From patchwork Fri Mar 6 18:33:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82721 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 92E64FCC056 for ; Fri, 6 Mar 2026 18:33:56 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.1727.1772822030294886712 for ; Fri, 06 Mar 2026 10:33:50 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=iLfIERhJ; spf=pass (domain: gmail.com, ip: 209.85.128.44, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-48371bb515eso141458615e9.1 for ; Fri, 06 Mar 2026 10:33:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772822029; x=1773426829; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=Cn0hSd6azepH5fg/FjZ1kPoivEoF972ERiDm7iS4N/4=; b=iLfIERhJpZ0sUycidG1hMZCRz+FLGwC5s85i2jJ0hRc7GvD9IIqwSSFdASA3cike4X D6tReSGc7DVhBpI4oRBe8FYObFoDojN4TzB5PaMxpnX0sS+CN2t+e0TYRNt1vVV1yM1W bOlZXrrThpnvNIMOuDifeJy0LOhiuigrav6dIKUOFxTp4eTv1s6MpS3+0A/lLTLeL7xu CfYBEDjaDCURe/ZNTSIdbAB4Pz10HPjW4au+XLi68fyfl42irxfJxrgqjWxHGKVFjEVZ bgXR0Qzar3UBZDSBoI0ZKJd/a80rvMqG+07f7r1TrFQ6qIiNP/pcGCxgqvWCQsw20NyJ wALg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772822029; x=1773426829; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Cn0hSd6azepH5fg/FjZ1kPoivEoF972ERiDm7iS4N/4=; b=X5LvOahoKcniQXSjuKckQO14nsfgUOJHkkI0y91OUxoW4oqDy+M72EED6Cap+GJ1x2 DpqxKMUoOyQejpMEYYltSDSsKCnmqX4+8NWbFhQp1zNpjPY0GGqQvy6C35DqjsMrc+3+ nGbt031ET0/jQhuHVaexYcIwEEXuNwXLH8a0bAwzPXNIx0EXVOPqYHygZddEAZqRfhrG Z5bWIwi6XH0bPIFoTQG3Lc8+VyWNPB5yjzO51Ud29LgCl1xeeX+pGHvjWVOUQS1CXnuK SLg4uQBIiY1lhlN51krHN3+qVmrCxEj41BMLHMMWQZbVYk+3KMY4rkk+n1koS8KhgLhK svrQ== X-Gm-Message-State: AOJu0Yysfy8pn4KB3qgm0z97A78xEhmaD0Ncmsn1AgPImI4hNt1Y7O8G bCnlGip5yVwwP4iVe4SNtprQ7IzIhBYCuvQc3lFyRsE24NtoqloUZ/STtZ1ZmA== X-Gm-Gg: ATEYQzwu1SVDsMWgjEhHimLN0ZiG210Mog7vJYTUM4K3/RPaYDbSbbxwRooAzf+/BXA B1/QQN7KbcYQc4MC2lfNiiFHMYX2oJTBTNIgZWnUWMbY8bqZ9saDW/+ZtP3izdXSPZ95Wsgdykg +riN2TGUJ8btnsNQ9kb28s9gAHuNQGiyTqN1X3kNAU+bQGZYzTktFyq6j4j7vDrxoo2EisQio6d TZaqDtJ+rlGt6HqcXaKr0e3pP7t1BGYuv14jSN/WtkP6IHWQR/N5spielVHjqwxM0lTZgK08zE4 sGh7M4yTvW4YRJ/fo3EJYepTJQYKsPZL352CIhSg++e+TOK9cdH9cj8o8aShw6gnqzuTSfXiKqN NEuFXDDmtmjkOhz5m7h4bkiQgNdyOaNERWX2pn1o8XmAQvVWqgpvf3EgNmE/HnqnQ2aFl0nDR1X Ibh7gdVARcoGAypsS0utHc X-Received: by 2002:a05:600c:6489:b0:47e:e712:aa88 with SMTP id 5b1f17b1804b1-4852697758amr48801295e9.31.1772822028319; Fri, 06 Mar 2026 10:33:48 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-439dae4b860sm5846929f8f.36.2026.03.06.10.33.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 10:33:47 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 1/6] imagemagick: upgrade 7.1.2-13 -> 7.1.2-15 Date: Fri, 6 Mar 2026 19:33:42 +0100 Message-ID: <20260306183347.1014705-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 18:33:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124917 From: Wang Mingyu Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 853aecb2f9d8ff277c8e47499bbc24f9595e603e) Signed-off-by: Gyorgy Sarvari --- .../{imagemagick_7.1.2-13.bb => imagemagick_7.1.2-15.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-support/imagemagick/{imagemagick_7.1.2-13.bb => imagemagick_7.1.2-15.bb} (99%) diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-15.bb similarity index 99% rename from meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb rename to meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-15.bb index e3f4a96d6f..d48fae6bd3 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-15.bb @@ -17,7 +17,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://imagemagick-ptest.sh \ " -SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e" +SRCREV = "b5fdb90dac0e6d0bf1bbd95704bbd60216a5bc23" inherit autotools pkgconfig update-alternatives ptest From patchwork Fri Mar 6 18:33:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82720 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5BB6FCC05A for ; Fri, 6 Mar 2026 18:33:56 +0000 (UTC) Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.1728.1772822031019537574 for ; Fri, 06 Mar 2026 10:33:51 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=kcltdiCN; spf=pass (domain: gmail.com, ip: 209.85.221.46, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-439ac15f35fso6139904f8f.0 for ; Fri, 06 Mar 2026 10:33:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772822029; x=1773426829; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Z1DLqPUXEHq/zI8rYUe+khtzW/zDu+UkYSiAWZl/Tsk=; b=kcltdiCNFkX00o9E6FvO8Skh1xZZxq3F28oXrzRNVmNxdqUEYq9CwDHZuah0DS91pv 0BJAwr9fmvOAg1Ep3Q1XXmkvpOBKcYt3Z9wdZ22voOimkxotFmtULTjZh4PvPYarS1ng qFT4kMX/gM3RP2FVgLUS4ZOrRHSVI1qWWFSX4dRSP8cWSThZC8RTcKX5JfGbrolDZSSy 5R29Ugs9xE8Rrqz2ll1Ur4tHVrlvUGYrabH9w9rIv5JkZA9Nn5jghxGEBw2DkgB4I6cq Xaj1TDgFwdfsqHurRdbI1tukllio7ZO2ZWvsGylTLWjmi6G43GqipgyTXdc9jfIcgCWN OirA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772822029; x=1773426829; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Z1DLqPUXEHq/zI8rYUe+khtzW/zDu+UkYSiAWZl/Tsk=; b=gHgtEkd/cvGDdFRhGyDUq52b4BZLEg0WbkvfL1PSnm6/aLCS3nVP5oL38I28JN8zVS YlLA3agg4hnxd4UygVLyIzfMpVkneO9FoZkARJA9uaO5IZ3jDj421OCSzYXCd378LbOW 5csprt+D5FOVn2tbwhH8STOxEdtkHwM27Am5itxYB1IcdDZ+SXcsIb+n8E14/Z+v7aZw F6LlCXJGhzNQpxsBqch6ondF6tg2Kvm636rqooSZ8qjWWj5rX2ODLmXyWkliI8wL6DrJ 0aaKfHiIk7OfeAOoPhvUPjAwJylmrhkVGKRo3pzaVh9KMWW1bZ/k/cV0HxKr5eeAl3rO csng== X-Gm-Message-State: AOJu0YylKRUW8CEHi3+4D0DzExjLW1lFOmibfp4ByKWSJhuFdDMmeiZc UxJ9DiUeM7sIOOwHrhh/tQb9yBXfPDWVZB6494haHkkTYOKuZp/iHeEMC7QQVA== X-Gm-Gg: ATEYQzx7IBivrpdrtZDO4eCmtHBM9uRO3m7AKqRo/+Wa27xr+gUA9j5t+bN+hSbWvB2 9QhInivL4jfH/xegVCbouiL85OfZv/5VEwjeDUitlB4W+/VUFn7pwc7lt5NVsyNxbbC28YQRl07 1FNoJCwgmpikCOHx9P82ftBC/dZlRFS/6Jepal/o4SHe3e92xXxThtUVVGpUR7rRhEhLUE4n1PL TdT0yHYMuDj07RqXeD2zpXu9xBDor2559vErj1wINfn0c1hrqv/4l+EzT9XdoNtyIyi45JnNnji eaxxTZoyK7ZBQssEDgyvoPdc2hY6IIYZhhfugKHYI6dwVQHw/NOX4tqvAWtctWSoMBAnoagM+24 vtei35jH8rQ1XfPyx8X5O9iCsSUyQtuom9RS2GCpJopJHS5J6Xu4P3ioHfjbjvJTPkPXEF74QHs pe9n24zFVmf3A/i1Pd4tWK X-Received: by 2002:a05:6000:2887:b0:439:b057:cb12 with SMTP id ffacd0b85a97d-439da332c4cmr5796222f8f.22.1772822029134; Fri, 06 Mar 2026 10:33:49 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-439dae4b860sm5846929f8f.36.2026.03.06.10.33.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 10:33:48 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 2/6] libheif: patch CVE-2025-68431 Date: Fri, 6 Mar 2026 19:33:43 +0100 Message-ID: <20260306183347.1014705-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260306183347.1014705-1-skandigraun@gmail.com> References: <20260306183347.1014705-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 18:33:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124918 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68431 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../libheif/libheif/CVE-2025-68431.patch | 26 +++++++++++++++++++ .../libheif/libheif_1.20.2.bb | 4 ++- 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 meta-multimedia/recipes-multimedia/libheif/libheif/CVE-2025-68431.patch diff --git a/meta-multimedia/recipes-multimedia/libheif/libheif/CVE-2025-68431.patch b/meta-multimedia/recipes-multimedia/libheif/libheif/CVE-2025-68431.patch new file mode 100644 index 0000000000..829d94c113 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/libheif/libheif/CVE-2025-68431.patch @@ -0,0 +1,26 @@ +From 6747399f04736d9bc59e36befae2946c448553a5 Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Tue, 11 Nov 2025 19:47:50 +0100 +Subject: [PATCH] fix wrong copy width in overlay images (thanks to Aldo + Ristori for reporting this) + +CVE: CVE-2025-68431 +Upstream-Status: Backport [https://github.com/strukturag/libheif/commit/b8c12a7b70f46c9516711a988483bed377b78d46] +Signed-off-by: Gyorgy Sarvari +--- + libheif/pixelimage.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libheif/pixelimage.cc b/libheif/pixelimage.cc +index b46aaf06..d147f66e 100644 +--- a/libheif/pixelimage.cc ++++ b/libheif/pixelimage.cc +@@ -1348,7 +1348,7 @@ Error HeifPixelImage::overlay(std::shared_ptr& overlay, int32_t + if (!has_alpha) { + memcpy(out_p + out_x0 + (out_y0 + y - in_y0) * out_stride, + in_p + in_x0 + y * in_stride, +- in_w - in_x0); ++ in_w); + } + else { + for (uint32_t x = in_x0; x < in_w; x++) { diff --git a/meta-multimedia/recipes-multimedia/libheif/libheif_1.20.2.bb b/meta-multimedia/recipes-multimedia/libheif/libheif_1.20.2.bb index b268b37d8e..b9083ddd23 100644 --- a/meta-multimedia/recipes-multimedia/libheif/libheif_1.20.2.bb +++ b/meta-multimedia/recipes-multimedia/libheif/libheif_1.20.2.bb @@ -6,7 +6,9 @@ LICENSE_FLAGS = "commercial" COMPATIBLE_MACHINE:powerpc64le = "null" -SRC_URI = "git://github.com/strukturag/libheif.git;protocol=https;branch=v1.20.x-releases" +SRC_URI = "git://github.com/strukturag/libheif.git;protocol=https;branch=v1.20.x-releases \ + file://CVE-2025-68431.patch \ + " SRCREV = "35dad50a9145332a7bfdf1ff6aef6801fb613d68" From patchwork Fri Mar 6 18:33:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82722 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C8F87FCC05C for ; Fri, 6 Mar 2026 18:33:56 +0000 (UTC) Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1710.1772822031537406587 for ; Fri, 06 Mar 2026 10:33:51 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lMC6Y2Kr; spf=pass (domain: gmail.com, ip: 209.85.221.48, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-439aa2f8ebaso4212302f8f.2 for ; Fri, 06 Mar 2026 10:33:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772822030; x=1773426830; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=cPiXQyL5qwE/d8h6qwynLd3KryQ/skAVmnWIFSgVZso=; b=lMC6Y2KrARcmLSI9zZKlifReUwW6QflqhxWukFlMqBRIduKVlp/gfQxZWn+BpiNBsZ fkdaiU05wySoZpKAgIquH2zUStVbLukxa3SEoXxPW3N3FBbBcean09HufVdvNisGB8Jh hbgTo70Z04BuMqJbqFBxATzI34K6QNFDTrv7IYaSFY1hPedwWZAhDPZOXKGKQ9FNCPjh EE3tP2inAUwn/acCvYy8/c7aTK8TSEWRpRqt2kybSphwGYVmAhmCSutRAq3aRIfLDn8S a0V25p6M2hJKlSjRVHtCqVK8gHfwSefJL7Do1qlyXrUB6oRMq4at/BOFBBiPNt3O+1dD /kqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772822030; x=1773426830; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=cPiXQyL5qwE/d8h6qwynLd3KryQ/skAVmnWIFSgVZso=; b=uaLGr68x3zqsutSY3dSECrtxxJZ1EODyoutG3URYQF2pynDXPLjrd/ZYiYKLfzDfWt zNI0nl/XFkGFENaiqMIGpLb9gor8vIIm8ePpuJnhW+CfDQRo/Y/+HGSS+0JaUclrjqT2 jOP96NtXicCVZsaEOuORZ6y61o/2kCTCcpxuCYx/I3huuOHdEDqP49QHI0LF/LU59/ek jIHUE5Q8g3HF2WuPAW2uUbxiAP7dNDZwX5F5E+7Hqwj/FFuw7X+cUUuIKqhQibgs7AsY 52WXKZmzIb++TKFAITJzgynYs7aE5AyNjRw2fu1s0/MwPA5LVMXVCCwTyVQYwldY33oP QOOA== X-Gm-Message-State: AOJu0YzsnOu7dSXGTBcr8CuWS0DveUy7/3eqk6hJho110WPJG0nvHoUi /7z5O+8OPHmudakcTP9YX3UFXAsxpa21amosrOCnRcQ/n+He0o+ULdXJ0LmyTg== X-Gm-Gg: ATEYQzxLegdCtjJFyRCdFFWdUO1wNAhx2gNTdbU36ytKPv2c+Nea+klKgWpZgEa/S4M oqQNUtv0CnzKr/Qy7bRfOhuX5RJTsafaiLXHCTyCpTpRSL0AU+28rduZQ+gzbM0M4NLEoTdcuN1 6W8kf1t0ZIoUHKlZ4H4xuicwm48T3Qhktc30O4hn+ssJ/hFd4JMcKBCmYItNrfl3WGPaRNmd563 iy//Lr2E0xijLdie1DpfP/dDAk5C82AceA2nVveFxJ2/5PDhQ8qkY/M5DPs6Wpc+CxvDC0rGyUX 30/7nXD2oZHZ31lx3oUlrcORFIFXyZ3H2qZTxQhBoUQHKMJM1dXhiq+ScjTfpz8PO5BE3YmkoBn aBJG9Gzng7hQjuBPrulx0tU/ExsTbaiHej14qQde4HMajzgs8hDYd530MTu2iuCNenPrUsyuLGg 0DSw8w4w1SYfA4hHKyEjmT X-Received: by 2002:a05:6000:2902:b0:439:be86:5051 with SMTP id ffacd0b85a97d-439da8a35e6mr5352828f8f.59.1772822029839; Fri, 06 Mar 2026 10:33:49 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-439dae4b860sm5846929f8f.36.2026.03.06.10.33.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 10:33:49 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 3/6] python3-nltk: upgrade 3.9.2 -> 3.9.3 Date: Fri, 6 Mar 2026 19:33:44 +0100 Message-ID: <20260306183347.1014705-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260306183347.1014705-1-skandigraun@gmail.com> References: <20260306183347.1014705-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 18:33:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124919 Contains fix for CVE-2026-14009. Changelog: * Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader * Block path traversal/arbitrary reads in nltk.data for protocol-less refs * Block path traversal/abs paths in corpus readers and FS pointers * Validate external StanfordSegmenter JARs using SHA256 * Add optional sandbox enforcement for filestring() * Maintenance: downloader/zipped models, CI/tooling updates Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj (cherry picked from commit 14d464c15094d1758dc14706646a8aa645a3bf34) Signed-off-by: Gyorgy Sarvari --- .../{python3-nltk_3.9.2.bb => python3-nltk_3.9.3.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python3-nltk/{python3-nltk_3.9.2.bb => python3-nltk_3.9.3.bb} (88%) diff --git a/meta-python/recipes-devtools/python3-nltk/python3-nltk_3.9.2.bb b/meta-python/recipes-devtools/python3-nltk/python3-nltk_3.9.3.bb similarity index 88% rename from meta-python/recipes-devtools/python3-nltk/python3-nltk_3.9.2.bb rename to meta-python/recipes-devtools/python3-nltk/python3-nltk_3.9.3.bb index 8a1e0cc047..1748cf6826 100644 --- a/meta-python/recipes-devtools/python3-nltk/python3-nltk_3.9.2.bb +++ b/meta-python/recipes-devtools/python3-nltk/python3-nltk_3.9.3.bb @@ -21,4 +21,4 @@ RRECOMMENDS:${PN} = "\ inherit setuptools3 pypi -SRC_URI[sha256sum] = "0f409e9b069ca4177c1903c3e843eef90c7e92992fa4931ae607da6de49e1419" +SRC_URI[sha256sum] = "cb5945d6424a98d694c2b9a0264519fab4363711065a46aa0ae7a2195b92e71f" From patchwork Fri Mar 6 18:33:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82724 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8CAEFCC05E for ; Fri, 6 Mar 2026 18:33:56 +0000 (UTC) Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1712.1772822032448937688 for ; Fri, 06 Mar 2026 10:33:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=KDUwpJ0i; spf=pass (domain: gmail.com, ip: 209.85.221.54, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f54.google.com with SMTP id ffacd0b85a97d-439c9bdc1eeso3232094f8f.3 for ; Fri, 06 Mar 2026 10:33:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772822031; x=1773426831; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=s7jmQ7t19NNlusbg+JR0Kp4wrlDhk2kdkBl+WqXOF3U=; b=KDUwpJ0iv1z3eL4+40E6HBrht6J/r2yNHh0d5oyFFYe0kgF+oAp49vUfIPGNq+H44q CH13JkYY7zk/O89v6ah8Een8GuWx1dRBHYMUizHnUDRmYJqgPomrK0MZZQG3HZ8Nd6PO VSOVpcnm2/TEl8+YeE+ZBqlOHEI6Ems/4BqNIUNnmVW4J1ny8CP5uwPtdzp1iOWcF4Bm N9wQG2PsvBn6GY5KzKT4RKWhQJa7m9pNqaW7kavMGvRQ4DiATPG4cO+tmrTN9EPtYlH4 o4etyXBdt4uKxLgocLbq79t1v9iO0ZRNV7Y07CmK0jpx4TvwM4aC/8wnq4CgMhuOId3b KlgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772822031; x=1773426831; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=s7jmQ7t19NNlusbg+JR0Kp4wrlDhk2kdkBl+WqXOF3U=; b=cT7aZvigXVRdn4XWgIKakXnPnvbirVTJ90CTLmfKmVcIXcC+3QWjxc5r1QH1m0i1Wt vAVsZG3kPqXCCqXcnde/21bvCLz+eJg0BcAVxkpM7aM72F1gsg27jZIn3YJ9DOB4q1fE 6Xg/rzRHyTpi11vslUe/2CBytNAegG2yNNU3aLU1Sqqw0copab2rZnI2Sd7p3RZRi5Rr EkXq+3fVixWe4Cffpzm4ZxLucL9o0Mbo9gTg4qoNH7PPhT+Nc1zAVN9DW755i4mkmYOh teqjvngsuwNtHPAs4MVduT8A2TrSi+JEzmKx2o+5gzA6DNtMA0Aktu0/WaViwL8We+Ci CTBw== X-Gm-Message-State: AOJu0Ywy9B7oNSDXX6UzmsQztBmHFICOb+s1U7Zknswk9ebYvcoJJFvo taExEANRkMSiSki4J9CoMGm5qHTbi8dqwKxpqsheAcuy+XGWzs2/QrKXRM1Xeg== X-Gm-Gg: ATEYQzwrRY/xoRCTwF/o/wfjQkfMSdSJ8DfUlC9g99LelB8/dne8a6jXZ0Z1pge4q5x RUlJ1zSU4mCf4aNYWuxKU+xSkjJIwgw1gHmI3ein78/41w9agil5x1+MfbT1oFJ6lCVFjm40xbD zra2L4AUJT1ScaT0etEsuYEkX97VF/+AN9NoY3OZT5CqRSjwim9Qb6zvKrialVORdJfi8D1pSE8 /+08dCNxqZo46UPSGcs49P6IzGzc5tt5t48OThMfZ0VxqKl+569H4RQ5Cdv0BywgPM0B9IyIIuk oDYQWIhjsMcGDvJIJOCk1/iOU5frLJQZh3+ITBAShzE0Ir6PlOV2FJmna6VmtBxojo4hNfeaynY zcl5th+6R1q05pCPYDR0RDWFFP02YrTRFaT8woFgcNJ1RG+A4FrnXaWOSTqkaeiOBf63G5064GY AqO6wsrPFOJbkOB3+EByj9vNSe0ZYrq74= X-Received: by 2002:a05:6000:2313:b0:439:af49:38c8 with SMTP id ffacd0b85a97d-439da35f658mr5394830f8f.18.1772822030556; Fri, 06 Mar 2026 10:33:50 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-439dae4b860sm5846929f8f.36.2026.03.06.10.33.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 10:33:50 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 4/6] python3-pillow: patch CVE-2026-25990 Date: Fri, 6 Mar 2026 19:33:45 +0100 Message-ID: <20260306183347.1014705-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260306183347.1014705-1-skandigraun@gmail.com> References: <20260306183347.1014705-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 18:33:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124920 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25990 Backport the patch referenced by the NVD advisory. Note that the patch contain some new binary test data, which requires "git" PATCHTOOL - other tools fail to apply binary patches. All ptests passed successfully: Testsuite summary TOTAL: 5011 PASS: 4577 SKIP: 431 XFAIL: 3 FAIL: 0 XPASS: 0 ERROR: 0 DURATION: 59 END: /usr/lib/python3-pillow/ptest 2026-03-06T17:58 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Gyorgy Sarvari --- .../python3-pillow/CVE-2026-25990.patch | 151 ++++++++++++++++++ .../python/python3-pillow_12.0.0.bb | 5 + 2 files changed, 156 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-pillow/CVE-2026-25990.patch diff --git a/meta-python/recipes-devtools/python/python3-pillow/CVE-2026-25990.patch b/meta-python/recipes-devtools/python/python3-pillow/CVE-2026-25990.patch new file mode 100644 index 0000000000..e2c12b7b24 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pillow/CVE-2026-25990.patch @@ -0,0 +1,151 @@ +From 829bd7b5c533e3a58d6f0a0ef4f001ea2605b784 Mon Sep 17 00:00:00 2001 +From: Andrew Murray <3112309+radarhere@users.noreply.github.com> +Date: Wed, 11 Feb 2026 10:24:50 +1100 +Subject: [PATCH] Fix OOB Write with invalid tile extents (#9427) + +Co-authored-by: Eric Soroos + +CVE: CVE-2026-25990 +Upstream-Status: Backport [https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa] +Signed-off-by: Gyorgy Sarvari +--- + Tests/images/psd-oob-write-x.psd | Bin 0 -> 1126 bytes + Tests/images/psd-oob-write-y.psd | Bin 0 -> 1126 bytes + Tests/images/psd-oob-write.psd | Bin 0 -> 37212 bytes + Tests/test_file_psd.py | 17 +++++++++++++++++ + Tests/test_imagefile.py | 7 +++++++ + src/decode.c | 3 ++- + src/encode.c | 3 ++- + 7 files changed, 28 insertions(+), 2 deletions(-) + create mode 100644 Tests/images/psd-oob-write-x.psd + create mode 100644 Tests/images/psd-oob-write-y.psd + create mode 100644 Tests/images/psd-oob-write.psd + +diff --git a/Tests/images/psd-oob-write-x.psd b/Tests/images/psd-oob-write-x.psd +new file mode 100644 +index 0000000000000000000000000000000000000000..86359f4cb7e826a69a8e69a4b85947498ec18923 +GIT binary patch +literal 1126 +zcma)5J!lkB5dL=WC-F>3z$=1SY;juU8Wp`VZp09|z;cO@XbSh|ZgXUJ@7TRX4pIuX +z0SkW`qZT&S+FIBOg5VE`wTL!~HWJqFz0GA0$%PEez3@QFhrkNP +zAuvV#TGJPoazEr{TAAgkKpC9EmzOT6P~@#DuSJ +zUAwN0ePiq~9H(A1?WlXnFzSMFu>5&1Gvi%VuLMjIY_sPYVGiO`^5AHhE<`36}Q +zS#8*4Tt){zOv#6s0b?jxZ==?^v(ltY=s@91lKeUijNJuxx0B@W<0RRA0^~jeuY!!< +z*#T<5Y2VIll}EtTZQ#Z0%x2vKUfuy_K6TB|l>Z~PO>MP+pU;5FHQ>ZspmZbc8-2o$ +zryqb7_Nx8{c<>N7<1+X9h9@HB$WwFjZhIlIc)`9T +z6kgJL@)8%N^RTLn0liQ+`%UH?s%V)+x7mhM3JvQ>aRNJcNX=y?XE}2!cN#o<;Pc=tauOPS24s{WiA%d1_AHZ7(DiFOZT@ +z1~9EBFYiTZJFF^Wz(S#J_M6N(Qqe4Z1=LwlA5GSi`m##ox9j~=340;B^S{69u$O-T +DuU)5R + +literal 0 +HcmV?d00001 + +diff --git a/Tests/images/psd-oob-write.psd b/Tests/images/psd-oob-write.psd +new file mode 100644 +index 0000000000000000000000000000000000000000..65a4472cf263a94277952c06903709afb0c8213f +GIT binary patch +literal 37212 +zcmeI!I|{-;5CG8e2f;Js6jo_XXCVk)LDH$<2|S2L%6V+#=3`?OM1sW|nCvc@* +zMR_>JEc#fa;nZao?RL4W`O0t5&U7$GptyKKZoln@|5fB*pk1ildPmiYor +z3jqQI2oNCfHv$oNL4W`O0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N +z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+ +t009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+0D&I~yZ}A8uQLDu + +literal 0 +HcmV?d00001 + +diff --git a/Tests/test_file_psd.py b/Tests/test_file_psd.py +index 38a88cd17..63db7b26a 100644 +--- a/Tests/test_file_psd.py ++++ b/Tests/test_file_psd.py +@@ -184,3 +184,20 @@ def test_layer_crashes(test_file: str) -> None: + assert isinstance(im, PsdImagePlugin.PsdImageFile) + with pytest.raises(SyntaxError): + im.layers ++ ++ ++@pytest.mark.parametrize( ++ "test_file", ++ [ ++ "Tests/images/psd-oob-write.psd", ++ "Tests/images/psd-oob-write-x.psd", ++ "Tests/images/psd-oob-write-y.psd", ++ ], ++) ++def test_bounds_crash(test_file: str) -> None: ++ with Image.open(test_file) as im: ++ assert isinstance(im, PsdImagePlugin.PsdImageFile) ++ im.seek(im.n_frames) ++ ++ with pytest.raises(ValueError): ++ im.load() +diff --git a/Tests/test_imagefile.py b/Tests/test_imagefile.py +index 7dfb3abf9..2ef9fe2b9 100644 +--- a/Tests/test_imagefile.py ++++ b/Tests/test_imagefile.py +@@ -169,6 +169,13 @@ class TestImageFile: + with pytest.raises(ValueError, match="Tile offset cannot be negative"): + im.load() + ++ @pytest.mark.parametrize("xy", ((-1, 0), (0, -1))) ++ def test_negative_tile_extents(self, xy: tuple[int, int]) -> None: ++ im = Image.new("1", (1, 1)) ++ fp = BytesIO() ++ with pytest.raises(SystemError, match="tile cannot extend outside image"): ++ ImageFile._save(im, fp, [ImageFile._Tile("raw", xy + (1, 1), 0, "1")]) ++ + def test_no_format(self) -> None: + buf = BytesIO(b"\x00" * 255) + +diff --git a/src/decode.c b/src/decode.c +index 051623ed4..7ec461c0e 100644 +--- a/src/decode.c ++++ b/src/decode.c +@@ -186,7 +186,8 @@ _setimage(ImagingDecoderObject *decoder, PyObject *args) { + state->ysize = y1 - y0; + } + +- if (state->xsize <= 0 || state->xsize + state->xoff > (int)im->xsize || ++ if (state->xoff < 0 || state->xsize <= 0 || ++ state->xsize + state->xoff > (int)im->xsize || state->yoff < 0 || + state->ysize <= 0 || state->ysize + state->yoff > (int)im->ysize) { + PyErr_SetString(PyExc_ValueError, "tile cannot extend outside image"); + return NULL; +diff --git a/src/encode.c b/src/encode.c +index b1d0181e0..117bf2164 100644 +--- a/src/encode.c ++++ b/src/encode.c +@@ -254,7 +254,8 @@ _setimage(ImagingEncoderObject *encoder, PyObject *args) { + state->ysize = y1 - y0; + } + +- if (state->xsize <= 0 || state->xsize + state->xoff > im->xsize || ++ if (state->xoff < 0 || state->xsize <= 0 || ++ state->xsize + state->xoff > im->xsize || state->yoff < 0 || + state->ysize <= 0 || state->ysize + state->yoff > im->ysize) { + PyErr_SetString(PyExc_SystemError, "tile cannot extend outside image"); + return NULL; diff --git a/meta-python/recipes-devtools/python/python3-pillow_12.0.0.bb b/meta-python/recipes-devtools/python/python3-pillow_12.0.0.bb index 4db5db1572..34b462ca4f 100644 --- a/meta-python/recipes-devtools/python/python3-pillow_12.0.0.bb +++ b/meta-python/recipes-devtools/python/python3-pillow_12.0.0.bb @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a1b708da743e3fc0e5c35e92daac0bf8" SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=main;protocol=https;tag=${PV} \ file://0001-support-cross-compiling.patch \ + file://CVE-2026-25990.patch \ " SRCREV = "693df7b42c666f88c719f9973be0ad71607328e0" @@ -65,3 +66,7 @@ CVE_PRODUCT = "pillow" RPROVIDES:${PN} += "python3-imaging" BBCLASSEXTEND = "native" + +# CVE-2026-25990.patch in SRC_URI contains a binary blob, which needs to +# be applied with git +PATCHTOOL = "git" From patchwork Fri Mar 6 18:33:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82723 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01006FCC05D for ; Fri, 6 Mar 2026 18:33:57 +0000 (UTC) Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1713.1772822033015128089 for ; Fri, 06 Mar 2026 10:33:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=XJH/7NQT; spf=pass (domain: gmail.com, ip: 209.85.221.43, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-439d8df7620so760878f8f.0 for ; Fri, 06 Mar 2026 10:33:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772822031; x=1773426831; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7splaOwqNKY65616X3CZiCA5GV2+QGdoAifYhhK2BXw=; b=XJH/7NQTwsx7VR7FNt/awwKE2UiLPjBDRjo04VUJKAtM48Ni63K9zC2M4bqppPbw8I VQfPd9vFx3P6Q6C6GlKB1HCGrwNVPCqmNR4T3wl+a6CM39rkcIwxnN/PySf1XoMI1beQ e+T94k2dZeDwANc9Au2hGb6WGzWMgW1PiTAxTSLhlihgFiPiqxTFjtQcKfIRjEu5Wqyu SDts5503nii1wO4gt2XquzzNryPQxL7EUguv9vpc6H2xGZEFgQ/ONDnv21joinjTC9JZ 4uj0/hOETpGj73G0i0gd6/Z7d0Mr0htfQHupcsfwRCCDfnWdOXe90Vrb55d2xWhTdje3 t5yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772822031; x=1773426831; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=7splaOwqNKY65616X3CZiCA5GV2+QGdoAifYhhK2BXw=; b=KmMiGBSoh+yKZrxT5d3fDd5y8tk+hPrCiBb91VLgGfGoun4JjOf4XhNtWwocZAz292 EnkeAeZZnwCso2cxS+sV8cnXWEcagxbLX7dVh6MuX/NmMqPykWze2Q5DMFpLWXnQ4lCb bSn3OdtXom1Sb56TwY2lNSUcoTRyLbSxscmNU4KtrJhwmnjZKUpjsr46Ft9grE8piV5o ljy0Y4K/O952O5PR8MHheCXzzV7yi8yKiKS9u/JCYtEokwUteOWBJb8E8WmyEE5i+1Cz txKpFBgxaDo95nJxpVXt8nLiNviH1M9H54mUpCYtB6bHt8OTW0A2vGUHgfqqVQfumvf1 njhA== X-Gm-Message-State: AOJu0Yzze2KnNDdBSazITmj5s4LHCouEnfZvmEaQkhOUR8pZN34g8gGH EV2zhHsntX/xNJnCmERffxp9KZ8UbjxRNwgSXhFxqZt/l7XoIlVgnFj1kA5ddw== X-Gm-Gg: ATEYQzzZPurO/fTWqMu09Py4qbN4hThbvRVxkdRR4bxCqsEYrCMgCJZ7VWapvrH/0df xYD0OR/OZTONehiGx3n/OPv0Jgf6XirqVOEhzSuFAxC0+ZmJQWVpqIySAHN9w859LLh1sQEEkyp oGsMdFSvOITg5yn8lNcUG3P5e3X7dbPqtHxjlcF7+Q/RpQknN/ny9EVmTBxm6NYv+IjMmQHDzDP VnLSDMg/NKQccBzz065Lnw51zhfguJ6BP70Prb85uMyKQGZBpac/0PqUz0bUR3uaoZHXQgb2dVG mJUn9ijK7DjgRpTPqtPJmQYqkfuYRvMmSPnNo4Lgn0HXBR4i6zsrWIPoPIF7jLy0H/AAFZAWI3K WVbbWtS8OTY9iD3FnZOI0D+RaA630ZWZXeC4Td64HLv/Knu13/g9i4X6CiJmDC7TBjjAtsgKxe2 AjOYQdT8oapZ68y3SWiIGj X-Received: by 2002:a05:6000:310c:b0:439:b636:1fa4 with SMTP id ffacd0b85a97d-439da8951damr5557799f8f.48.1772822031285; Fri, 06 Mar 2026 10:33:51 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-439dae4b860sm5846929f8f.36.2026.03.06.10.33.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 10:33:50 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 5/6] streamripper: ignore CVE-2020-37065 Date: Fri, 6 Mar 2026 19:33:46 +0100 Message-ID: <20260306183347.1014705-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260306183347.1014705-1-skandigraun@gmail.com> References: <20260306183347.1014705-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 18:33:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124921 Details: https://nvd.nist.gov/vuln/detail/CVE-2020-37065 The vulnerability is about a 3rd party Windows-only GUI frontend for the streamripper library, and not for the CLI application that the recipe builds. Due to this ignore this CVE. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj (cherry picked from commit 1571c1a8e5e876db9db744d0a3e3256ac585242b) Signed-off-by: Gyorgy Sarvari --- .../recipes-multimedia/streamripper/streamripper_1.64.6.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-multimedia/recipes-multimedia/streamripper/streamripper_1.64.6.bb b/meta-multimedia/recipes-multimedia/streamripper/streamripper_1.64.6.bb index 6014326826..1600d9d3ef 100644 --- a/meta-multimedia/recipes-multimedia/streamripper/streamripper_1.64.6.bb +++ b/meta-multimedia/recipes-multimedia/streamripper/streamripper_1.64.6.bb @@ -30,3 +30,5 @@ EXTRA_OECONF += "\ # the included argv library needs this CPPFLAGS:append = " -DANSI_PROTOTYPES" + +CVE_STATUS[CVE-2020-37065] = "cpe-incorrect: the vulnerability is about a Windows frontend, not the CLI" From patchwork Fri Mar 6 18:33:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 82725 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40984FCC062 for ; Fri, 6 Mar 2026 18:33:57 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.1731.1772822033975103928 for ; Fri, 06 Mar 2026 10:33:54 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=SkuUSmux; spf=pass (domain: gmail.com, ip: 209.85.128.42, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-4807068eacbso80274565e9.2 for ; Fri, 06 Mar 2026 10:33:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772822032; x=1773426832; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=AfE9ubFPhOc7HW3gUXcNT6CanaYuk+6dfad6l/tZKzQ=; b=SkuUSmux1/xy/riOiU9yMO4Ip1Ovw+Peh/5v6rS3cM+4y5ENUaLpeWwjPPnh85Lqhd nyjmeZ1iWvykG/VT5Z1KG1TBTBpalp4ubQxdYVDC/horenAhRtJdcAD/p+SNORtjoapL OaUM8+oArbtZNIT9u7mOKLmkDY1rrxHcKBPA4JEMnWq4lpu1wZfzmCoMwJrdI8MxsMQW z+fYLcYZkpyFFRq4wgZuR3BmXkpH7YobqZ2p8KGES+2SKikbTcz9ni6qACkzhGxD+Vvg xQ4n9I12TZE0M2S7/K6b6+5fHWkV+N7sMOupYZcAvddrExQiCQgYjskSi9me/zxTrOeG q8jQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772822032; x=1773426832; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=AfE9ubFPhOc7HW3gUXcNT6CanaYuk+6dfad6l/tZKzQ=; b=Mq8UKA1NWBK1+atStGNNXmqvf2GbURtfYOYSXD5XGwrnYywMMZmgdcI766py+UFZfy gQg/DPt8iqjZuOgLG1cRA9RKlMXq2wqlSe5758H04pHJReoGy8oa83hF7uEZ1sjzhXRz k7qYFl8M5ePxP9UftwOGO4a3Rxi6Ha15UEvsKuYybSuQogOkzRsmp5tfD35erJWOtq+d eKvl7xtqHJzu7ol5pwtzbHj3O2vuIxYUa24ns93C9FmDNzQJ/LIJyBYuFmGsLp/tWYZ5 05uH4EU4vpd/qbkFkGtBGfgCWHB8d2JUezFImKO14cCbXa2dmGfzmbW/ZPDtHQTn4a6W CcMA== X-Gm-Message-State: AOJu0Yyn3P8uEV3MBKNDsEkP3nCOOMHsvfydT+x8UIsGGH3ieo+Y942l Tp25qRnTvVkuAeKi5lcQGsMqyvLdS0To5GeHGER/HcweioRk9E/S1ydFuymtTg== X-Gm-Gg: ATEYQzwcwa+m/OD+DZSk/HjuN1+a++biHbVNFLaWXaGR2JCtBoZOiLG9DGl8R+kqrev OYKU3DTdzR1DOnNmX3S3Z7dZiMlDGbstE+E2GmEi8vgDKnCpGX7MWWvHZbHjhCG4vqagFoaDJof LZngNcGeyPp03r3PMqMC1xOUXJHOhwoK4yI8poBtnk9ShSNJWcJ/qCyCPfe80t4l7d5UWjmnkEm 4Ykf8SXgSsMXNaa3OcqJi7nCzR1IloxqWtNtow6BFNDq2l2lwP7kgV6vy2ibqQu65UaCD/Rzl0R /cdlqlFF6N1xJ34ES+lgwavhA6WkxAbzp9lT8JQheBk9d8G+v336NQC7eEPj1RzBTIPuPJtgKq3 SEF0yDKfk+fMCpDaBAQBuDqwpP1LcHx246GEZRy893EYOpBou74UzbOSv5g+kp2chCzjIpQT/ug xcskHb1VibC4ASINNzi4+i X-Received: by 2002:a05:600c:198f:b0:477:9a28:b0a4 with SMTP id 5b1f17b1804b1-485268b8dbemr52008235e9.0.1772822032051; Fri, 06 Mar 2026 10:33:52 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-439dae4b860sm5846929f8f.36.2026.03.06.10.33.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 10:33:51 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 6/6] unbound: patch CVE-2025-5994 Date: Fri, 6 Mar 2026 19:33:47 +0100 Message-ID: <20260306183347.1014705-6-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260306183347.1014705-1-skandigraun@gmail.com> References: <20260306183347.1014705-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Mar 2026 18:33:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124922 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-5994 Backport the patch[1] provided by upstream, which is linked in the upstream advisory[2] referenced by the NVD report. Tests passed successfully in a locally prepared ptest image. [1]: https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-5994_2.diff [1]: https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt Signed-off-by: Gyorgy Sarvari --- .../unbound/unbound/CVE-2025-5994.patch | 279 ++++++++++++++++++ .../recipes-support/unbound/unbound_1.22.0.bb | 1 + 2 files changed, 280 insertions(+) create mode 100644 meta-networking/recipes-support/unbound/unbound/CVE-2025-5994.patch diff --git a/meta-networking/recipes-support/unbound/unbound/CVE-2025-5994.patch b/meta-networking/recipes-support/unbound/unbound/CVE-2025-5994.patch new file mode 100644 index 0000000000..84a5a4d37e --- /dev/null +++ b/meta-networking/recipes-support/unbound/unbound/CVE-2025-5994.patch @@ -0,0 +1,279 @@ +From d2d6b068e26ddb213b5e339b31609c89ae634c54 Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari +Date: Fri, 6 Mar 2026 19:09:55 +0100 +Subject: [PATCH] Fix RebirthDay Attack CVE-2025-5994, reported by Xiang Li + from AOSP Lab Nankai University. + +This patch was taken from https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt, +but it is identical to the one mentioned in the Upstream-Status. + +CVE: CVE-2025-5994 +Upstream-Status: Backport [https://github.com/NLnetLabs/unbound/commit/5bf82f246481098a6473f296b21fc1229d276c0f] +Signed-off-by: Gyorgy Sarvari +--- + edns-subnet/subnetmod.c | 152 ++++++++++++++++++++++++++++++++++++---- + edns-subnet/subnetmod.h | 4 ++ + 2 files changed, 142 insertions(+), 14 deletions(-) + +diff --git a/edns-subnet/subnetmod.c b/edns-subnet/subnetmod.c +index ead720f3..c5e215b8 100644 +--- a/edns-subnet/subnetmod.c ++++ b/edns-subnet/subnetmod.c +@@ -51,6 +51,7 @@ + #include "services/cache/dns.h" + #include "util/module.h" + #include "util/regional.h" ++#include "util/fptr_wlist.h" + #include "util/storage/slabhash.h" + #include "util/config_file.h" + #include "util/data/msgreply.h" +@@ -155,7 +156,8 @@ int ecs_whitelist_check(struct query_info* qinfo, + + /* Cache by default, might be disabled after parsing EDNS option + * received from nameserver. */ +- if(!iter_stub_fwd_no_cache(qstate, &qstate->qinfo, NULL, NULL, NULL, 0)) { ++ if(!iter_stub_fwd_no_cache(qstate, &qstate->qinfo, NULL, NULL, NULL, 0) ++ && sq->ecs_client_in.subnet_validdata) { + qstate->no_cache_store = 0; + } + +@@ -522,6 +524,69 @@ common_prefix(uint8_t *a, uint8_t *b, uint8_t net) + return !memcmp(a, b, n) && ((net % 8) == 0 || a[n] == b[n]); + } + ++/** ++ * Create sub request that looks up the query. ++ * @param qstate: query state ++ * @param sq: subnet qstate ++ * @return false on failure. ++ */ ++static int ++generate_sub_request(struct module_qstate *qstate, struct subnet_qstate* sq) ++{ ++ struct module_qstate* subq = NULL; ++ uint16_t qflags = 0; /* OPCODE QUERY, no flags */ ++ int prime = 0; ++ int valrec = 0; ++ struct query_info qinf; ++ qinf.qname = qstate->qinfo.qname; ++ qinf.qname_len = qstate->qinfo.qname_len; ++ qinf.qtype = qstate->qinfo.qtype; ++ qinf.qclass = qstate->qinfo.qclass; ++ qinf.local_alias = NULL; ++ ++ qflags |= BIT_RD; ++ if((qstate->query_flags & BIT_CD)!=0) { ++ qflags |= BIT_CD; ++ valrec = 1; ++ } ++ ++ fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); ++ if(!(*qstate->env->attach_sub)(qstate, &qinf, qflags, prime, valrec, ++ &subq)) { ++ return 0; ++ } ++ if(subq) { ++ /* It is possible to access the subquery module state. */ ++ if(sq->ecs_client_in.subnet_source_mask == 0 && ++ edns_opt_list_find(qstate->edns_opts_front_in, ++ qstate->env->cfg->client_subnet_opcode)) { ++ subq->no_cache_store = 1; ++ } ++ } ++ return 1; ++} ++ ++/** ++ * Perform the query without subnet ++ * @param qstate: query state ++ * @param sq: subnet qstate ++ * @return module state ++ */ ++static enum module_ext_state ++generate_lookup_without_subnet(struct module_qstate *qstate, ++ struct subnet_qstate* sq) ++{ ++ verbose(VERB_ALGO, "subnetcache: make subquery to look up without subnet"); ++ if(!generate_sub_request(qstate, sq)) { ++ verbose(VERB_ALGO, "Could not generate sub query"); ++ qstate->return_rcode = LDNS_RCODE_FORMERR; ++ qstate->return_msg = NULL; ++ return module_finished; ++ } ++ sq->wait_subquery = 1; ++ return module_wait_subquery; ++} ++ + static enum module_ext_state + eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) + { +@@ -557,14 +622,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) + * is still useful to put it in the edns subnet cache for + * when a client explicitly asks for subnet specific answer. */ + verbose(VERB_QUERY, "subnetcache: Authority indicates no support"); +- if(!sq->started_no_cache_store) { +- lock_rw_wrlock(&sne->biglock); +- update_cache(qstate, id); +- lock_rw_unlock(&sne->biglock); +- } +- if (sq->subnet_downstream) +- cp_edns_bad_response(c_out, c_in); +- return module_finished; ++ return generate_lookup_without_subnet(qstate, sq); + } + + /* Purposefully there was no sent subnet, and there is consequently +@@ -589,14 +647,14 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) + !common_prefix(s_out->subnet_addr, s_in->subnet_addr, + s_out->subnet_source_mask)) + { +- /* we can not accept, restart query without option */ ++ /* we can not accept, perform query without option */ + verbose(VERB_QUERY, "subnetcache: forged data"); + s_out->subnet_validdata = 0; + (void)edns_opt_list_remove(&qstate->edns_opts_back_out, + qstate->env->cfg->client_subnet_opcode); + sq->subnet_sent = 0; + sq->subnet_sent_no_subnet = 0; +- return module_restart_next; ++ return generate_lookup_without_subnet(qstate, sq); + } + + lock_rw_wrlock(&sne->biglock); +@@ -795,6 +853,9 @@ ecs_edns_back_parsed(struct module_qstate* qstate, int id, + } else if(sq->subnet_sent_no_subnet) { + /* The answer can be stored as scope 0, not in global cache. */ + qstate->no_cache_store = 1; ++ } else if(sq->subnet_sent) { ++ /* Need another query to be able to store in global cache. */ ++ qstate->no_cache_store = 1; + } + + return 1; +@@ -812,6 +873,32 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, + strmodulevent(event)); + log_query_info(VERB_QUERY, "subnetcache operate: query", &qstate->qinfo); + ++ if(sq && sq->wait_subquery_done) { ++ /* The subquery lookup returned. */ ++ if(sq->ecs_client_in.subnet_source_mask == 0 && ++ edns_opt_list_find(qstate->edns_opts_front_in, ++ qstate->env->cfg->client_subnet_opcode)) { ++ if(!sq->started_no_cache_store && ++ qstate->return_msg) { ++ lock_rw_wrlock(&sne->biglock); ++ update_cache(qstate, id); ++ lock_rw_unlock(&sne->biglock); ++ } ++ if (sq->subnet_downstream) ++ cp_edns_bad_response(&sq->ecs_client_out, ++ &sq->ecs_client_in); ++ /* It is a scope zero lookup, append edns subnet ++ * option to the querier. */ ++ subnet_ecs_opt_list_append(&sq->ecs_client_out, ++ &qstate->edns_opts_front_out, qstate, ++ qstate->region); ++ } ++ sq->wait_subquery_done = 0; ++ qstate->ext_state[id] = module_finished; ++ qstate->no_cache_store = sq->started_no_cache_store; ++ qstate->no_cache_lookup = sq->started_no_cache_lookup; ++ return; ++ } + if((event == module_event_new || event == module_event_pass) && + sq == NULL) { + struct edns_option* ecs_opt; +@@ -822,6 +909,8 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, + } + + sq = (struct subnet_qstate*)qstate->minfo[id]; ++ if(sq->wait_subquery) ++ return; /* Wait for that subquery to return */ + + if((ecs_opt = edns_opt_list_find( + qstate->edns_opts_front_in, +@@ -851,6 +940,14 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, + /* No clients are interested in result or we could not + * parse it, we don't do client subnet */ + sq->ecs_server_out.subnet_validdata = 0; ++ if(edns_opt_list_find(qstate->edns_opts_front_in, ++ qstate->env->cfg->client_subnet_opcode)) { ++ /* aggregated this deaggregated state */ ++ qstate->ext_state[id] = ++ generate_lookup_without_subnet( ++ qstate, sq); ++ return; ++ } + verbose(VERB_ALGO, "subnetcache: pass to next module"); + qstate->ext_state[id] = module_wait_module; + return; +@@ -891,6 +988,14 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, + } + lock_rw_unlock(&sne->biglock); + } ++ if(sq->ecs_client_in.subnet_source_mask == 0 && ++ edns_opt_list_find(qstate->edns_opts_front_in, ++ qstate->env->cfg->client_subnet_opcode)) { ++ /* client asked for resolution without edns subnet */ ++ qstate->ext_state[id] = generate_lookup_without_subnet( ++ qstate, sq); ++ return; ++ } + + sq->ecs_server_out.subnet_addr_fam = + sq->ecs_client_in.subnet_addr_fam; +@@ -927,6 +1032,8 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, + qstate->ext_state[id] = module_wait_module; + return; + } ++ if(sq && sq->wait_subquery) ++ return; /* Wait for that subquery to return */ + /* Query handed back by next module, we have a 'final' answer */ + if(sq && event == module_event_moddone) { + qstate->ext_state[id] = eval_response(qstate, id, sq); +@@ -975,10 +1082,27 @@ subnetmod_clear(struct module_qstate *ATTR_UNUSED(qstate), + } + + void +-subnetmod_inform_super(struct module_qstate *ATTR_UNUSED(qstate), +- int ATTR_UNUSED(id), struct module_qstate *ATTR_UNUSED(super)) ++subnetmod_inform_super(struct module_qstate *qstate, int id, ++ struct module_qstate *super) + { +- /* Not used */ ++ struct subnet_qstate* super_sq = ++ (struct subnet_qstate*)super->minfo[id]; ++ log_query_info(VERB_ALGO, "subnetcache inform_super: query", ++ &super->qinfo); ++ super_sq->wait_subquery = 0; ++ super_sq->wait_subquery_done = 1; ++ if(qstate->return_rcode != LDNS_RCODE_NOERROR || ++ !qstate->return_msg) { ++ super->return_msg = NULL; ++ super->return_rcode = LDNS_RCODE_SERVFAIL; ++ return; ++ } ++ super->return_rcode = LDNS_RCODE_NOERROR; ++ super->return_msg = dns_copy_msg(qstate->return_msg, super->region); ++ if(!super->return_msg) { ++ log_err("subnetcache: copy response, out of memory"); ++ super->return_rcode = LDNS_RCODE_SERVFAIL; ++ } + } + + size_t +diff --git a/edns-subnet/subnetmod.h b/edns-subnet/subnetmod.h +index 1ff8a23e..3893820f 100644 +--- a/edns-subnet/subnetmod.h ++++ b/edns-subnet/subnetmod.h +@@ -102,6 +102,10 @@ struct subnet_qstate { + int started_no_cache_store; + /** has the subnet module been started with no_cache_lookup? */ + int started_no_cache_lookup; ++ /** Wait for subquery that has been started for nonsubnet lookup. */ ++ int wait_subquery; ++ /** The subquery waited for is done. */ ++ int wait_subquery_done; + }; + + void subnet_data_delete(void* d, void* ATTR_UNUSED(arg)); diff --git a/meta-networking/recipes-support/unbound/unbound_1.22.0.bb b/meta-networking/recipes-support/unbound/unbound_1.22.0.bb index c35148b77e..4903371f1e 100644 --- a/meta-networking/recipes-support/unbound/unbound_1.22.0.bb +++ b/meta-networking/recipes-support/unbound/unbound_1.22.0.bb @@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5308494bc0590c0cb036afd781d78f06" SRC_URI = "git://github.com/NLnetLabs/unbound.git;protocol=https;branch=master \ file://run-ptest \ file://0001-fix-build-with-gcc-15-Wbuiltin-declaration-mismatch-.patch \ + file://CVE-2025-5994.patch \ " # 17 commits after 1.22.0 tag: