From patchwork Sun Apr 5 12:49:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85258 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4444BE6401D for ; Sun, 5 Apr 2026 12:49:37 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.34410.1775393370190419839 for ; Sun, 05 Apr 2026 05:49:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=YOfogWOC; spf=pass (domain: gmail.com, ip: 209.85.214.178, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-2ad9516a653so15385365ad.0 for ; Sun, 05 Apr 2026 05:49:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775393369; x=1775998169; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=/mAdxyZWunOnjStdqiE1W/bTPzf8iFzHSPB6ltvP4kg=; b=YOfogWOCJrZCwjNS9Or6MJ9w37WmF+PZoO7F5MMewGScKZmeF86UbLVlOrsLfazW6u D9s76PKs4q7aNBqPbSTLWwrprcL3ZPO2Ij6qPllalReuw28pht4x/OzWtCNssqoynrwS 9Wc52BYLeMj3+3pqIdPWEJ5ejwfIh3e9e9WCAvy99Um7Bo8xUNlsyzJ/e69v8oMF/Ern 2oGurpaW6VFh88+4R9o/zmURCigT3mpfaZp38a0P/Im8f/2wqn2xpbyEOGevxlE5C5mn xsQ36Qa5WeTuzaM/oVzTSPyxjjaXPh5wY+S84OqV6wiJWV8viV6w+Du/5ZBqbExQfQYf SobQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775393369; x=1775998169; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=/mAdxyZWunOnjStdqiE1W/bTPzf8iFzHSPB6ltvP4kg=; b=XvhowgrNNlOQovYwjyarsBBL4YcpDcuKdcz3IjwWv9xkEkN4aw1hoIqIw75GqkCEAq 7CJ+23UUjPtCpS97KSt+FQ4mnD33mlVfN7ANm6tJbw8DNUIiHnG1hiuH6L8JMAW4rY1H ERD5N/nJTJq2PQBFAr0pBKsu8HEQfj1JLpql7oyb96wlqgKfic2L8hrq9/aotO2Fz4WG /gZra3GenuXRhNaXI6z7F8H6lRzquz1TPt+q9lyr88L/FlEVHsvrd8yRyDvTGRlngOSu POOFMvlrYdYN3DJVQaONQpTbeQg3VQkbtmOWBEvYgfMYpBoSwZ+dwLQJefycCX82Cy+z Tbmg== X-Gm-Message-State: AOJu0YyDimzUT9fTJs9MiF0iMUVmXd8pluGovh9xmfKWJcR0ZUn1DBvJ PR6Y45VkCRlFR88H4OzY0X/ByJeSVtppIMXWADfRfVXQO4fQ3bO9ZqyjizAxjfvxDoM= X-Gm-Gg: AeBDieu3HiBOtBVZDnjNcF8rThQn+k6oeHqrNSOmOGuDDaDN3/HoRpLq33Bh+Y5NWOe bZI6KpvNwSw0uXtr/PGK/4Z21E9kXaudmSbzER527N4+B1B7ZZn2KdVAHSkzLFJxR8FKsyX1Nhd PTcxiDnqw/pa2NplDtRUOce2A0Yq2aUU14O1WfHufF2oCc4gCB/WSaTfpew+OyR9b3ro9baKdh/ HrV6XNLSZrkJg+DTJphMu8p23upNE26noRRiVKFp+I52rvqm7H0/K4aD6lxktTQ2sBJswxzhAtH hurGpOGRwPbZN0mjzuH28aRLQXxiIafyOHd6T4dkoD5MqpyYAs0OmRMVnYC5VJ6Vzb3hanfPzmf LmHHZPiZxJcCBA/+KLYEU1jQlGrD7hEwHy3kbfHp/1/Qq7OaE6vahvLLdclw/skEZYZL4O7oQpA VRKWg/1cKwoB9030JUVxAlv3D3unzIXk4inW4= X-Received: by 2002:a17:902:cf05:b0:2b0:6a22:5159 with SMTP id d9443c01a7336-2b28164cfd5mr90913035ad.1.1775393369313; Sun, 05 Apr 2026 05:49:29 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([167.103.127.14]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b27477736dsm106828025ad.24.2026.04.05.05.49.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 05:49:28 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-multimedia][whinlatter][PATCH 1/14] libde265: patch CVE-2026-33165 Date: Mon, 6 Apr 2026 00:49:03 +1200 Message-ID: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 05 Apr 2026 12:49:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126000 From: Ankur Tyagi Backport the commit mentioned in the NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33165 Signed-off-by: Ankur Tyagi --- .../libde265/libde265/CVE-2026-33165.patch | 45 +++++++++++++++++++ .../libde265/libde265_1.0.16.bb | 1 + 2 files changed, 46 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2026-33165.patch diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2026-33165.patch b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2026-33165.patch new file mode 100644 index 0000000000..3606c78078 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2026-33165.patch @@ -0,0 +1,45 @@ +From 9e8560a1b01bf066aaada3c19205170d93047766 Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Sun, 15 Mar 2026 22:58:39 +0100 +Subject: [PATCH] fix reallocation of metadata array when ctb size changes + (thanks to Ana K.) + +(cherry picked from commit c7891e412106130b83f8e8ea8b7f907e9449b658) + +CVE: CVE-2026-33165 +Upstream-Status: Backport [https://github.com/strukturag/libde265/commit/c7891e412106130b83f8e8ea8b7f907e9449b658] +Signed-off-by: Ankur Tyagi +--- + libde265/image.cc | 5 +++-- + libde265/image.h | 2 +- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/libde265/image.cc b/libde265/image.cc +index fdc80fc2..1387f78d 100644 +--- a/libde265/image.cc ++++ b/libde265/image.cc +@@ -455,8 +455,9 @@ de265_error de265_image::alloc_image(int w,int h, enum de265_chroma c, + + // CTB info + +- if (ctb_info.width_in_units != sps->PicWidthInCtbsY || +- ctb_info.height_in_units != sps->PicHeightInCtbsY) ++ if (ctb_info.width_in_units != sps->PicWidthInCtbsY || ++ ctb_info.height_in_units != sps->PicHeightInCtbsY || ++ ctb_info.log2unitSize != sps->Log2CtbSizeY) + { + delete[] ctb_progress; + +diff --git a/libde265/image.h b/libde265/image.h +index 3779580c..6fc34c71 100644 +--- a/libde265/image.h ++++ b/libde265/image.h +@@ -149,7 +149,7 @@ template class MetaDataArray + // private: + DataUnit* data; + int data_size; +- int log2unitSize; ++ uint8_t log2unitSize; + int width_in_units; + int height_in_units; + }; diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.16.bb b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.16.bb index 2676de5c2e..5024c56831 100644 --- a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.16.bb +++ b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.16.bb @@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f" SRC_URI = "git://github.com/strukturag/libde265.git;branch=master;protocol=https;tag=v${PV} \ file://CVE-2025-61147.patch \ + file://CVE-2026-33165.patch \ " SRCREV = "7ba65889d3d6d8a0d99b5360b028243ba843be3a" From patchwork Sun Apr 5 12:49:04 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85256 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51D81E8537F for ; Sun, 5 Apr 2026 12:49:37 +0000 (UTC) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.34594.1775393372624607314 for ; Sun, 05 Apr 2026 05:49:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=euHpKIJ8; spf=pass (domain: gmail.com, ip: 209.85.214.170, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-2b0c8362d93so19685545ad.3 for ; Sun, 05 Apr 2026 05:49:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775393372; x=1775998172; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pYgSUryH4iNd3rH88XPcsYmTLZYJG7hSYltHLZb1XQo=; b=euHpKIJ8pvgTQ3vBg5cuMmSysZrRhusro2QB2+Om629BsvPSWRGXdbElyj+uYuZp1v PVsCHpYzL9yAX73aJtE7vNR3JamRu+sLTHdZlouo7SWz45RSD2HWkwR7PGzUmeZYbhXu 8DYyCBk+hat1XrCt8sr2HsC+xvW3vMGCmZgW2Mj7OBioViuS7lDXuke1k/v4WmeCdXCZ Z+zq+QMgA3/7M9eUfl7vKR1M3bWlcmCH2k0oz40VsMigJXaCleWdHwURBFSt7Oi4HSHW haY+QmSUFRP1K/Q4tiCNI55SQh7LsHxaM2vOO3R65ERf7887J6fXbx31UjRKOwi2K5kO a5KQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775393372; x=1775998172; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=pYgSUryH4iNd3rH88XPcsYmTLZYJG7hSYltHLZb1XQo=; b=bREpMKl1SFhUjV5aFrS5uLeqwiF0rOSRaaFe6I/Iai+oXXJ4cuJz5bcoCjsb/O9cFA N0L11NLNtmPKQLkbK0TrrAeL6wAL1eXSgNC1yVnVaj2HbWWX7KcK8LB/Ftrzq7NzKPno AinHleXyqIh/t6oSNjnsWpXFV2itqlYJ0WgGxtvj6x3IiaxYjykEv7P+ay4J4O8a55iB TVkqsy9A/lMny7tmJWLxVH8KuGRp1IZF8EGrwQzLZqRdaxkwSxmpYTSUzilIWqEVwGuE WwZt9wrc0QvT8I5oHNonV2DLwGxpePhwYtSWYUdrUbJ2b2kzL21UyqVOCdvEMUiEWeiD 8RKg== X-Gm-Message-State: AOJu0YzI7iAHbgCuwayDTsCf7TIjkcSfRNd+XA9OYKyWrfv3WMFyVmo9 FizQbtlgKThF9OvxaMl5yfx0n6aEPVThIxFjtSzjEKKFWXeihBV8xf6AAV54NfT+G/A= X-Gm-Gg: AeBDietzCA1RjAdhSbCb6dJg0BM6fVQFXvG2hqoJPQfMF4A+NLzkdjzcZiqeiha72YM 82LrYup8nTFMU5eIw+tHBrAyFWEC5Zvbs4TvAIRAxtKJCt0MzChIXJvavZ+AO7rudV8RvnFvKtX +UkyhGyLESo9bJ7CabceyXdQe5I8x5qf3wlchq35en4DLbMH1OSdSDItcK2lVgkIjuYAr3O1app p6bu+nBoFUKtKXbisjtm+VhLpHIAtPcC6E5UlCDqRvxJgvNWEvIODHrR159s5KlNpHHS+O+IKD9 evH9rLB9F5TaRoHA6tdgoEVpy7gPHl7A4qde9FfesgCJCH7UsKxqdGLnIe1dzgGIOaLLzXugbhC xcR4fmsgVH1PT1lsXMZEMjUx13/SVOzrmA5TDbDIGiskYNHqMntJzbZ4xnT4bcUZSaYbyLlQSsV C/tffvc4xEMuaH4J8zyyYXdxzeUJ7kkU/N3og= X-Received: by 2002:a17:903:f8d:b0:2b2:52a9:555a with SMTP id d9443c01a7336-2b281715be8mr95506115ad.7.1775393371731; Sun, 05 Apr 2026 05:49:31 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([167.103.127.14]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b27477736dsm106828025ad.24.2026.04.05.05.49.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 05:49:31 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 2/14] wolfssl: patch CVE-2026-0819 Date: Mon, 6 Apr 2026 00:49:04 +1200 Message-ID: <20260405124916.2881008-2-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> References: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 05 Apr 2026 12:49:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126001 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0819 Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2026-0819.patch | 31 +++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-0819.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-0819.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-0819.patch new file mode 100644 index 0000000000..0594a8e03f --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-0819.patch @@ -0,0 +1,31 @@ +From ce42215d0dd20742b378211671117db4e6f7e729 Mon Sep 17 00:00:00 2001 +From: Reda Chouk +Date: Thu, 8 Jan 2026 19:57:24 +0100 +Subject: [PATCH] Increment signedAttribsCount with the right number of + attributes it encoded + +(cherry picked from commit 9c7b58656541e8d31876d7ccd2cd38140b8ffb79) + +CVE: CVE-2026-0819 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/9c7b58656541e8d31876d7ccd2cd38140b8ffb79] +Signed-off-by: Ankur Tyagi +--- + wolfcrypt/src/pkcs7.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c +index a8545ba0a..4ba96c90d 100644 +--- a/wolfcrypt/src/pkcs7.c ++++ b/wolfcrypt/src/pkcs7.c +@@ -2107,6 +2107,11 @@ static int wc_PKCS7_BuildSignedAttributes(wc_PKCS7* pkcs7, ESD* esd, + + /* add custom signed attributes if set */ + if (pkcs7->signedAttribsSz > 0 && pkcs7->signedAttribs != NULL) { ++ word32 availableSpace = MAX_SIGNED_ATTRIBS_SZ - atrIdx; ++ ++ if (pkcs7->signedAttribsSz > availableSpace) ++ return BUFFER_E; ++ + esd->signedAttribsCount += pkcs7->signedAttribsSz; + esd->signedAttribsSz += (word32)EncodeAttributes( + &esd->signedAttribs[atrIdx], (int)esd->signedAttribsCount, diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 78d17630c7..e9be766e67 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -27,6 +27,7 @@ SRC_URI = " \ file://CVE-2025-7394-4.patch \ file://CVE-2025-7394-5.patch \ file://CVE-2025-7394-6.patch \ + file://CVE-2026-0819.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Sun Apr 5 12:49:05 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85257 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 44565E6401E for ; Sun, 5 Apr 2026 12:49:37 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.34414.1775393375112892058 for ; Sun, 05 Apr 2026 05:49:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=gxctR1Xy; spf=pass (domain: gmail.com, ip: 209.85.214.177, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-2b0c8362d93so19685695ad.3 for ; Sun, 05 Apr 2026 05:49:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775393374; x=1775998174; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gGwwgbAk80WYAjssOvvcD2a+YKT0SEeTQZJ7oxs2wP8=; b=gxctR1XyLeigY0u6sBRfIjSFITBCNVabOqhoUiduKi3C6mmJTGcuCkJSq/Mgsbtftk JdLnJhQSdKhAzOmG400QuCDyZqbXGx4P9vRoh3dkiOqGlJAb5CxtmvFVcvTGJidzlIu6 agTjxnJqilGZwHLsNRFc8FL5WFYa5Ty5QqvOeCcPxmLKG7wRaSZobNsV18ukKNA+0bA7 YyVigwmEV77Qtg7HKarEE3gMNzEKh+e8PmH81gAfZdtOsDGIby0z2EID6o9S7DPBOHWu wM9E2eP5C1PMOueLbGtwZ24zr89kMvYSoZDJOJmjXLwBzXKN/46O2msBtdHN5Mo25vVL WRsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775393374; x=1775998174; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=gGwwgbAk80WYAjssOvvcD2a+YKT0SEeTQZJ7oxs2wP8=; b=Hljh8IpDE5I3yvBaho9rZh/fDCHc7rypShtGnLXGnZZbutevA9wPo6tuqP8IEmvw4I VQBiBdcPzeZM1CIISjhZ6Kr/wwCrNxLpkxDBnOwi/BluNF+7fNehkb4OIL3Ucg6ChY8G YT5TEM8lMbqfXmE3i922AgXYYeHNfKTctb/nHcZaDIQl2/f5lcTnF0H6P4YwuI5NP7OK 04c+6bSQXIbdLlysLXJ6ma7SjBUAsNHNScZL3ss5AzlgnnM0r3E/hjYq6kQel6cwzhw8 8IHEsbkbCFWS79pqYmkMjwM5sEsm3qzpBmgonnNiy9CVMFFFQa3O7TcAYwjGKRZBrU5y b4mA== X-Gm-Message-State: AOJu0YwwabMm5PheViVM9Uua9Q3RosXIaN3GkjkKI9Xyikhvj794IfCW EnwoHPtv/Thr5iwT9jbfEQbR4/7GVoF7MeQVEEnDRYnSj3PVSxdk5BVQEc/G4DVj32U= X-Gm-Gg: AeBDieu0F9EVzgMmLu1y5EozASqG0D0m3YwUEjqVArzkaPKoi3QluhEKquUWPm2VfWj anFXuYzPSc8xk3tnw5d0dB1on/CQfrNQkQIOilq9nQ9kaPuF8xTP7IrkrtSxH03xxt9wBIfQggh BjM+331q7WA8gLu1Lw0by1AoIJ8vpUb6XDeaq0MwO9l5mQ5ZstfBFLpnb/U0pVzjXqbRDUa08az yGHhv8ilqg0AVZ8MX84NAvL/Dv972gizfzIgDxXRmaAw938MF6xMw8M+XJUw1xS4wmD4DLyCjYk 2rqhkqk1uJCHIrD1e47r/ydebVWvA4v1xZ1+bdT8VGPtpneIyccd9mmtTqvqks+XJP0QfZja5Xs wCoAsk2zxyYtLTZNb9UR6Y7fnB6SvWxZAvrgX0v4qQCHwrr3zung31aeVopN5eTbOmUJzHOgCSu +eeh6/MLu5yEgg8Ta3eKumP2JVVwUKVxk66BI= X-Received: by 2002:a17:902:ccc9:b0:2ab:230d:2d96 with SMTP id d9443c01a7336-2b28173ee68mr87266645ad.11.1775393374225; Sun, 05 Apr 2026 05:49:34 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([167.103.127.14]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b27477736dsm106828025ad.24.2026.04.05.05.49.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 05:49:33 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 3/14] wolfssl: patch CVE-2026-2646 Date: Mon, 6 Apr 2026 00:49:05 +1200 Message-ID: <20260405124916.2881008-3-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> References: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 05 Apr 2026 12:49:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126002 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2646 Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2026-2646-1.patch | 39 ++++++++++++++ .../wolfssl/files/CVE-2026-2646-2.patch | 51 +++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 2 + 3 files changed, 92 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-2646-1.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-2646-2.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-2646-1.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-2646-1.patch new file mode 100644 index 0000000000..65daca16eb --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-2646-1.patch @@ -0,0 +1,39 @@ +From 693e9d5e986ac642090331e5f76cfdfd656e3bbc Mon Sep 17 00:00:00 2001 +From: Reda Chouk +Date: Fri, 6 Feb 2026 17:00:42 +0100 +Subject: [PATCH] add missing checks in wolfSSL_d2i_SSL_SESSION + +(cherry picked from commit f94eb68ea36aee271e0645812ec3bb038f43098b) + +CVE: CVE-2026-2646 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/f94eb68ea36aee271e0645812ec3bb038f43098b] +Signed-off-by: Ankur Tyagi +--- + src/ssl_sess.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/ssl_sess.c b/src/ssl_sess.c +index c5e0e682a..75680f1bf 100644 +--- a/src/ssl_sess.c ++++ b/src/ssl_sess.c +@@ -2840,12 +2840,20 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess, + goto end; + } + s->chain.count = data[idx++]; ++ if (s->chain.count > MAX_CHAIN_DEPTH) { ++ ret = BUFFER_ERROR; ++ goto end; ++ } + for (j = 0; j < s->chain.count; j++) { + if (i - idx < OPAQUE16_LEN) { + ret = BUFFER_ERROR; + goto end; + } + ato16(data + idx, &length); idx += OPAQUE16_LEN; ++ if (length > MAX_X509_SIZE) { ++ ret = BUFFER_ERROR; ++ goto end; ++ } + s->chain.certs[j].length = length; + if (i - idx < length) { + ret = BUFFER_ERROR; diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-2646-2.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-2646-2.patch new file mode 100644 index 0000000000..a1dfa8975d --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-2646-2.patch @@ -0,0 +1,51 @@ +From e5a887b643850138d225ec47febf1c117c38464a Mon Sep 17 00:00:00 2001 +From: jordan +Date: Wed, 11 Mar 2026 09:47:15 -0500 +Subject: [PATCH] ssl_sess: check fields in wolfSSL_d2i_SSL_SESSION. + +(cherry picked from commit 0a99a08b0f196cad1cd35e2261465c5d5f080739) + +CVE: CVE-2026-2646 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/0a99a08b0f196cad1cd35e2261465c5d5f080739] +Signed-off-by: Ankur Tyagi +--- + src/ssl_sess.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/ssl_sess.c b/src/ssl_sess.c +index 75680f1bf..08b2219ef 100644 +--- a/src/ssl_sess.c ++++ b/src/ssl_sess.c +@@ -2808,6 +2808,10 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess, + ato32(data + idx, &s->bornOn); idx += OPAQUE32_LEN; + ato32(data + idx, &s->timeout); idx += OPAQUE32_LEN; + s->sessionIDSz = data[idx++]; ++ if (s->sessionIDSz > ID_LEN) { ++ ret = BUFFER_ERROR; ++ goto end; ++ } + + /* sessionID | secret | haveEMS | haveAltSessionID */ + if (i - idx < s->sessionIDSz + SECRET_LEN + OPAQUE8_LEN + OPAQUE8_LEN) { +@@ -2890,6 +2894,10 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess, + goto end; + } + ato16(data + idx, &s->idLen); idx += OPAQUE16_LEN; ++ if (s->idLen > SERVER_ID_LEN) { ++ ret = BUFFER_ERROR; ++ goto end; ++ } + + /* ServerID */ + if (i - idx < s->idLen) { +@@ -2905,6 +2913,10 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess, + goto end; + } + s->sessionCtxSz = data[idx++]; ++ if (s->sessionCtxSz > ID_LEN) { ++ ret = BUFFER_ERROR; ++ goto end; ++ } + + /* app session context ID */ + if (i - idx < s->sessionCtxSz) { diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index e9be766e67..5db019c9cb 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -28,6 +28,8 @@ SRC_URI = " \ file://CVE-2025-7394-5.patch \ file://CVE-2025-7394-6.patch \ file://CVE-2026-0819.patch \ + file://CVE-2026-2646-1.patch \ + file://CVE-2026-2646-2.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Sun Apr 5 12:49:06 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85260 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70AEBE88D7B for ; Sun, 5 Apr 2026 12:49:47 +0000 (UTC) Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.34415.1775393377721767112 for ; Sun, 05 Apr 2026 05:49:37 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=a4+KpiNn; spf=pass (domain: gmail.com, ip: 209.85.214.176, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-2b2494440f3so10938535ad.2 for ; Sun, 05 Apr 2026 05:49:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775393377; x=1775998177; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=u8/LkhxR17hDe3Bx1O0XJO6XIl9zVEMQh0M7MOcM6os=; b=a4+KpiNnbYhNcBLnxbrAMaQQTt/9rnROb+366mJLClh1U6mrfREuMM2FaT5FrdnBgQ FydWQNisP3J3wzmDwaNBq/16ntU4Pshz/+dKR1FXbp8uJELxQEjAKBpJH4z1zr7fw067 tfFcYVeCyDiVFoMk910CarimNgT4811xJAgpBh+bhy7HgUZjWd1AvOXbEMwXvnaeVfp8 qU5AN6izkgqCAdbGKgrJ7bYfuphZA63VUdXGKt7C/krNbxZCh33HWTRM50s70QvuHke9 YrBAmo83wmR830OgTnfw+RdesDyxsYSQrdVhHOGVvsxugGBi46vvfOFzadYHUwW04tgt Ys9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775393377; x=1775998177; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=u8/LkhxR17hDe3Bx1O0XJO6XIl9zVEMQh0M7MOcM6os=; b=AQYLgH28fLEeef7I0OrzpxtVPLNdjByJWjqgVsp7DrCJxq4YPDsdX8AVIdmQrhm/KK 5XABRPQcJ4jCYTQV59BRBhTxOrUBH7VmVA3qVyPqXfBmxpX1SAaMSxtvCIXcNttLfF7Z a/Q2nGrYL303h9RMzKiwEc4IDJqUR6gQGOD3Xf90KWOQW5uYWUtc0b+yhamAQEdCb2Rl 2tGofI4eHiTRgd7pbN8RoQ9hNMZ3kkBbVrWAJki8M6fvQsGNQVMmiT+ZMpVi+JtOJa0S OqeD/fN5lUW++evKtw7LPmxQNSFk8KfFzEpHN6gIakTbK2MKDLy72TTlHljgJX09gD+T rvEQ== X-Gm-Message-State: AOJu0YxULOwmqsEymT4Ekeltfrzuu3ziwdh7wCSTMW2ef6JryUnsxYAu 5R84Eg+J4xNjf7pTT0xleXbZwv86cYi+ihRA8ZgHHrLHnfwIxAFOy9u6v1+V/R/xmlU= X-Gm-Gg: AeBDiesCWID7vZAQz4mNik9G3SkjCY1R+1mi0ew5Zyk+LS2j1FATBMrSNqRWAa9vpH6 MDyKXEt4wWSnNB29qgxMIhRvTlaaiR0xnINjDCnTK7iljHHz3DW2J74BNMX9T3q6wxISmH2gWFm o3tG3q9RGfY37ETX6TAiFpMSTI6Zo4p1GqzNh0/1b3bbarLFJgmpa2OTmSDWi9s9SyK/Ph6zJru 5x/n325vM+hUvgcuZDUTj56kxcNviv26FXsz7YwJkc6NtyKX1F30fQQv54R+LqfWvqicOV/JxDK Q23fNcKHk6j9q95+mzZ1tOgSF9cmdr32obj+jOgEEL1PD15/mXjUNYhcKMw2nUt+3GO3FI1zwFR y4JSmEYjjX+WFePNi6JhbsqY4yOCx3bGqa/Xb9DgglppEwmH2lxneHggSPa2MDmGuMJT93YFa8u rsrv5xXhnIPm1mSqnnUMQQT+5JXdDWTLDnkmA= X-Received: by 2002:a17:903:f86:b0:2b0:64c4:34a0 with SMTP id d9443c01a7336-2b28163bb0dmr98362705ad.10.1775393376821; Sun, 05 Apr 2026 05:49:36 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([167.103.127.14]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b27477736dsm106828025ad.24.2026.04.05.05.49.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 05:49:36 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 4/14] wolfssl: ptach CVE-2026-3229 Date: Mon, 6 Apr 2026 00:49:06 +1200 Message-ID: <20260405124916.2881008-4-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> References: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 05 Apr 2026 12:49:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126003 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3229 Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2026-3229-1.patch | 104 ++++++++++++++++++ .../wolfssl/files/CVE-2026-3229-2.patch | 42 +++++++ .../wolfssl/files/CVE-2026-3229-3.patch | 28 +++++ .../wolfssl/wolfssl_5.8.0.bb | 3 + 4 files changed, 177 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3229-1.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3229-2.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3229-3.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3229-1.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3229-1.patch new file mode 100644 index 0000000000..e442028146 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3229-1.patch @@ -0,0 +1,104 @@ +From 136f9cd0250a6f5d24cdda95118ae4e8eed23dd7 Mon Sep 17 00:00:00 2001 +From: Eric Blankenhorn +Date: Tue, 24 Feb 2026 09:27:42 -0600 +Subject: [PATCH] Fix cert chain size issue + +(cherry picked from commit 2ae3164c6f2db5fdd9f7a6be344e068cd3264bde) + +CVE: CVE-2026-3229 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/2ae3164c6f2db5fdd9f7a6be344e068cd3264bde] +Signed-off-by: Ankur Tyagi +--- + src/ssl_load.c | 8 +++++++- + tests/api.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 59 insertions(+), 1 deletion(-) + +diff --git a/src/ssl_load.c b/src/ssl_load.c +index d803b4093..54e1a3095 100644 +--- a/src/ssl_load.c ++++ b/src/ssl_load.c +@@ -4773,7 +4773,13 @@ static int wolfssl_add_to_chain(DerBuffer** chain, int weOwn, const byte* cert, + /* Get length of previous chain. */ + len = oldChain->length; + } +- /* Allocate DER buffer bug enough to hold old and new certificates. */ ++ /* Check for integer overflow in size calculation. */ ++ if ((len > WOLFSSL_MAX_32BIT - CERT_HEADER_SZ) || ++ (certSz > WOLFSSL_MAX_32BIT - CERT_HEADER_SZ - len)) { ++ WOLFSSL_MSG("wolfssl_add_to_chain overflow"); ++ return 0; ++ } ++ /* Allocate DER buffer big enough to hold old and new certificates. */ + ret = AllocDer(&newChain, len + CERT_HEADER_SZ + certSz, CERT_TYPE, heap); + if (ret != 0) { + WOLFSSL_MSG("AllocDer error"); +diff --git a/tests/api.c b/tests/api.c +index a8449cc71..02da904f2 100644 +--- a/tests/api.c ++++ b/tests/api.c +@@ -5262,6 +5262,57 @@ static int test_wolfSSL_CTX_add1_chain_cert(void) + return EXPECT_RESULT(); + } + ++/* Test that wolfssl_add_to_chain rejects sizes that would overflow word32. ++ * ZD #21241 */ ++static int test_wolfSSL_add_to_chain_overflow(void) ++{ ++ EXPECT_DECLS; ++#if !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \ ++ defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_TLS) && \ ++ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_FILESYSTEM) ++ WOLFSSL_CTX* ctx = NULL; ++ WOLFSSL_X509* x509 = NULL; ++ DerBuffer* fakeChain = NULL; ++ ++ ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); ++ ++ /* Load a real cert so ctx->certificate is set (first add goes there). */ ++ ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file( ++ "./certs/intermediate/client-int-cert.pem", WOLFSSL_FILETYPE_PEM)); ++ ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1); ++ wolfSSL_X509_free(x509); ++ x509 = NULL; ++ ++ /* Now ctx->certificate is set, next add goes to certChain via ++ * wolfssl_add_to_chain. Fake a chain whose length is near UINT32_MAX ++ * so the size calculation (len + CERT_HEADER_SZ + certSz) overflows. */ ++ fakeChain = (DerBuffer*)XMALLOC(sizeof(DerBuffer) + 16, ctx->heap, ++ DYNAMIC_TYPE_CERT); ++ ExpectNotNull(fakeChain); ++ if (EXPECT_SUCCESS()) { ++ XMEMSET(fakeChain, 0, sizeof(DerBuffer) + 16); ++ fakeChain->buffer = (byte*)(fakeChain + 1); ++ fakeChain->length = WOLFSSL_MAX_32BIT - 2; /* will overflow with any cert */ ++ fakeChain->type = CERT_TYPE; ++ fakeChain->dynType = DYNAMIC_TYPE_CERT; ++ /* Replace the real chain with our fake one. */ ++ if (ctx->certChain != NULL) { ++ XFREE(ctx->certChain, ctx->heap, DYNAMIC_TYPE_CERT); ++ } ++ ctx->certChain = fakeChain; ++ } ++ ++ /* Try to add another cert - this MUST fail due to overflow guard. */ ++ ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file( ++ "./certs/intermediate/ca-int2-cert.pem", WOLFSSL_FILETYPE_PEM)); ++ ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 0); ++ wolfSSL_X509_free(x509); ++ ++ wolfSSL_CTX_free(ctx); ++#endif ++ return EXPECT_RESULT(); ++} ++ + static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void) + { + EXPECT_DECLS; +@@ -67594,6 +67645,7 @@ TEST_CASE testCases[] = { + TEST_DECL(test_wolfSSL_CTX_load_verify_buffer_ex), + TEST_DECL(test_wolfSSL_CTX_load_verify_chain_buffer_format), + TEST_DECL(test_wolfSSL_CTX_add1_chain_cert), ++ TEST_DECL(test_wolfSSL_add_to_chain_overflow), + TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_buffer_format), + TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_file_format), + TEST_DECL(test_wolfSSL_use_certificate_chain_file), diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3229-2.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3229-2.patch new file mode 100644 index 0000000000..e382dd5542 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3229-2.patch @@ -0,0 +1,42 @@ +From 62ab2c90ac6ad82a7586224096a73f84beac64c3 Mon Sep 17 00:00:00 2001 +From: Eric Blankenhorn +Date: Tue, 24 Feb 2026 11:17:42 -0600 +Subject: [PATCH] Fix from review + +(cherry picked from commit 8f787909da890e5830a9a6f73d3c4ff0d9bd7da9) + +CVE: CVE-2026-3229 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/8f787909da890e5830a9a6f73d3c4ff0d9bd7da9] +Signed-off-by: Ankur Tyagi +--- + src/ssl_load.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/src/ssl_load.c b/src/ssl_load.c +index 54e1a3095..8533d9a12 100644 +--- a/src/ssl_load.c ++++ b/src/ssl_load.c +@@ -4777,14 +4777,17 @@ static int wolfssl_add_to_chain(DerBuffer** chain, int weOwn, const byte* cert, + if ((len > WOLFSSL_MAX_32BIT - CERT_HEADER_SZ) || + (certSz > WOLFSSL_MAX_32BIT - CERT_HEADER_SZ - len)) { + WOLFSSL_MSG("wolfssl_add_to_chain overflow"); +- return 0; +- } +- /* Allocate DER buffer big enough to hold old and new certificates. */ +- ret = AllocDer(&newChain, len + CERT_HEADER_SZ + certSz, CERT_TYPE, heap); +- if (ret != 0) { +- WOLFSSL_MSG("AllocDer error"); + res = 0; + } ++ if (res == 1) { ++ /* Allocate DER buffer big enough to hold old and new certificates. */ ++ ret = AllocDer(&newChain, len + CERT_HEADER_SZ + certSz, CERT_TYPE, ++ heap); ++ if (ret != 0) { ++ WOLFSSL_MSG("AllocDer error"); ++ res = 0; ++ } ++ } + + if (res == 1) { + if (oldChain != NULL) { diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3229-3.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3229-3.patch new file mode 100644 index 0000000000..44c7960d35 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3229-3.patch @@ -0,0 +1,28 @@ +From a64133c8e0ec3463d9fffc9a2f95c48f3e7be24a Mon Sep 17 00:00:00 2001 +From: Eric Blankenhorn +Date: Tue, 24 Feb 2026 12:43:46 -0600 +Subject: [PATCH] Fix issue from review + +(cherry picked from commit 5536ecf026151f1cdc80f6908fe8820e798dcd58) + +CVE: CVE-2026-3229 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/5536ecf026151f1cdc80f6908fe8820e798dcd58] +Signed-off-by: Ankur Tyagi +--- + tests/api.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tests/api.c b/tests/api.c +index 02da904f2..9dc92e84a 100644 +--- a/tests/api.c ++++ b/tests/api.c +@@ -5301,6 +5301,9 @@ static int test_wolfSSL_add_to_chain_overflow(void) + } + ctx->certChain = fakeChain; + } ++ else { ++ XFREE(fakeChain, ctx ? ctx->heap : NULL, DYNAMIC_TYPE_CERT); ++ } + + /* Try to add another cert - this MUST fail due to overflow guard. */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file( diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 5db019c9cb..7c46c01ff0 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -30,6 +30,9 @@ SRC_URI = " \ file://CVE-2026-0819.patch \ file://CVE-2026-2646-1.patch \ file://CVE-2026-2646-2.patch \ + file://CVE-2026-3229-1.patch \ + file://CVE-2026-3229-2.patch \ + file://CVE-2026-3229-3.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Sun Apr 5 12:49:07 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85261 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B73BE88D96 for ; Sun, 5 Apr 2026 12:49:47 +0000 (UTC) Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.34596.1775393380380411567 for ; Sun, 05 Apr 2026 05:49:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=Jlthf+z2; spf=pass (domain: gmail.com, ip: 209.85.215.172, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-c757a9251faso957699a12.1 for ; Sun, 05 Apr 2026 05:49:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775393379; x=1775998179; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mUzaJAB7eAv47mYcHr5XLRdkmFVNOSR213DT0dJMN0A=; b=Jlthf+z2zAU/ydz1UJ6a/v8SJSQjYQSnKpvuSMd+gKM+veTHN7A9r0G+nT/HZ11PWc CiODQMcZxZ/W2Z1FJmubRhTpNnN0w83U57cvStydYK0eLujmdXgnlWp+oK5b+PUq9uXn sL4HOSrZp+PSvgjYStVM1UQxIA+qpCt2366mIm3JPr9Gi0nL2IW1eA8eG1Psm8di7zw0 9c5UM9W5/3rSZBaz09PckEOsPUga4PDSDQDwK18t1kr1Is36DH66CBrNr30ZGlEzWiwN 9uOPnZULFit5Xrcdm1ACFQd2ao0HYWn9z/P9fpfyW9tPL23c0fKjo4IxovWQBngv6CQj ccJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775393379; x=1775998179; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=mUzaJAB7eAv47mYcHr5XLRdkmFVNOSR213DT0dJMN0A=; b=ZIjkeNBWcHZZWmgaqpmh1n4M+mUUCFQFQebhAUfHUPsj09iowX99TXkxADQSe+/AVX SUKMdMM5WJ3Q1Suyh7BUK3RlDytfepRvcuw4am7vFNwFfKPE2LczS7sptcQFXmp/5YBs g7BRpNQHVYQiEWeI3HOkWo2OarWkpkTKcg2Hb6L9vMkA1qRqkJFQujxY3PQJ/3NJq4/x WLEim78ieZh/K1EzARHw7JtFjY7mnHe2vadlD1grCtogCZdIkPePjawwct/srOM3KkBT vpSmNRXEtTyBUewqCVPMYqLugNJrYRmfsad5KIN+aXcure9O7At9vwfeX6eKf/mTx+MP TOXw== X-Gm-Message-State: AOJu0Yw3uBJihn3kD1zdEPWp23XBRkMLsuj+4BqBrf1LWKO7MWchTqT1 l7lEgOmG7sS6aiLNZ6v9kKsS8wZOW8qqL+G6yQu0arskzh8+DiNokGxQ6pax65f88Sk= X-Gm-Gg: AeBDietojMpI/2XD2LqM8qxXAKuZuLTcGoafNHMjGey71XLKZam+S+uBsqOeZzT1bMR XVT67UN9DmIj7EWfYhNGZa6j/cTyPiY8xCpYK79kW4WnfjV4cIWM+qSMxQFAe/6btIf8cNJpVcS Db/8q0URp6GllZQ45mTz+JFIMUxoJFwxVbfiSY1DUTfQT6evWtNjBYEUsQoZZB/QuHdeqH6niAt +73Bdc/fxaxTVe4AOOiZCcXJxCDbD08CxglgkVVGunlAF2hcW9YHaO22ja8yu+w8GC+s6F9uIKc L+aybCdYmVk0Urf6VLPQBGZs8hNHTBsrgk+BV43rjbS7KACbK8Xhl1ZafPb4yJjFTBPjPGhB4aC lrZAj9YD4Sa5E3bJIOENmQnz34x9AkjlNKQ5jlpyMHnm4pPYSirgN1rsbMMKt7Jr0cgUfO/WOQ0 O6M0P13MUzvWkTYkeycyP60A31T9JOrZ932q4= X-Received: by 2002:a17:903:384c:b0:2b2:65db:8c5f with SMTP id d9443c01a7336-2b28176a464mr92488295ad.27.1775393379543; Sun, 05 Apr 2026 05:49:39 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([167.103.127.14]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b27477736dsm106828025ad.24.2026.04.05.05.49.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 05:49:39 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 5/14] wolfssl: patch CVE-2026-3230 Date: Mon, 6 Apr 2026 00:49:07 +1200 Message-ID: <20260405124916.2881008-5-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> References: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 05 Apr 2026 12:49:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126004 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3230 Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2026-3230.patch | 69 +++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 1 + 2 files changed, 70 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3230.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3230.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3230.patch new file mode 100644 index 0000000000..4d03dfdf75 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3230.patch @@ -0,0 +1,69 @@ +From 015a4cec9f19221c79dbbeef3a92cf297d633a65 Mon Sep 17 00:00:00 2001 +From: Juliusz Sosinowicz +Date: Mon, 9 Feb 2026 17:14:24 +0100 +Subject: [PATCH] Add check for KeyShare in ServerHello + +Fixes ZD21171 + +CVE: CVE-2026-3230 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/f798a585d9dc57f7c42a90e693d8f0aa8a241e52] +Signed-off-by: Ankur Tyagi +--- + src/tls.c | 2 ++ + src/tls13.c | 3 ++- + tests/api.c | 2 +- + wolfssl/internal.h | 1 + + 4 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/tls.c b/src/tls.c +index 4f57ea938..8552e8daf 100644 +--- a/src/tls.c ++++ b/src/tls.c +@@ -9774,6 +9774,8 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, + if (length < OPAQUE16_LEN) + return BUFFER_ERROR; + ++ ssl->options.shSentKeyShare = 1; ++ + /* The data is the named group the server wants to use. */ + ato16(input, &group); + +diff --git a/src/tls13.c b/src/tls13.c +index 6efe44640..538cde030 100644 +--- a/src/tls13.c ++++ b/src/tls13.c +@@ -5590,7 +5590,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + ssl->options.pskNegotiated == 0 && + #endif +- ssl->session->namedGroup == 0) { ++ (ssl->session->namedGroup == 0 || ++ ssl->options.shSentKeyShare == 0)) { + return EXT_MISSING; + } + +diff --git a/tests/api.c b/tests/api.c +index 9dc92e84a..1abb7f836 100644 +--- a/tests/api.c ++++ b/tests/api.c +@@ -64055,7 +64055,7 @@ static int test_TLSX_CA_NAMES_bad_extension(void) + + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + #ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS +- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(OUT_OF_ORDER_E)); ++ ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(EXT_MISSING)); + #else + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(BUFFER_ERROR)); + #endif +diff --git a/wolfssl/internal.h b/wolfssl/internal.h +index dd191fb1a..c89ab5931 100644 +--- a/wolfssl/internal.h ++++ b/wolfssl/internal.h +@@ -5107,6 +5107,7 @@ struct Options { + #if defined(HAVE_DANE) + word16 useDANE:1; + #endif /* HAVE_DANE */ ++ word16 shSentKeyShare:1; /* SH sent with key share */ + word16 disableRead:1; + #ifdef WOLFSSL_DTLS + byte haveMcast; /* using multicast ? */ diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 7c46c01ff0..bec2764ad1 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -33,6 +33,7 @@ SRC_URI = " \ file://CVE-2026-3229-1.patch \ file://CVE-2026-3229-2.patch \ file://CVE-2026-3229-3.patch \ + file://CVE-2026-3230.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Sun Apr 5 12:49:08 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85262 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F292E88D7D for ; Sun, 5 Apr 2026 12:49:47 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.34416.1775393383079601599 for ; Sun, 05 Apr 2026 05:49:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=RTX2PtVm; spf=pass (domain: gmail.com, ip: 209.85.214.180, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-2b24fdac394so32465725ad.3 for ; Sun, 05 Apr 2026 05:49:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775393382; x=1775998182; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=WZMQE3P1FgUpIHv7muKUU2rBTcBepat4/0EBe4xFN5k=; b=RTX2PtVmxxne6LjmlJiGeYMfIblBqoWSvejJV9hL68kcDrEiloS8qHzjF6ExPTh64R 1h6+pgUCGN/QXSrz+d/6ID2wQvaoSHQeOvl0OlKNX8IjXU8W4c5+m8XUmGklCIXz1AVe KwotFlq95jRTCMNrUzbCRV7csu6Ugz8hJe3TJieaW7Homs0IAGaF0TBU+tFMZOWw2GeU Z4rzd3dkFIVPK123DQ5a33YL3FE6FEEnfu6L+mkv7+woqVu5wmUX9OcQ3bMn94iaDs3R gZpUAf3MLMzvjx7gmZIP+yQQ+3upFgQYYDgIhCKa81RydDL4gmierHSGSqaOe+I52A8M MwLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775393382; x=1775998182; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=WZMQE3P1FgUpIHv7muKUU2rBTcBepat4/0EBe4xFN5k=; b=glnVj66lYOVv3ru4f8Rc9lcgL9pVhZAACiXw/Fivz015MfZzrsi97MQ6wa+Ex1laji x2O9fAHB/5cf7z2NEHqNbCSnH4vj9q1zseAOD5y1oEjJp+WBIZkYYlCwYCcTNfdGBkig i3ahVttqtiQm43SloTfV61B4+nPm5Vd+25iPqeYxx6d4CdiAZAJvg0/ggj+fPqd00tZD E7uMsDjJdmol8TzugbNsMUOcoOaRO4byXTOwfBw2LUOpgnEwFcDZiLiqiGY22NplGv/l n1iCj+KvLTh2/dTCMWpdLE4e4iDD8x8xDRN7bBAWHjfu7JzwwGzS5+GXLDOwTmPl7Kt7 hhXg== X-Gm-Message-State: AOJu0YxewSgtSOwdrj4h06x1PqaT0aDC1OlSQUS/Abd8NndBm4nSyC3z XBuoGeC5batiLdql4c9xJE+hSPVsrWygaRxLlvW7faxt47RkFfDZkWb1dDgke1TA4Yg= X-Gm-Gg: AeBDiesLBNJ+rMP81Zs6lq4pCU5xsISuFXz5H47L4JJHwLO1gwywFAPQ6I+JvN8W1MQ wPcE38yio2/hKOUrwrDDNylHsdrwsnjiGJUG/vTvL60RTQwlt4nh9dvIcu50qFl2ewP4Yn+8zMH nXtATSnBtN+DYL14y6tXvga2Gv+iTyEcI0eAFzhBf3x21XaBAX+SaKMy/rgXRvior3iO/9gMc4O bXSKGOijf20sGd1M6Zm7VmeTRTT056HUk5gxqqwBsEId56ojtrKwOH7CZ7cIOHZAn4RilXn4GQK 5qzMOF+pwMQ900n1NDYHUWkeQ2Owlg2J4RqhqGNy4dvye3+2kmiMR3GPAKee5ZGG6nPCdfcZ2J6 sHgHAaJrilgOkWc5q7WGTzlJfIG3c1bMEBA7AtBcuDNuvHkIxvvpKBIuBtH8OxuL6ZS9CKUt2PC dEl1kSRhl+MIJgqs7HP0uoZ1fowG2ZR8pr4ck= X-Received: by 2002:a17:902:7243:b0:2b2:42f8:1a45 with SMTP id d9443c01a7336-2b2817eae99mr69010825ad.39.1775393382332; Sun, 05 Apr 2026 05:49:42 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([167.103.127.14]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b27477736dsm106828025ad.24.2026.04.05.05.49.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 05:49:41 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 6/14] wolfssl: patch CVE-2026-3547 Date: Mon, 6 Apr 2026 00:49:08 +1200 Message-ID: <20260405124916.2881008-6-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> References: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 05 Apr 2026 12:49:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126005 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3547 Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2026-3547.patch | 30 +++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3547.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3547.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3547.patch new file mode 100644 index 0000000000..e7e4f5de53 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3547.patch @@ -0,0 +1,30 @@ +From 2539e3b925481db1da9791ac2a75c98cf8a7c989 Mon Sep 17 00:00:00 2001 +From: Anthony Hu +Date: Wed, 4 Mar 2026 07:00:26 -0500 +Subject: [PATCH] Fix for loop exit condition. + +size should be length. s includes offset, so it must be compared against +length, not size because size is only what is after offset. + +(cherry picked from commit 9d3cc6e30c778b124002cc45b7974d718b6649fd) + +CVE: CVE-2026-3547 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/9d3cc6e30c778b124002cc45b7974d718b6649fd] +Signed-off-by: Ankur Tyagi +--- + src/tls.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tls.c b/src/tls.c +index 8552e8daf..290d4b49d 100644 +--- a/src/tls.c ++++ b/src/tls.c +@@ -1923,7 +1923,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, const byte *input, word16 length, + return BUFFER_ERROR; + + /* validating length of entries before accepting */ +- for (s = input + offset; (s - input) < size; s += wlen) { ++ for (s = input + offset; (s - input) < length; s += wlen) { + wlen = *s++; + if (wlen == 0 || (s + wlen - input) > length) + return BUFFER_ERROR; diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index bec2764ad1..1f5b051d16 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -34,6 +34,7 @@ SRC_URI = " \ file://CVE-2026-3229-2.patch \ file://CVE-2026-3229-3.patch \ file://CVE-2026-3230.patch \ + file://CVE-2026-3547.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Sun Apr 5 12:49:09 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85259 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64203E6401F for ; Sun, 5 Apr 2026 12:49:47 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.34418.1775393385483078249 for ; Sun, 05 Apr 2026 05:49:45 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=hi5UdiDy; spf=pass (domain: gmail.com, ip: 209.85.214.171, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-2b23fcf90b2so30970945ad.3 for ; Sun, 05 Apr 2026 05:49:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775393385; x=1775998185; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=K2tOEYEQGp3/vHKMcLKmR74jNUYSyhKr+5pgcz7+sGI=; b=hi5UdiDyom9ja53ry+ax7+1RI525X0XBVdRZFCh3C29kk6MmKTbh5ALEUrrZcftfBN HZV/tfPCHTQx0U7BP08n3obAe0k+EtRgFT6gg9DoeNokCQCq364RSWrTXhDSs6d/fFaY 7xTeIzPcG7smoKAeUIAFNnFNpznzE7etNQIS0oKc4yzt4RZ8pTyZZZoq0FQoJWrozKw6 rUVEp3FUU9Uk+hg0S10x1xFVnMrwWiCJ1C/l0J4Zi2yl3qUu4iTj+40j/mlDvmqRdBNH jEahB6Mzuf5DT3KULFNz7s3SqraF2djrZY80TN4j4veM8xLVXb0yJAYgRrzt5Ss0TiJl oidQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775393385; x=1775998185; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=K2tOEYEQGp3/vHKMcLKmR74jNUYSyhKr+5pgcz7+sGI=; b=BHJIkCSPY5eu71hiFMtU6NRsnMoEyBMISX+NaBxSE/FCvTEvkyXKVsvKyAkTU7jmi8 FzTSgB2tnuOiU4tRlXiT9HmaFcykVThBtKzU5yX4y+2fbDRv37SqKIc6QdNt5lweI+b5 19YriVDvR9eAuLqgcGw/lAwDk+5c0HV29vQBiHPQKaneiLXMvQtlUNXEWYJq/d9+6cFV s0WdLrdGCuvvKX+ilmNsZp9Bx4dDD6NseTKWA9anhsKDZC9omyyob4GDFDkrJhX78fzc B4o7LkvGIqXBXTILbEmYmvECOoimu9KUOz36R9Ut2rThMgUuIMOLBrF4OFSr+jWkbGVo X8xA== X-Gm-Message-State: AOJu0Yxvi9p/KZcTNVDfhZVmna4qG7s3nRPaV6BddGO5Ynop8K//SKTZ jBumLRyLplO9R+5lio/Nx3OWSMQIuoWIb1978t8W6OWWIfnCxtluhVWbWjEEJjikoM4= X-Gm-Gg: AeBDievWmEgNsEqatqzAfgX3xfw7kk1gdcz43FUB6DzD7Z9WgzKuGrDM7cjsUo4rABs pogF2FxpIoqOh358BL7j4DAbBcjUdLJ2vA0EiDAa6F4YqzK9F4n+/aTKJOaRcsie74ztjwIlDNj 8c/BKMSJKd8MYip2nknOMytfiQpOycSQMsxNu8R/V4vYj9aOi7W0UDp7CJX8VhWVKptDye9+4Ml GAkmEg+96la8A2qz5vZLnUOj3ice3243s0Isy99jNGl/9dm0vqpVkSaFzYA3ts82uv0t4Z9XiiO Im/iJCphOk2HINo9b5E3q1vP2c8tKH0xc/mRjUOIIdaEvHOgjumODvSEs0Cxsbdf+tZDRFRR/7E QIpqIHT0rgzk27zoPY6FbKrPzwxUiESzUmhrqQrLasFV2EVBN2gEguDUlQN+mUc2RDcoKgX4yu7 RcdUsBYKVf7EE4is/7gYE5i3UB9mUDvneJ8OY= X-Received: by 2002:a17:903:1984:b0:2b2:4c58:5ba7 with SMTP id d9443c01a7336-2b2818014c8mr102628815ad.30.1775393384682; Sun, 05 Apr 2026 05:49:44 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([167.103.127.14]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b27477736dsm106828025ad.24.2026.04.05.05.49.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 05:49:44 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 7/14] wolfssl: patch CVE-2026-4159 Date: Mon, 6 Apr 2026 00:49:09 +1200 Message-ID: <20260405124916.2881008-7-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> References: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 05 Apr 2026 12:49:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126006 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-4159 Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2026-4159.patch | 32 +++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4159.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4159.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4159.patch new file mode 100644 index 0000000000..982cbd09af --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4159.patch @@ -0,0 +1,32 @@ +From 4de19e3894e81eeaf3079b1270813d0a2b7fe69c Mon Sep 17 00:00:00 2001 +From: Josh Holtrop +Date: Tue, 10 Mar 2026 17:26:28 -0400 +Subject: [PATCH] Avoid one-byte read outside of allocated encrypted content + buffer in wc_PKCS7_DecodeEnvelopedData() + +(cherry picked from commit d37b51c3cef6897e117364ab8b1a257e52a634c0) + +CVE: CVE-2026-4159 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/d37b51c3cef6897e117364ab8b1a257e52a634c0] +Signed-off-by: Ankur Tyagi +--- + wolfcrypt/src/pkcs7.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c +index 4ba96c90d..e65ddd493 100644 +--- a/wolfcrypt/src/pkcs7.c ++++ b/wolfcrypt/src/pkcs7.c +@@ -12853,6 +12853,12 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, + /* use cached content */ + encryptedContent = pkcs7->cachedEncryptedContent; + encryptedContentSz = (int)pkcs7->cachedEncryptedContentSz; ++ ++ if (encryptedContentSz <= 0) { ++ ret = BUFFER_E; ++ break; ++ } ++ + padLen = encryptedContent[encryptedContentSz-1]; + + /* copy plaintext to output */ diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 1f5b051d16..992591fb90 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -35,6 +35,7 @@ SRC_URI = " \ file://CVE-2026-3229-3.patch \ file://CVE-2026-3230.patch \ file://CVE-2026-3547.patch \ + file://CVE-2026-4159.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Sun Apr 5 12:49:10 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85263 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9C96E88D96 for ; Sun, 5 Apr 2026 12:49:57 +0000 (UTC) Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.34419.1775393388244389464 for ; Sun, 05 Apr 2026 05:49:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=Svzxwdb6; spf=pass (domain: gmail.com, ip: 209.85.214.174, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-2ab39b111b9so13056415ad.1 for ; Sun, 05 Apr 2026 05:49:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775393387; x=1775998187; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=cPq2fiunv/nikCAV0qSNEONRjCmo7cP7lQbstYsblZg=; b=Svzxwdb6dvDdPv3HhY7+fyUFYTaa6GhgkckD6XGC0eCIqjZ64TQq53Es0d90mIrHUP c6vR6S8ejKXhFHB8IDUovWRUs/5FJNRCg5s0tF1zl+ufONrhs0ZJCYWDx5xtuM+NATzU ea5Qd6vonOJIX9Fn0N43PLKETkdOtXV8j2E0mIXM8ZylliqBQGvNamRhfVwQFwdKLtkI J+VXOvzmk49tjrnQ/PeZ2EuKS0N3X9TA0k6Nn5K4pMXijT8nyTCGB1QlR/nMWKQO27Yb uRyvc24sCUVSgzTpX4DmoubihXxkvoSeCLxeyRV5Ppz1+F+P3spqWcE8Td4r99EOYOIU 8k8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775393387; x=1775998187; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=cPq2fiunv/nikCAV0qSNEONRjCmo7cP7lQbstYsblZg=; b=GDtOtc95dVwwbkOwBbYTpa0dgldAAn26auXMUX8/tIi5U+/8ontiXqVPNtLVt7ahSA skbyV7Krlu5wygYkuZ3+pTFjiLJ+zXUAf7exUWjZCqJ7P3J992v+XKFLXOK7FRz4nI1N DD9wADbb//5oqDkbQyw376lrfo8XOnATCQMIeAV5ROobBwXrdSeJG6SMk89nWHhxnnI2 E/l7GRl3vixpBABqy7fi6+VzknBbd1UO2Y3id/e5actGdK35eXgINGOTMCU/RZ2mnvKC 20VZzTx1KsnxUl/x2KrSj3iq8qJ8TIS6h1y0DbCL2ZrWSzZQihyv8Z1k3/JLRjr+8Qkg Jk1g== X-Gm-Message-State: AOJu0YyUQWtJLQ+03orngFggKdHGX8sR6qmkHTY+o4VpEUXx6OxD84vh uMxYmGdZEVxFErb5z7LXNycsdbk6AIyM5105fe+GcDxVX9Um3oQZVEdI1O2pyfH9CM8= X-Gm-Gg: AeBDieuOGAo5BR6cOsziKnFkTkdbMcR8DRiL+uke8H/g5uwthui5KFDcPFa/pvxXBES h6xTKn9mj+9w6ug1Ax4nJ0H47EIIjg7N6KaxoEyLwUXUD5uH83LCqNjpKjGqYeV7Ig1utHdGZ+d KSfLGDX47POp+6RZebK0Xsx1Phg2dITFKl9fHTNL0cx+fM7z3syC0pSrC3EbQML0xVKyIp3FHIH pyqpe1fI/M6VrsleERvRk/PRvLZy1Mgv+jmGg7i4lO1ZHXBSUp3dDRJViu+2xNuRzH+r2nOwlL3 nKNXtg6C8jSxn7QlxU1oxWr+wkZROre8DoSuTYVnjM47k87mpDGA8v55yZuf6RrUzBdXgy2aTO9 z/E+eiCsF0Dd7M7hJnG/giv5kjmllefiGwltIWpu2mC9EAGhzcbK2zM/bnmvWjkM8QG9Jl8XQd9 zXhdHFsGGBmvnkyfZzVUvDrAroHdJj/spSAX0= X-Received: by 2002:a17:903:384f:b0:2b2:4194:9521 with SMTP id d9443c01a7336-2b28176a5d6mr100076185ad.25.1775393387427; Sun, 05 Apr 2026 05:49:47 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([167.103.127.14]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b27477736dsm106828025ad.24.2026.04.05.05.49.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 05:49:46 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 8/14] wolfssl: patch CVE-2026-4395 Date: Mon, 6 Apr 2026 00:49:10 +1200 Message-ID: <20260405124916.2881008-8-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> References: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 05 Apr 2026 12:49:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126007 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-4395 Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2026-4395.patch | 31 +++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4395.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4395.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4395.patch new file mode 100644 index 0000000000..1289e169c4 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4395.patch @@ -0,0 +1,31 @@ +From 6a60f44e056f55f3cdc9d11384e5a5d5d0b1d628 Mon Sep 17 00:00:00 2001 +From: Kareem +Date: Mon, 16 Mar 2026 15:34:18 -0700 +Subject: [PATCH] Check raw pubkey length in wc_ecc_import_x963 before copying + to it for KCAPI case. + +(cherry picked from commit ddc177b669cff9d3c7e1b51751f9df73062b872a) + +CVE: CVE-2026-4395 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/ddc177b669cff9d3c7e1b51751f9df73062b872a] +Signed-off-by: Ankur Tyagi +--- + wolfcrypt/src/ecc.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c +index 1fd30cfd9..dcef45a1c 100644 +--- a/wolfcrypt/src/ecc.c ++++ b/wolfcrypt/src/ecc.c +@@ -10784,7 +10784,10 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, + XMEMCPY(key->pubkey_raw, (byte*)in, inLen); + } + #elif defined(WOLFSSL_KCAPI_ECC) +- XMEMCPY(key->pubkey_raw, (byte*)in, inLen); ++ if (inLen <= (word32)sizeof(key->pubkey_raw)) ++ XMEMCPY(key->pubkey_raw, (byte*)in, inLen); ++ else ++ err = BAD_FUNC_ARG; + #endif + + if (err == MP_OKAY) { diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 992591fb90..a700e8a820 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -36,6 +36,7 @@ SRC_URI = " \ file://CVE-2026-3230.patch \ file://CVE-2026-3547.patch \ file://CVE-2026-4159.patch \ + file://CVE-2026-4395.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Sun Apr 5 12:49:11 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85265 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D209EF3D5E0 for ; Sun, 5 Apr 2026 12:49:57 +0000 (UTC) Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.34600.1775393390965532224 for ; Sun, 05 Apr 2026 05:49:51 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=f6lzczgC; spf=pass (domain: gmail.com, ip: 209.85.216.49, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f49.google.com with SMTP id 98e67ed59e1d1-35c1a131946so2403877a91.0 for ; Sun, 05 Apr 2026 05:49:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775393390; x=1775998190; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ltPYnq9Hk7fgtIFBRRur1ov3hemA9HsPywQxdZr+UrU=; b=f6lzczgCm5Rc7FJweH8oFnIf0oQ8GDH4FHwCfFvo1TSGlLzgxsDnF6mBF8kGlepR3y 7sFExScbQ+8oyVRbPLq0UQppy+rWNavJ5hXaW/7SzD69Pvoy0d5B21+iA2m3B7HOxG3f BNBbro2ixYIceNFMOEi6DizFzGYxuzvpIscWJn9rRfT8+7NoX2vrAO89cOwaVid2sLMe lus/5irrQvpTw+JUf/ZTKvpyy4ADLdWsJ0oEly5WrQwcJ5UxOHAmE120gYygjH3gaaAo Zhzz1kawgWkbJU2tKgXDcB910Dntex720MrpBU1NF50nbe7oW/76tBh+YE6BYyNVtJVZ RrnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775393390; x=1775998190; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ltPYnq9Hk7fgtIFBRRur1ov3hemA9HsPywQxdZr+UrU=; b=DO4bDFGCPCMK+7A5DmM7/Tv5PeTZn9pHGBOGRxVpsxlfOwcSmKAQpA4jsyfUVwL2iq qzSGhkziwcmWht7ir074ann+rKheqNnTlchrhjC4bygg/tJ9N206PpSvOwa7pxlqvGr8 +gv94ZMfmyOzkXWsH3RWY+sY+kScuzkD1pchRbvLNm09wXYp7CSwet8EmFzjFqD7WhzU JKs1ID5jGxJCjOaGajyNJUBG0TmBgWk4/t5HE7xRlb2q0+4xxtm6EU35qb9W1DRWrVrx iR96bpskdVxD8uBxQzSHz1LLXIdI23O++fzmGHWwgDHsGhS8oTn4esFPulfgKjQ8+YN3 8nMg== X-Gm-Message-State: AOJu0YxqYFfMIr3Hc2kKmQX3ibS+CnsXwWE/FdN4yQpKPfXA35/zpknr Oo0usnANzzxjfh3jqqjy5osRchQAw9A7ZZPC/6iQHvPjkIZwe1LSf2/b0HI+7906g20= X-Gm-Gg: AeBDiespxmmfJPpsrh/iJF5Q7fH6ToqkzeoBV7hCIbn5p38ntgFzA7DviUJ7guv6xzO kWBm3UhS16cMCpsOmNaMLXckUEWeywPfnY7pPoOiqOLh1rpLdXYPx1G8rE7uPK1tZeATeU0DeLD 49uB1VBlhFsSM9PIjmYeoA/qd6BZDZqfw6jyUci7V6Jl8MJs47IKgfpUyk5aiG2w0WXbqjogblD E8o9GqDc/tid0KXjyRODu6yGiZwyu3hBy331h+H1JTur9dHjY7HhxhPf9s0N02Udmxz+2inj9QN iSkn4raTt5bBH2erJ5ByBzhh0POcRXwezqVo0FlUQebKxPaLvITF3svop6kwJDWXhvjFMnSXFQt kTpjlsr3Ek4cFU2yG5w9LTAZRJFceIAdq2ZPykdVv5TnZ623l+rZtweDRdAz37eiPIjHOZg4Yjn Lao/O0VE+qtlD43USNm3DZeni1OWjfJxdJSt4= X-Received: by 2002:a17:903:3c47:b0:2b2:6fbf:ea2d with SMTP id d9443c01a7336-2b281bba764mr77028265ad.7.1775393390241; Sun, 05 Apr 2026 05:49:50 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([167.103.127.14]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b27477736dsm106828025ad.24.2026.04.05.05.49.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 05:49:49 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][whinlatter][PATCH 9/14] zabbix: ignore CVE-2026-23919 Date: Mon, 6 Apr 2026 00:49:11 +1200 Message-ID: <20260405124916.2881008-9-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> References: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 05 Apr 2026 12:49:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126008 From: Ankur Tyagi It was fixed since version 7.0.19[1] [1] https://support.zabbix.com/browse/ZBX-27638 Signed-off-by: Ankur Tyagi --- meta-oe/recipes-connectivity/zabbix/zabbix_7.0.19.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_7.0.19.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_7.0.19.bb index 141342c45b..61f6915ea6 100644 --- a/meta-oe/recipes-connectivity/zabbix/zabbix_7.0.19.bb +++ b/meta-oe/recipes-connectivity/zabbix/zabbix_7.0.19.bb @@ -77,3 +77,4 @@ FILES:${PN} += "${libdir}" RDEPENDS:${PN} = "logrotate" CVE_STATUS[CVE-2026-23925] = "fixed-version: fixed since 7.0.18" +CVE_STATUS[CVE-2026-23919] = "fixed-version: fixed since 7.0.19" From patchwork Sun Apr 5 12:49:12 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85266 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C5EFFE88D9E for ; Sun, 5 Apr 2026 12:49:57 +0000 (UTC) Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.34601.1775393393654647542 for ; Sun, 05 Apr 2026 05:49:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=HULe3djT; spf=pass (domain: gmail.com, ip: 209.85.216.49, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f49.google.com with SMTP id 98e67ed59e1d1-35d932cc948so1712709a91.2 for ; Sun, 05 Apr 2026 05:49:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775393393; x=1775998193; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ugh7UrQSoT0YJxTyFFaDPx4/rtBxMUMQ6crFMLVjNy8=; b=HULe3djTWbBORGa6VDuI0/F/5W7Ry3HECF2mErrCGGfnDHueHiuci7wmWUm6kAvvev qmA++FZmEoKkXIfgfUo95PuxFNomqmujXb7Ku0lLUXZWbJPDL5zKs4f+7QoP0izW1B/C RdJJDpx3B5MafDvDetSPOvaVo1WSVNNAASGrjF8uLtRYgvOvbziq3rPMSqzAzigBdm+5 mVgHWUQHc1zkVtheObMFk+04XrYuLHHsl5pQa+q8gNaAVCjWZ7BWcuhkeaNf0eNXEDAs PPoQ1frcprinYX4merqOGK4nH/8VHeaBlKzF3UJ9/UI99yWHpKkCuowUDdwKSCBWH3Mm VO3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775393393; x=1775998193; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Ugh7UrQSoT0YJxTyFFaDPx4/rtBxMUMQ6crFMLVjNy8=; b=IyD1LDgywuZyLbzNcyFgAWEhtyvGPpWdkihw66kT76jGHHmtWxBfr1GCPyqh0rJ3lr xcz+10tJlhuDE5xU5CwxYBYFJT/Nx/zLb5YB0Dd+I0uKSgb91Cu2bHmGhnLWPApMiWD9 Hb8ugm9/3T/wieexqlCuNndTYJw8FdhWgHnrQHSq5wgXhLM5dJzS3n89DhKF8o6dOt2q c2nwo4UDkDHpQTGR1PYHT0EGmxavpupqJ+XwLVkDCqVv67Uw/FX1w8TTKMAba/+6fUwa 9n3WQLOOICztFuk1HfiDNElaaO1cEyXJSSenUAAzyuBRaMpqzVWiGM7LBQ5rQ6bZ6oh5 OL8g== X-Gm-Message-State: AOJu0YxMiLKgLXhpNioRA/mBnDLhgChcCoOu/LkRfllktdNzOBQXf5rt cK0mAw8J8rNHcKYCOlT3yAjhwgJqfQK1y6Wsl/bDT4KmWy7KyJqZMl+4KX3Ad8z89K0= X-Gm-Gg: AeBDietYBNhl0VlenzR9jfokeSa/HGObQKUEUqx51uO3TGE1bOqDPr2L7RDoTMOwfvw oYr6w3ZswKdRfGZHhczsSVpp27lxPxbc0iZyQ+Hm9+e02eTBTCtfagGEDn0gki5zfg2m9Fp9fCQ 8xlgYTI+Z85YJW7g3Y3Xwffc9qVz90+r5UIPGLfjlh3r1J7M5vYv2kgNMj6T8MVoDs/0vxBGWiN jjz0gQ3GAxFmsQEzTyKMTcQV8gxKd9DiDVHB5CU+uQ/d8ovbegrbL/uHQFWXci862WubMy/ilxu Bz8fZ/GaAtSx/3wofHC6xy8SAsE15WRwSr5Xblv9n3SfTHSL+mdCw4voC0UTwh/sE1vgoC/Zci7 V1JMeEvOFL1V8jWgAfE2A0br2jVERgeD9Np2aZ/p+Iz8hJ6Kg+Px9d8kLXCrFWQURmi9tFyNyPQ VPloHE1XZ1Vxe0FUdCQlVyCcu/e2I29e0GVMk= X-Received: by 2002:a17:903:2ac5:b0:2b2:42da:25cc with SMTP id d9443c01a7336-2b28163ad55mr99560545ad.1.1775393392842; Sun, 05 Apr 2026 05:49:52 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([167.103.127.14]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b27477736dsm106828025ad.24.2026.04.05.05.49.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 05:49:52 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][whinlatter][PATCH 10/14] tigervnc: patch CVE-2026-34352 Date: Mon, 6 Apr 2026 00:49:12 +1200 Message-ID: <20260405124916.2881008-10-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> References: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 05 Apr 2026 12:49:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126009 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-34352 Signed-off-by: Ankur Tyagi --- .../tigervnc/files/CVE-2026-34352.patch | 31 +++++++++++++++++++ .../tigervnc/tigervnc_1.15.0.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta-oe/recipes-graphics/tigervnc/files/CVE-2026-34352.patch diff --git a/meta-oe/recipes-graphics/tigervnc/files/CVE-2026-34352.patch b/meta-oe/recipes-graphics/tigervnc/files/CVE-2026-34352.patch new file mode 100644 index 0000000000..5e869af886 --- /dev/null +++ b/meta-oe/recipes-graphics/tigervnc/files/CVE-2026-34352.patch @@ -0,0 +1,31 @@ +From da8952d2c1ebc3bb89c01c2d0d055017348685c0 Mon Sep 17 00:00:00 2001 +From: Pierre Ossman +Date: Tue, 24 Mar 2026 09:52:01 +0100 +Subject: [PATCH] Prevent other users reading x0vncserver screen + +Prevent other users from observing the screen, or modifying what is sent +to the client. Malicious attackers can even crash x0vncserver if they +time the modifications right. + +(cherry picked from commit 0b5cab169d847789efa54459a87659d3fd484393) + +CVE: CVE-2026-34352 +Upstream-Status: Backport [https://github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393] +Signed-off-by: Ankur Tyagi +--- + unix/x0vncserver/Image.cxx | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/unix/x0vncserver/Image.cxx b/unix/x0vncserver/Image.cxx +index bd48c88d..abc421d7 100644 +--- a/unix/x0vncserver/Image.cxx ++++ b/unix/x0vncserver/Image.cxx +@@ -268,7 +268,7 @@ void ShmImage::Init(int width, int height, const XVisualInfo *vinfo) + + shminfo->shmid = shmget(IPC_PRIVATE, + xim->bytes_per_line * xim->height, +- IPC_CREAT|0777); ++ IPC_CREAT|0600); + if (shminfo->shmid == -1) { + perror("shmget"); + vlog.error("shmget() failed (%d bytes requested)", diff --git a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb index 9fb7abf8f3..4f01cd22d0 100644 --- a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb +++ b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb @@ -22,6 +22,7 @@ SRC_URI = "git://github.com/TigerVNC/tigervnc.git;branch=1.15-branch;protocol=ht file://0001-do-not-build-tests-sub-directory.patch \ file://0002-add-missing-dynamic-library-to-FLTK_LIBRARIES.patch \ file://0003-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch \ + file://CVE-2026-34352.patch \ " # Keep sync with xorg-server in oe-core From patchwork Sun Apr 5 12:49:13 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85264 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB0A2E88D7D for ; Sun, 5 Apr 2026 12:49:57 +0000 (UTC) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.34421.1775393396398179105 for ; Sun, 05 Apr 2026 05:49:56 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=b9ecMNdx; spf=pass (domain: gmail.com, ip: 209.85.214.170, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-2a871daa98fso25723335ad.1 for ; Sun, 05 Apr 2026 05:49:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775393396; x=1775998196; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fa1fDdJr6RX8vlFVdZrXzFlTqwgUk13obcBOVbAUf/8=; b=b9ecMNdxP2zImZd+WFHScJ9iC29TryruCBzk1W5ovTbqBShJ8X4x2L5dYK/uWav2lF VxUXI7huAy9aFyyaXhCgOLpz7RzQMptchPzqMf9wAqdrWEmkQsDHWuTiTP/4MN6qpfuK bpwISj73KM6vrHMpaE+68s8QXyZat+lZXmxfRJoem8HEcqAIWAfObG1kRnWsDexfq/kM BuyuOtpovbxi6VDsNbVXJuw9y3QCecJPLi6ayhI8rXBidNZ/bkRI+Ck0LiYUjdv6k8vi 1XsKOwTrL1nUApWtLoUH6xxnZ5Hpi6IHCcjssmRsS/6qGgTMY/CQyIvnxjtpAEozAIew dSog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775393396; x=1775998196; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=fa1fDdJr6RX8vlFVdZrXzFlTqwgUk13obcBOVbAUf/8=; b=a0KZsrJwdFqYEdkKrx8JfJTpH/92K44t89qE0Rb45vU8w1svzHeunjGPpnBXBvu6DE 9/9GV9OTbhNXcfppecFelEjDGp+h61qdNKC8YMd3tHlaV5HOm3ADyRRX//ZJGQiAoQct F9pXktt0gJ+BC8UBylabMwNFRaeOE8a2u4LQLv5tqEVcC1FsnPWoHuFZmKqnzeHMYptP 3jH0MCqXMxwKQKBeIgWJV3buLIPjJzUkR/KxD7NlYs3djcdR30P14ouTD+JQqCBdAHJI kL5aWjrnN8hN6BZ1vYKhGygXXDLuMgiMIhWaM3kdWfCQRrZfM5WYExbsP45rAQ0uIpNc tshw== X-Gm-Message-State: AOJu0YzF1/7Eau2BBqwRJs2ThUNZzZuBBT7iWr498J+T6EJV1qFkXtjA 7/+rrOx2sP8ipDVpPG287Vi7u39NWVYfpFc/lZyjBPhW5+w+3VhUNouc7ViZ1OjwNpA= X-Gm-Gg: AeBDietQSn/DftLn9JihZElpfA5xdirMBoqzQSF1UzsLsXAB2dVgcdUQ0pRn6yxF+n8 MbN1jt2s3J+IN6yCYaCghspteJL7subdNf3lvikytHgMqUxCABLAtz/iHs81dZ4Oki7f4lSiusk dn9MZZ4BfoFdbF/FacfvBMxFDbB8eN5FbUjFKXzU6w5BOOy7RfI1YRKGGGFASW4eMfpZxVfF1Cf q0sP2kV1mFqwN74vUrPnRxj8AsXzoJ+D516M9vXkInRxHsg9ao/St0wOkkGMsvAwKEvBoBy95x5 eTtR0efUydy4wLdxJyHtR7ptnrKmXIEsRlMZSxqb9dHE50gy2QUz0IsJBIytz7pSuL3HCr0EtIS CE/oacNrD/XVDIvF4lXxb9C4U8lq+E8SjCBmT7QioiEHJbKFvStLr6Ccwm5EZU0e4rxlAIYM1Jh skb9fGEn5+NOKmMYMAtXTY3kuobifVlr974AE= X-Received: by 2002:a17:902:c943:b0:2ae:c358:bb7c with SMTP id d9443c01a7336-2b28183b8f9mr97813155ad.35.1775393395560; Sun, 05 Apr 2026 05:49:55 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([167.103.127.14]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b27477736dsm106828025ad.24.2026.04.05.05.49.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 05:49:55 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 11/14] strongswan: patch CVE-2026-25075 Date: Mon, 6 Apr 2026 00:49:13 +1200 Message-ID: <20260405124916.2881008-11-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> References: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 05 Apr 2026 12:49:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126010 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25075 Signed-off-by: Ankur Tyagi --- .../strongswan/CVE-2026-25075.patch | 48 +++++++++++++++++++ .../strongswan/strongswan_6.0.3.bb | 4 +- 2 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 meta-networking/recipes-support/strongswan/strongswan/CVE-2026-25075.patch diff --git a/meta-networking/recipes-support/strongswan/strongswan/CVE-2026-25075.patch b/meta-networking/recipes-support/strongswan/strongswan/CVE-2026-25075.patch new file mode 100644 index 0000000000..cd45354523 --- /dev/null +++ b/meta-networking/recipes-support/strongswan/strongswan/CVE-2026-25075.patch @@ -0,0 +1,48 @@ +From 5ed074270e74a44cede84357ce791a58d22c4cd8 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner +Date: Thu, 5 Mar 2026 12:43:12 +0100 +Subject: [PATCH] eap-ttls: Prevent crash if AVP length header field is invalid + +The length field in the AVP header includes the 8 bytes of the header +itself. Not checking for that and later subtracting it causes an +integer underflow that usually triggers a crash when accessing a +NULL pointer that resulted from the failing chunk_alloc() call because +of the high value. + +The attempted allocations for invalid lengths (0-7) are 0xfffffff8, +0xfffffffc, or 0x100000000 (0 on 32-bit hosts), so this doesn't result +in a buffer overflow even if the allocation succeeds. + +Fixes: 79f2102cb442 ("implemented server side support for EAP-TTLS") +Fixes: CVE-2026-25075 +(cherry picked from commit 73aff21077d88de7544e989a9af1485128fc5d6d) + +CVE: CVE-2026-25075 +Upstream-Status: Backport [https://github.com/strongswan/strongswan/commit/73aff21077d88de7544e989a9af1485128fc5d6d] +Signed-off-by: Ankur Tyagi +--- + src/libcharon/plugins/eap_ttls/eap_ttls_avp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c +index 06389f7ca..2983bd021 100644 +--- a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c ++++ b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c +@@ -119,7 +119,7 @@ METHOD(eap_ttls_avp_t, process, status_t, + chunk_free(&this->input); + this->inpos = 0; + +- if (!success) ++ if (!success || avp_len < AVP_HEADER_LEN) + { + DBG1(DBG_IKE, "received invalid AVP header"); + return FAILED; +@@ -130,7 +130,7 @@ METHOD(eap_ttls_avp_t, process, status_t, + return FAILED; + } + this->process_header = FALSE; +- this->data_len = avp_len - 8; ++ this->data_len = avp_len - AVP_HEADER_LEN; + this->input = chunk_alloc(this->data_len + (4 - avp_len) % 4); + } + diff --git a/meta-networking/recipes-support/strongswan/strongswan_6.0.3.bb b/meta-networking/recipes-support/strongswan/strongswan_6.0.3.bb index 438b5d5331..bf0eb3bc1b 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_6.0.3.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_6.0.3.bb @@ -8,7 +8,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS = "flex-native flex bison-native" DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', '', d)}" -SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2" +SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \ + file://CVE-2026-25075.patch \ +" SRC_URI[sha256sum] = "288f2111f5c9f6ec85fc08fa835bf39232f5c4044969bb4de7b4335163b1efa9" From patchwork Sun Apr 5 12:49:14 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85267 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0FA30F3D5E0 for ; Sun, 5 Apr 2026 12:50:08 +0000 (UTC) Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.34422.1775393399774818213 for ; Sun, 05 Apr 2026 05:49:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=bYDLsmo0; spf=pass (domain: gmail.com, ip: 209.85.214.174, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-2ad4d639db3so13317385ad.0 for ; Sun, 05 Apr 2026 05:49:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775393399; x=1775998199; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gUKPmSAVoyyl8MeOa9IYBd5Xa2TLSGZOJZXUmXFCuD4=; b=bYDLsmo0UTVYy8WLv5YaPI/VxgMUY+czw9z9iCe0wtJ9K8lJJI3Xtp/uE89hKQzjt1 zyt9jqSVUyBOOqOf4fn9IQIlUthohq6w7Yro0/yCE3GX8WM+BSMiWUm0Qky0KpYimE0+ 1dFMhmJLVjkzaSB4FYqSuJYM8g12+d4y966YaIFjWQu7TURRnSjUQa2Ivf8/gH+XM2YB KkgQzy0J69tEkw0GgZS5vUP2aej3Y5jp7LGgSrfEltCK1JwqQTqczq30zJczTwxiHBb+ U4M8tn1wvhZNLThzl2M1LwO6GlZ1TQHuTkY8suOxlpG9vYl/N042s2PpBMWu/EonaN7Q 6NTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775393399; x=1775998199; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=gUKPmSAVoyyl8MeOa9IYBd5Xa2TLSGZOJZXUmXFCuD4=; b=cdibCEWCu67+2im+C1sx3dbcZLllvsy/X0C95H88gNMpL38Y/jQh7xgj1vq2S4s2LL gFedHpqmUAe9TktQqq9QHuXz4x0ax0KkzS635/NoJ1JkMtaSAEc+e8y59vZEtNREeo+Q hbiqAB3CFETxWIvpqx18Ca+wOBxkPkYOi9/1/HK0o204swPKPn5HQl7l3s3T4Kz5UUwW QHJPB1487BdDKBlsrmfH6i2eXP/oYGuX73AoBr7T+ESUQ6x60qh1c2ZU1fLOppSWyeha stV42otskYgh/sLnGOEnhgSqdfMJMHiwHZWASY9/wT1eF93T5V+q2KhpcAOSxk/NIbdx 0X9g== X-Gm-Message-State: AOJu0Yz22vHuL+X0AfUoiKzQg9nQaoi9mzO+e1JXjEc2QYBRM7P9bGAI LFVMKz75Ea9mEtIqAmVa6g8ChZqPP6R/kWt1jY0wUa07lEokpo9DA17d2CMHSwFG1rM= X-Gm-Gg: AeBDieseReQU26tTbs9CKtgrjFtavX1kVT4zUjcd7/s2+HIebLgzkhJOUzm3heKAge1 K4X8MEQlVz4ygBYZpLE38y+TNMJlSY/ZxNWSRhg4HfL9ow6pXA1qGMHpAUJtMjJJDAs7vsratSB HiKVSMJG26krAc0NNGy1a+iIvKPnFQqwh8fR9meITtBD5oXxoAoYZZhduBc9OEowbgeHCi9rAW+ ynLUlRjs8Kg3kAifH20YRgcxQITDVSajA/HZQsZFo3WTS1PxQk9Mr3amnN+ueLyiOzI73ZsoJwU O2gcY/gf3L7C1P0atKcYWb7OGzoOIIzxYIMLAknOm1HfW54LmW1Gb3kB1B6WMvtIi/ekRcnSyKg RcHbzN6E61PiSEGZ8NZcD7qNi4cSHFnuvFdw8Pad13ELsFXy0LMthbj/Qp2TVX58Oq94ZvKNCHj Y0BlBfw0o4DGPme6ER4agY8xVWxvHLeLd6TM8= X-Received: by 2002:a17:903:3846:b0:2b0:5ae9:ee4 with SMTP id d9443c01a7336-2b2817cec78mr103619045ad.5.1775393398996; Sun, 05 Apr 2026 05:49:58 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([167.103.127.14]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b27477736dsm106828025ad.24.2026.04.05.05.49.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 05:49:58 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Gyorgy Sarvari , Khem Raj , Ankur Tyagi Subject: [oe][meta-oe][whinlatter][PATCH 12/14] freeipmi: upgrade 1.6.16 -> 1.6.17 Date: Mon, 6 Apr 2026 00:49:14 +1200 Message-ID: <20260405124916.2881008-12-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> References: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 05 Apr 2026 12:50:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126011 From: Gyorgy Sarvari Changes: o Fix exploitable buffer overflows in the following ipmi-oem commands: - ipmi-oem dell get-last-post-code - ipmi-oem supermicro extra-firmware-info - ipmi-oem wistron read-proprietary-string o Support --proxy in ipmiconsole. o Fix mem-leak within libfreeipmi locate api. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj (cherry picked from commit 4b4c770ce56d58a0a6eb635f03761499bf7603d3) Signed-off-by: Ankur Tyagi --- .../freeipmi/{freeipmi_1.6.16.bb => freeipmi_1.6.17.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-support/freeipmi/{freeipmi_1.6.16.bb => freeipmi_1.6.17.bb} (93%) diff --git a/meta-oe/recipes-support/freeipmi/freeipmi_1.6.16.bb b/meta-oe/recipes-support/freeipmi/freeipmi_1.6.17.bb similarity index 93% rename from meta-oe/recipes-support/freeipmi/freeipmi_1.6.16.bb rename to meta-oe/recipes-support/freeipmi/freeipmi_1.6.17.bb index f5be870b1d..50a1877c0e 100644 --- a/meta-oe/recipes-support/freeipmi/freeipmi_1.6.16.bb +++ b/meta-oe/recipes-support/freeipmi/freeipmi_1.6.17.bb @@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ file://COPYING.sunbmc;md5=c03f21cd76ff5caba6b890d1213cbfbb" SRC_URI = "${GNU_MIRROR}/freeipmi/freeipmi-${PV}.tar.gz" -SRC_URI[sha256sum] = "5bcef6bb9eb680e49b4a3623579930ace7899f53925b2045fe9f91ad6904111d" +SRC_URI[sha256sum] = "16783d10faa28847a795cce0bf86deeaa72b8fbe71d1f0dc1101d13a6b501ec1" DEPENDS = "libgcrypt" DEPENDS:append:libc-musl = " argp-standalone" From patchwork Sun Apr 5 12:49:15 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85269 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C2A8F3D5E1 for ; Sun, 5 Apr 2026 12:50:08 +0000 (UTC) Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.34424.1775393403125845130 for ; Sun, 05 Apr 2026 05:50:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=YG/sYPZr; spf=pass (domain: gmail.com, ip: 209.85.216.44, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f44.google.com with SMTP id 98e67ed59e1d1-358e3cc5e7eso1521732a91.0 for ; Sun, 05 Apr 2026 05:50:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775393402; x=1775998202; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=id2IgHM85D9o5Ge+MmcPRS1rzikegWjYAQDsTRrx52g=; b=YG/sYPZrr4tmiZTKaBrdfmNNOFVSYn6kNWM15y1Uv508rjRaDUZpNICmzhRsJWkJhu 9A8Zlq6MXePdj6C2QGbYGQT6iL2cB8AwvNcMJbf+3nAhy+XGerq2+hW7DZAOMnDSccGP EYNEACvBm7XbPQ6zO6MpHeOtW3HEdJJ4zqRDBFaPaijcMkH8lAUjnPXqCHLSeDN1p+0s 39Sf/Tp+GSQH6reJnBOs7zHcoV4frOgNbPDGT0l14se3VBMNPiVS6PdNbKM7MJ3tr6QQ 7GUDLWFjDyhpJki6nqWWd1NKxykvshGzzVw7FofuVf5YJ24cChL+YerzTEgegVr8zSik ijKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775393402; x=1775998202; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=id2IgHM85D9o5Ge+MmcPRS1rzikegWjYAQDsTRrx52g=; b=adtVZmI8c/lcRI9UAgsMuiLFvU1R3QUIVr2BfT/DU7YPOljUJujB7Gc8lGDKTWkwV3 9mO+8j8jFQr6XzaXYrUx4ydpnU+F6Vm1gczmAnJVdCYK+S9QW5uV4e7Jm90xzw+0wu0C Jwi4LJ2F4/1g2NUAUuDlpwVK1FKBKBV/KvQ9xR7eDyZibZCjRYRb/i0eQSh32YoOlUje Z7qB+9Q9L7uqqAI8h3InZEqr2uxhoAFk7Y/Xf8xE0z2StGQEZ0wEL8lve2UdB93Qoo71 CXuTlSo2u2v1HIwYpLWQiIx4RJ5Mus5ufvP570X/YHFoxwoM2HaDNFcyeiUUyeDhUj9D HfTQ== X-Gm-Message-State: AOJu0YyQ9V48eY5usC+fvx8+b17HUKoKPm4j2Wp5ikceKg/3a00/opbU PPnodda5HX0y0iyHII5WYAvoQLfc77TU9ZH8Jo2iStcuUsF7CrZ1R0pwI3DYbvD0BZ0= X-Gm-Gg: AeBDiesA01vu082sXhv+giBP9/ISCB0Su/tzuVY/urVViWpLH4xw+zW/rJpDOTgXlef n4gBOFDIAyf1E22xh+de1a2vRRfGnmn2nrotaSMsnL3SOpbSREEhGQABTqTpemkMFjs4nIcZLta YMp4l7FE4NY8vcozRtvorFJ9J3hM/uXlJ9V+ppIUW8ieqB8tY8ASe7cSr9vc8RKWDhPvpwzYlXb W8c879XUFYnumLQ44Fk+IHZH0fdIWph31uu1RPF5KDGZhWEvknh29RZ2TSyIsmHo0poLEpH2Fx3 p+xJyqrdAtUKNV01I6oM8TDUDFQwwZDXBLhdftBo95XJphRI+ENobVG1tyOPekTTDlRfjaBvL3w kxksLc+w6Sfho7VWXxfp73aL9uGPPS3MrcFO/9n4wjr3soXrIdNaG3RC99DfqPEC6395dGLyON1 KnlpfDXxlbwZQ8PEmTIpQ7ASg6ibKr9X+Sp/4= X-Received: by 2002:a17:903:1aae:b0:2b0:4a57:e480 with SMTP id d9443c01a7336-2b2817da2c3mr99427475ad.45.1775393402316; Sun, 05 Apr 2026 05:50:02 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([167.103.127.14]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b27477736dsm106828025ad.24.2026.04.05.05.49.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 05:50:01 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Michal Sieron , Khem Raj , Ankur Tyagi Subject: [oe][meta-gnome][whinlatter][PATCH 13/14] gnome-bluetooth3: Fix RRECOMMENS typo Date: Mon, 6 Apr 2026 00:49:15 +1200 Message-ID: <20260405124916.2881008-13-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> References: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 05 Apr 2026 12:50:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126012 From: Michal Sieron Signed-off-by: Michal Sieron Signed-off-by: Khem Raj (cherry picked from commit 4f2cc704e524089bd9184c41879e2cdaa40b86e5) Signed-off-by: Ankur Tyagi --- .../recipes-gnome/gnome-bluetooth/gnome-bluetooth3_3.34.5.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-gnome/recipes-gnome/gnome-bluetooth/gnome-bluetooth3_3.34.5.bb b/meta-gnome/recipes-gnome/gnome-bluetooth/gnome-bluetooth3_3.34.5.bb index 1ceff5ffcf..8490e3d161 100644 --- a/meta-gnome/recipes-gnome/gnome-bluetooth/gnome-bluetooth3_3.34.5.bb +++ b/meta-gnome/recipes-gnome/gnome-bluetooth/gnome-bluetooth3_3.34.5.bb @@ -34,6 +34,6 @@ do_install:append() { FILES:${PN} += "${datadir}/gnome-bluetooth" # offer alternate bluetooth-sendto -RRECOMMENS:${PN} += "gnome-bluetooth" +RRECOMMENDS:${PN} += "gnome-bluetooth" RDEPENDS:${PN} += "bluez5" From patchwork Sun Apr 5 12:49:16 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 85268 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F9E5EEB577 for ; Sun, 5 Apr 2026 12:50:08 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.34603.1775393406297207326 for ; Sun, 05 Apr 2026 05:50:06 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=abIJS2zL; spf=pass (domain: gmail.com, ip: 209.85.214.182, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-2ad9a9be502so20647865ad.0 for ; Sun, 05 Apr 2026 05:50:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775393405; x=1775998205; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2VwB8Nr1PKDMVjqTno2Lr33NDiRbDJ5xp0pMjqE21Kk=; b=abIJS2zLeu8FcULyAFr3kZKu1JnA9Bxpf71wKM3eCH8NSJCyDMjU3xILqPw2ddzLxd x94Bn6grW2+aXSqsjp9brDH0TTeBEtcYMB6podFwmsyHE6qjvH7OKn0Qf6u1eXIpkdwu ZWakhWZuGJrKVu9D3UeNhTTL4h2BsWaCjC/l0/w9i4kG+Il8BdyRjlJU/xVkARqxug8B csP7ZN8qDBd74FOOk1/yWUE9lCBOT/zO5tBcfypVFp6+KX3Ttok6LIBsaBpGejlPDV37 deBf4uZdRpuvv9Dq/SpBzRDDoDkiERzUbuIYv6sO/yCvIT3xkU4IM4PpIua03My84uDA Ir3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775393405; x=1775998205; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=2VwB8Nr1PKDMVjqTno2Lr33NDiRbDJ5xp0pMjqE21Kk=; b=NgrezwyNhVZP5PDaGROanoOYbjOkYqUKa+qaESRdndb+JXQun5rTSby17xEP9mnVHW x5XLjZuZ3wz+JTVlANDT4Drb1uBx3rSU9nd86YDcCq7Gc/3e/APsJpPnbxE1TjZrjdcl IRer0bBYqaslfaLaY8fP05ZiPhaqNhq40Epv8mW23sZA2zBkRVXqop9ObFqN8ANWdoIh uwWmPI4BkBj/VIzGL0RuUh/86q4OjWVGs/vrKgnXvDhnAPRNkc6PwNQiLG8ARsfQ9dPH rlKMXM/x7xLJCoXc2ctpZbyTfNLXThRQTYsAvK96bElD2W94h3Q0UO1EEYkDtSdYGd/e S1Kg== X-Gm-Message-State: AOJu0YzHTxKbYKvoO//7vJlfjq/PyRNdL55qgH8WJvX+DJvF/y26mA0y c4RL1DnxIob/RVP7mL/88xIg6BVUyxH1OokDSTxa/DGEYY4d+CJ8NX4XeWf0qCbyUwA= X-Gm-Gg: AeBDievlPzRy+BN0M3Tgm14oCx9MFVR0bbjYlVa+F058leUPA41+R7+uDZPdIR+hyIz AvwZkOAtvxb4a4ysttoL8OIWQcoiVPVr1IBmhBySRwXqc2WK0i5L7cf8vJwWa//AjMn/84H3OcE M448ZFlgpgYLPzGRTVAhYdXeZEXkCBTmUYH+/Y/o6xS2P5QarWSNeI9pGxAd3khphmgcb9JiiEH 3gArFjYHgisORaS7u9hR0NzE4yR6BuZU0jQG8oOlU2KLC5PIlNDE4dukWxIpu7SxO7j8XA5NF63 jZtERn1z7rHbnRICTH1kh/PzRVWEMHmtfgX/N/luxgPCaeEgy/B3nDGKQcVcgqHo418mTxeKoqA PNN9HLXPW6OyEwzxuFkVkRTkcIrMuTiSRtr9ChmVA1T1JEQmDzomiuXwCpRHLbdqLY1SwEDmpaD /BkKbnSpeCtf+uuXqKaG/zjyAHZDW5LRAjXSA= X-Received: by 2002:a17:902:f611:b0:2b2:470d:6d0d with SMTP id d9443c01a7336-2b281706f78mr101942905ad.9.1775393405569; Sun, 05 Apr 2026 05:50:05 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([167.103.127.14]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b27477736dsm106828025ad.24.2026.04.05.05.50.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 05:50:05 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Liu Yiding , Khem Raj , Ankur Tyagi Subject: [oe][meta-gnome][whinlatter][PATCH 14/14] gjs: upgrade 1.84.1 -> 1.84.2 Date: Mon, 6 Apr 2026 00:49:16 +1200 Message-ID: <20260405124916.2881008-14-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> References: <20260405124916.2881008-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 05 Apr 2026 12:50:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126013 From: Liu Yiding Version 1.84.2 -------------- - Closed bugs and merge requests: * GtkNotebook.pages GListModel is inaccessible from GJS [#686, !992, Philip Chimento] Signed-off-by: Liu Yiding Signed-off-by: Khem Raj (cherry picked from commit 3797a82feeff34abd161fe7f2daf88a9fbd05cee) Signed-off-by: Ankur Tyagi --- meta-gnome/recipes-gnome/gjs/{gjs_1.84.1.bb => gjs_1.84.2.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-gnome/recipes-gnome/gjs/{gjs_1.84.1.bb => gjs_1.84.2.bb} (94%) diff --git a/meta-gnome/recipes-gnome/gjs/gjs_1.84.1.bb b/meta-gnome/recipes-gnome/gjs/gjs_1.84.2.bb similarity index 94% rename from meta-gnome/recipes-gnome/gjs/gjs_1.84.1.bb rename to meta-gnome/recipes-gnome/gjs/gjs_1.84.2.bb index 55bd38c97c..c41fa6e93a 100644 --- a/meta-gnome/recipes-gnome/gjs/gjs_1.84.1.bb +++ b/meta-gnome/recipes-gnome/gjs/gjs_1.84.2.bb @@ -7,7 +7,7 @@ DEPENDS = "mozjs-128 cairo" inherit gnomebase gobject-introspection gettext features_check upstream-version-is-even pkgconfig multilib_script -SRC_URI[archive.sha256sum] = "44796b91318dbbe221a13909f00fd872ef92f38c68603e0e3574e46bc6bac32c" +SRC_URI[archive.sha256sum] = "35142edf345705636300291ec3a7d583f14969ff3fae0ff30f4a95b1e6740166" SRC_URI += " \ file://0001-Support-cross-builds-a-bit-better.patch \ file://0002-meson.build-Do-not-add-dir-installed-tests-when-inst.patch \