-2024-52615.patch \ file://CVE-2025-68276.patch \ + file://CVE-2025-68468.patch \ " GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" diff --git a/meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch b/meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch new file mode 100644 index 0000000000..3635cc8d53 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch @@ -0,0 +1,32 @@ +From 483f83828cfda965fac914ff1b39c63c256372b2 Mon Sep 17 00:00:00 2001 +From: Hugo Muis <198191869+friendlyhugo@users.noreply.github.com> +Date: Sun, 2 Mar 2025 18:06:24 +0100 +Subject: [PATCH] core: fix DoS bug by removing incorrect assertion + +Closes https://github.com/avahi/avahi/issues/683 + +CVE: CVE-2025-68468 + +Upstream-Status: Backport +[https://github.com/avahi/avahi/commit/f66be13d7f31a3ef806d226bf8b67240179d309a] + +Signed-off-by: Amaury Couderc +--- + avahi-core/browse.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 86e4432..79595fe 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -295,7 +295,6 @@ static void lookup_multicast_callback( + lookup_drop_cname(l, interface, protocol, 0, r); + else { + /* It's a normal record, so let's call the user callback */ +- assert(avahi_key_equal(b->key, l->key)); + + b->callback(b, interface, protocol, event, r, flags, b->userdata); + } +-- +2.43.0 + From patchwork Mon Feb 9 14:25:20 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amaury Couderc X-Patchwork-Id: 80789 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7216E81BD0 for ; Mon, 9 Feb 2026 14:25:49 +0000 (UTC) Received: from AM0PR02CU008.outbound.protection.outlook.com (AM0PR02CU008.outbound.protection.outlook.com [52.101.72.35]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.48342.1770647144535915363 for ; Mon, 09 Feb 2026 06:25:44 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@est.tech header.s=selector1 header.b=vzrijGwI; spf=pass (domain: est.tech, ip: 52.101.72.35, mailfrom: amaury.couderc@est.tech) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=stQjnVgVbrwu5Xra64JY2Zh4iJcoUweacxav7scTFlB7shBZKzaAxkfV1dePBki+tV3dJTfxyBlEXimvcWWSJDazocrQ29Kt8CRa5poR+9umQsc8b0MWeMmM/ekLXDnOZMLBDUJHWJhKIs32at2/DUSNYS6NJwBHuB3hjI08pGJF6JoxeTdGJuxobFVtUISXI1n2qqyCIviTjWEr8h7vc4x9BZX6xYSnsQod7RltiWfX5tXTKo8Ckf6LVrA0x0ka8H6nZXAW6JCTEmr0HjwOb9cLM/UaKkHipPpSPQ37G10GjgvFdsdv7TM/M40gFnmYXvwWb802GJLomtqMw/GhJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RSmYh6x4sDwZId0b0SYbTG55UwcMtXcF4vlxAMvRulU=; b=zQhHZ8IDTnYgsNB0/V3WB39qjH0Y7klcPg0lEPK7zavlkKv+kET+hVospgZQYB0y1jJDmuOswr/hBsZsA062NPkKgicLaDyUbFoYkGpcQerGJlUGu5RKXO80pyDogk7eYlbA0LDrzh42l/VDWnpk8HpRbOT8yFaXDOE4Q3cGt1dns24Pt0T2sI4KHy8MWEtpuFLZAC2PqXKFbVTNsnwGrrUoMJm4oPQOHNnNThYH+WzgEZkRY8584b2eJ3yu7jfWjmJm73xB+oz0cwcw781Kw5xSAIv/tOFqWMfbTumRO0SvWBa7oD+NEEBMEkP0kU0YnsjFFpcQna29Au1D3hacHg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RSmYh6x4sDwZId0b0SYbTG55UwcMtXcF4vlxAMvRulU=; b=vzrijGwIA/CJQj0hqTTMmz+mBkquRb7VzJbnnGTAPB62tCMFhwHEDQezjmd6vaVqxNrudl/kfnLmDJevzR6hZum4cP/ri0jW5y52QemobUUG8rdB7XQVaYig6Eex4TJTwxerFcl2Lr9xiBx+gWfwMTF+9/7PklmpcBV/o1OukZNMjATd7dg1IRTjRv5+/miS6MgbYIRRAEByRTRXkQ9qp2SyroPw56ayQ4QV2/Ch3HCSM7+QpJyLOWebqf6EZS9cixnDW1lWEtN2HZK+IYBKEBL89pgiOhF97R3JwJKNh3Xr9XmDfHnIFzQT2GfiB2/ZQn0N50kb8073m9NydM8DtQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AMBP189MB3196.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:6ad::11) by AM7P189MB1012.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:14c::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9587.18; Mon, 9 Feb 2026 14:25:40 +0000 Received: from AMBP189MB3196.EURP189.PROD.OUTLOOK.COM ([fe80::1afd:f059:542:3d95]) by AMBP189MB3196.EURP189.PROD.OUTLOOK.COM ([fe80::1afd:f059:542:3d95%3]) with mapi id 15.20.9587.013; Mon, 9 Feb 2026 14:25:40 +0000 From: amaury.couderc@est.tech To: openembedded-core@lists.openembedded.org Subject: [OE-core] [whinlatter] [PATCH 2/2] avahi: patch CVE-2025-68471 Date: Mon, 9 Feb 2026 15:25:20 +0100 Message-ID: <20260209142534.55871-1-amaury.couderc@est.tech> X-Mailer: git-send-email 2.43.0 X-ClientProxiedBy: LO4P265CA0157.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:2c7::14) To AMBP189MB3196.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:6ad::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AMBP189MB3196:EE_|AM7P189MB1012:EE_ X-MS-Office365-Filtering-Correlation-Id: 5536bc2f-62c3-4893-0111-08de67e719ef X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014; X-Microsoft-Antispam-Message-Info: bvRLE3rCUGTtS+6hPGK8wZd/6/oJT+72nf/8hsZlsVtDb2e9xm2T8+QbHDYJCmEQHoTvB2oV3dJXH8eXex2CAlSatY0cOGgge2EAGnX87Hi5FME5tTexQ5EQWkG3AVkHAprj7/RtF9/oG5kKkX6/sbRK6/G8oGFjdyfe+682OTI1qqEOViX6/vBbXgPU27gRtfz8wq+TBi0AsnK31YASU433obZP9aUll5o/9Bku202BC6VaPwp+UADS2g/hKNYHZOo/MEBa6cQsq4DdXiCCwcVsp3C3czguxdhfRkS3WJdDt48nYPUvVe2WifG6xLS7YTdxkM+nDKZSqp3NGTkSBoZg/+/8h9ATNc3Y1Aa4B0uQgVTyy8KrKys6/+KPdFVNlubWbo5A1lomyQGloILYYj/1WAyaskxKJrsYjeDIh6cDcvhNIwi7wcleHIPMhjxr2mk8moUKj0UJizNyAMf1Q8fntqHLCCZCYSBZEf9SukDIEvB0uBlXfgciLqIJZk+JKQUmym/tk/6VPMY/DGa/1LoXj1KrmwCMfHQUQDcFTkQ1ZnRd0a12NyPLJmkg/7PmQH2gVpk4UxUNTBVwApQ7eqZuudXaWDm94yRSOBp4fC94NihpmJzWeieCi5g52WmqGWbxZKLH4ZoQb/D5rYczoqhT23C9zf0jA9LiAcN0Z4FthlYL9bBAm/jmfezBHdDCmVmEsLTcbHtuNHTGE9jksjLqnaL7oz9Mw2rvvbiXK+vJpBLuR/LMumgzTpPLedS4f+YjLB7w4G8cvC3VIXjdFVXbJtY+jLQBuwsNFIljnvcbC7/L2ZC2UDexG77qF+Sl/r0lbmxICImq3b9HCLzLnTpvjxaWSztPaNKU3Ewhi/tnPMaXeHqtdbCPNtyq4ou3DCI8NJ0hHPNwv15UOHN0A4+ggqVSdISz5I/orNoZKtTjGCwLGT3y1lBJ2Pgy4rju1aIswiCC+XjA0EHFaBjAi7XiChuQLKpugRK2fP8119YX47w2OGikiJAq6iYXt8wp+SAepQT4DGkNnhopvVL4PugV1k4MqDOQ7qojd0ARJRJMBdItO+eiyNQmhkT59VG64fRKZaXpWj0FYiZZ9dvqaECNqMYDCkcrjOFMw4oRVuZ6kgT988K0y659UOUP5DyNKuGzXU0bYTWnmQv2/JRbSRV58NF+JC3y+pn7M2VH68IrjlFBIWRqkpKECPJCBdl46MJFRN5oGWI+fIzOxEzp9ZS7BrQ8o5LJgenEGcYUQh4yaCdNYGj2PJEglPUNbioj1mI9ZXcvUXcNYgTmrWJqUilOfi3bc8JmCWQoAahYpfOyKxroo2mnUKcdcFogG0HNVG81qCwW4kQICw5aPsScXY3aHRqE9EFPVqnkIT/TUetFFqyMLT9lO5BjCyTQrIPzO5iWMw8Box4pXfFFYGZl1k3Ur+Pq4gwQmYvsi4G6PQA6uw54B2i0h7P/k+HfuZWxgzIENkIiUXT5XxX+vyyRkyMdzkuF3TvWwse054dzDAw5+sGxZpZCzzI2p5BNE+N/ X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AMBP189MB3196.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: SJ1vXmnSyI+l1Nqa5Rbzp6vblqwmwrL5NTYNms1j8b8x5UJUpRxzy+o8KhNTVsyArzjY0WkUEtA3nzuP9c6rO/rp/hLpyztkblrdSsEdBqk8qT++UBA8KiID5FAEYrhRpvoGcM22LNsTLIv4yoAy+KM7LFsmHOWL330QU/4aAqhizbNUNfadZFGWK0ycyu9qe+7DJlotoYUrhDzW9OLY4kmR41wYG5kgDhifoqA25ta1jRM1l0DSceMaXNYwuU0Bm8wk007DNiW7Z4DI5GndtjWNXq9XAPRx6OM28Z0kGC/30NN56ZaBJ53CeaF1gkjUfQZo9mgQCGYIYd+IA5Vbh8VQKhjVO6kBfErvQ+uPJX1RZxQNcxFQIGiS6rRvnySFkgZ7dirF7BDat7i7jKv/JZm4STqahB4zmuVDWeY8RT6qPfRrhGfvORuVtdsgUkmL+wiq0S2TVzaQbFYCk3aTzLLHpNeDXSjoorxOYWIPEWWeArf7JSZGmn5+2CzO1B+YCJH5iX9uN2RKvmqevS+hiDGFiK7rlpp5Z3o2kO5JVdqXfZk16AQQ65Hk4FOgb/nDaXtZiceV91PqWdSNyXz5jvdgkMWchG2Tml3aawJbXPYlUNyAFdBpo80TH0LJDfAwClU51PHyLyNI3lEwspjt6vI06hlPSCTWuxvmCitSgxPV7uOjaBLgac6UJF3H5iYm8F4uw+/oec+xt+hjf5/8smWI0bOMuWc/lyFiNN8xEj7JKKh2c4wgZI6P6CDii6XECFHEuRQgZKACDHgTMYV6k4K65MoEPG36rgw+XnhGGpOUIB2e/SzCrk0VXSaL4Csu3bOEpzvrYSRrSwi/c2kmV1tUEg67aCbWpXpoXnCh7CNJHxX1+Ee+B1sCY4WSkO8VXWvfGkR6h5En0UuNBjZ0owR5W4Y3x+JrNITZGiaqQ6BTpVjfyMErMi7laqKUuIg6od5lDqnKh6osrmYW5fCkmdtIVJU1yFjt/nUxG0hFWI5BVD2htnz6AH2TGAvp3jVrhBhbK2xyTHadW/1m084SASCdhPmH64oFj7Gq177dL6yGoSiUSnsBUEm4Fa0cVOhets+km57+5taAMa/3hUw5tAJFt0iaHtNgLNcomtKXYo13nOCDuZhIM4tBk9hx3Dv+nfYjrLZfgZGG4ODRt6yMQuJ94pDVvR59kLIqCTeimLRegKDHZZ5nTGbFUWjNm+x1xx+zz/95awBRypRys8noLIb1xzscOgYEm0BxQHGrupjrwR8HMyqhLe5kN4jXmMMrxQY/83mLw12JxfSg7zs0uohrdaoXDx5F4vII9pL86ONRgSFfF+n0v8nM8kuEJHF3TK3TmA1riKO22WPxBOnlpjn+NWy8/UvlNeVo3fNcRJd2pM5kPRW0zQ4kyELncB0VMH7B/BLs6k4fXoGK9YgfMW1I2HV5MS36mFKjsRmX6jUPdaK75DAXkYMABRXnh9SidPiUL0sOudZpU9JiGZkSoZRbv5bFCx6yWbfmXlSyMRmXE8tOoAW0/Ty+QhMLeKFo9U7KooBf9viCOAxxPvNzh6HhTJqBiLIcQPaF7qNOh/VrKs8hkP4prFfRjfeZ1H2XMpstW4XqpWyvrxIznSfpEf9InnXsvHd92vnNvUk7GroLrnExrl4AtFE3CkvrEYO+ekaxEazU+qE9zFkgqOzuUxpk7559Vuu74SSb0mh/HqTD9Vtq2TuAtqhmauvTd9C4omZbsUhtqjzPmUhc3RDdUg== X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: 5536bc2f-62c3-4893-0111-08de67e719ef X-MS-Exchange-CrossTenant-AuthSource: AMBP189MB3196.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2026 14:25:40.3768 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: yeL4mgQt/o5uYO3d/UAk7RVQB1Kn0im4CU+3O8mWEkM1MGYbdgwcA4hONd29GsQ9OR60OZ5xlWqy/jeMXRGP+g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7P189MB1012 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 09 Feb 2026 14:25:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230804 From: Amaury Couderc Signed-off-by: Amaury Couderc --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 + .../avahi/files/CVE-2025-68471.patch | 36 +++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index 4efb29a7d3..6c58613475 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -39,6 +39,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ file://CVE-2024-52615.patch \ file://CVE-2025-68276.patch \ file://CVE-2025-68468.patch \ + file://CVE-2025-68471.patch \ " GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" diff --git a/meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch b/meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch new file mode 100644 index 0000000000..210565cdd6 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch @@ -0,0 +1,36 @@ +From 4e84c1d6eb2f54d1643bd7ce62817c722ca36d25 Mon Sep 17 00:00:00 2001 +From: Hugo Muis <198191869+friendlyhugo@users.noreply.github.com> +Date: Sun, 2 Mar 2025 18:06:24 +0100 +Subject: [PATCH] core: fix DoS bug by changing assert to return + +Closes https://github.com/avahi/avahi/issues/678 + +CVE: CVE-2025-68471 + +Upstream-Status: Backport +[https://github.com/avahi/avahi/commit/9c6eb53bf2e290aed84b1f207e3ce35c54cc0aa1] + +Signed-off-by: Amaury Couderc +--- + avahi-core/browse.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 2941e57..86e4432 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -320,7 +320,10 @@ static int lookup_start(AvahiSRBLookup *l) { + assert(l); + + assert(!(l->flags & AVAHI_LOOKUP_USE_WIDE_AREA) != !(l->flags & AVAHI_LOOKUP_USE_MULTICAST)); +- assert(!l->wide_area && !l->multicast); ++ if (l->wide_area || l->multicast) { ++ /* Avoid starting a duplicate lookup */ ++ return 0; ++ } + + if (l->flags & AVAHI_LOOKUP_USE_WIDE_AREA) { + +-- +2.43.0 +