From patchwork Mon Apr 20 06:27:33 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86435 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 03C4AF36C39 for ; Mon, 20 Apr 2026 06:28:06 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.14173.1776666474247172699 for ; Sun, 19 Apr 2026 23:27:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=rYa5mfRS; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-488d2079582so30555475e9.2 for ; Sun, 19 Apr 2026 23:27:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666473; x=1777271273; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=D/y+Yzh0vQWdyCoVFbHjol11K47rYZEx7xIOh4bLZGE=; b=rYa5mfRSzZb1HK5h8cKQBhqnLLxGQL/yWWbficCJDigIEhh36h98RgfYnhupuHaSHL ayPW2c3CUFAX0SaSbe3I/rDILPfcaNOysYnG7hSCiJpN7w4NZIfsgFKxpXXJnoOu08lc 2vEYmpd1DDT6W82bHqk2tdgjkmHH8st5VrWox8CeUAiC/L6g24Ooew0jF63954KpxGMC mXHUe77WXV8a4+vihT0aL4CJXsJDtAoo1m0FOo4eT5oNP+l1SmWP+Ff48S76PGFyTUcb OrYxZjFgOC/J+3yphgsdj6r6sXS3FPHYz2nQn2wzmBd9HdPfv3dmFGK63XrYUC+81QwF 9TDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666473; x=1777271273; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=D/y+Yzh0vQWdyCoVFbHjol11K47rYZEx7xIOh4bLZGE=; b=IRtlUbhrKBYZmvzzjSpJ5ONuDqT3y12jcxSIvzOHYrsYAg5RWIG7jHHPA5mUJ9SxWv y9uT5a2G+tn5rV+zThAkZWiutUWmwpUOnWq8hG77JmKxGkU9Xdo5QA5mGE2WQCG/bwdL sPDdYzdIO9W4fctW9PKPikQgc3Efw6IGIRwoXroETd0XfboB159SJI2g7W8AbmvjNsCB 1LIKU3Rsn18/Ta5S7kpOISCSu/6v26mz2Sn4pgbJyUseC/696iOemIHvb/sO+Y2n8Hke /FpTiEmTJj4kle4/rORo3TCdIi0vQL+Ch6AvYF4VUgc6tK07cOaBRRlsSDqxD00RaHm0 uLUg== X-Gm-Message-State: AOJu0YxQm2fcSg4IG+uxmAiEMmZbg4LgTLuFontPCsD4gErofNqzsU4W 6HErqycoB2JZnH+aIDp8cLOCtA172bEFVdHa3dQPSVsGPNxCydP7deYCQrXBaQ== X-Gm-Gg: AeBDievfkX5o5c1gsS4bgaI/TPQOlBT85Adbwv+o6Gaw81s5BUoD2eKlKRdmnS2l68A 6tHRT1mDlrzmM3BmUEPwUA4JgByHIa4aPBqqI0/sDhdVjw8D2b57lvW1QTYcD1WPpBagT3mdKxh uhjb9o/+TSVE0gjxLSExtjr98eGWWX/fz5iFqTESesGookJsoNLCONtjMNGCdtBR9vn1aFdxxRX 7CqqcHud46A2Dc0iqgtyW8h6QS1XZMwpRxHdUwF0A5XwMdSDhJkpCv4d0vEGo8ZUkXRwhWxB8Tl 9Y1marJVvjnDMsssyhXXOlqAY13193bev/9HWGrtfTtSQsjt7eTIap4KGuwGdpgXetVlfcXxQho ECmr8dSOH8xUjXXfrc9N4RGVHTebGS4ZEE06YslJQ3Ydx5TZnQj2YFMDJKMrDnRKc67H3MMH7Be UwHSV8sIqk1Pby1g4Sz3CMg9FH5T0TPJYNWCndrVUjkg== X-Received: by 2002:a05:600c:3515:b0:488:8b99:54a1 with SMTP id 5b1f17b1804b1-488fb78e7c5mr161977465e9.28.1776666472146; Sun, 19 Apr 2026 23:27:52 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.27.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:27:51 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 01/17] fio: upgrade 3.41 -> 3.42 Date: Mon, 20 Apr 2026 08:27:33 +0200 Message-ID: <20260420062750.3795917-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126465 Contains fix for CVE-2026-30656. Also mark this CVE as patched explicitly, as NVD tracks it without version info. Drop patches that are included in this release. Changelog: https://github.com/axboe/fio/releases/tag/fio-3.42 Signed-off-by: Gyorgy Sarvari fio --- .../fio/fio/0001-fix-musl-builds.patch | 38 ------------------- .../fio/fio/CVE-2025-10823.patch | 37 ------------------ .../fio/{fio_3.41.bb => fio_3.42.bb} | 7 +--- 3 files changed, 2 insertions(+), 80 deletions(-) delete mode 100644 meta-oe/recipes-benchmark/fio/fio/0001-fix-musl-builds.patch delete mode 100644 meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch rename meta-oe/recipes-benchmark/fio/{fio_3.41.bb => fio_3.42.bb} (93%) diff --git a/meta-oe/recipes-benchmark/fio/fio/0001-fix-musl-builds.patch b/meta-oe/recipes-benchmark/fio/fio/0001-fix-musl-builds.patch deleted file mode 100644 index 6c0d69d6e8..0000000000 --- a/meta-oe/recipes-benchmark/fio/fio/0001-fix-musl-builds.patch +++ /dev/null @@ -1,38 +0,0 @@ -From ccce76d2850d6e52da3d7986c950af068fbfe0fd Mon Sep 17 00:00:00 2001 -From: Arthur Gautier -Date: Sat, 13 Dec 2025 20:07:11 -0800 -Subject: [PATCH] fix musl builds - -This commit fixes the build on musl which fails with the following -error: -``` -oslib/linux-blkzoned.c: In function 'blkzoned_move_zone_wp': -oslib/linux-blkzoned.c:389:37: error: 'FALLOC_FL_ZERO_RANGE' undeclared (first use in this function) - 389 | ret = fallocate(fd, FALLOC_FL_ZERO_RANGE, z->wp, length); - | ^~~~~~~~~~~~~~~~~~~~ -oslib/linux-blkzoned.c:389:37: note: each undeclared identifier is reported only once for each function it appears in -make: *** [Makefile:501: oslib/linux-blkzoned.o] Error 1 -make: *** Waiting for unfinished jobs.... -``` - -Upstream-Status: Backport [https://github.com/axboe/fio/commit/ccce76d2850d6e52da3d7986c950af068fbfe0fd] -Signed-off-by: Arthur Gautier ---- - oslib/linux-blkzoned.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/oslib/linux-blkzoned.c b/oslib/linux-blkzoned.c -index 78e25fca..c45ef623 100644 ---- a/oslib/linux-blkzoned.c -+++ b/oslib/linux-blkzoned.c -@@ -25,6 +25,7 @@ - #ifndef BLKFINISHZONE - #define BLKFINISHZONE _IOW(0x12, 136, struct blk_zone_range) - #endif -+#include - - /* - * If the uapi headers installed on the system lacks zone capacity support, --- -2.51.0 - diff --git a/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch b/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch deleted file mode 100644 index c5813273c7..0000000000 --- a/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 6a39dfaffdb8a6c2080eec0dc7fb1ee532d54025 Mon Sep 17 00:00:00 2001 -From: Jens Axboe -Date: Tue, 23 Sep 2025 11:50:46 -0600 -Subject: [PATCH] options: check for NULL input string and fail - -Waste of time busy work. - -Link: https://github.com/axboe/fio/issues/1982 - -CVE: CVE-2025-10823 - -Upstream-Status: Backport -https://github.com/axboe/fio/commit/6a39dfaffdb8a6c2080eec0dc7fb1ee532d54025 - -Signed-off-by: Jens Axboe -Signed-off-by: Saravanan ---- - options.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/options.c b/options.c -index c35878f..562c5bc 100644 ---- a/options.c -+++ b/options.c -@@ -1616,6 +1616,9 @@ static int str_buffer_pattern_cb(void *data, const char *input) - struct thread_data *td = cb_data_to_td(data); - int ret; - -+ if (!input) -+ return 1; -+ - /* FIXME: for now buffer pattern does not support formats */ - ret = parse_and_fill_pattern_alloc(input, strlen(input), - &td->o.buffer_pattern, NULL, NULL, NULL); --- -2.48.1 - diff --git a/meta-oe/recipes-benchmark/fio/fio_3.41.bb b/meta-oe/recipes-benchmark/fio/fio_3.42.bb similarity index 93% rename from meta-oe/recipes-benchmark/fio/fio_3.41.bb rename to meta-oe/recipes-benchmark/fio/fio_3.42.bb index 3f03c41f22..dac7548d08 100644 --- a/meta-oe/recipes-benchmark/fio/fio_3.41.bb +++ b/meta-oe/recipes-benchmark/fio/fio_3.42.bb @@ -24,15 +24,11 @@ PACKAGECONFIG[numa] = ",--disable-numa,numactl" SRC_URI = " \ git://git.kernel.dk/fio.git;branch=master;tag=${BP} \ - file://0001-fix-musl-builds.patch \ " -SRCREV = "ed675d3477a70a42d2e757b713f6c7125a27cdca" - -SRC_URI += "file://CVE-2025-10823.patch" +SRCREV = "ab77643023f5d7e3c1b71a7576a564f368bf577a" UPSTREAM_CHECK_GITTAGREGEX = "fio-(?P\d+(\.\d+)+)" - # avoids build breaks when using no-static-libs.inc DISABLE_STATIC = "" @@ -50,3 +46,4 @@ do_install() { } CVE_STATUS[CVE-2025-10824] = "disputed: Maintainer could not reproduce the issue, issue is closed without change." +CVE_STATUS[CVE-2026-30656] = "fixed-version: fixed in 3.42" From patchwork Mon Apr 20 06:27:34 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86436 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD9A7F36C3A for ; Mon, 20 Apr 2026 06:28:05 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13763.1776666474596012560 for ; Sun, 19 Apr 2026 23:27:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=kzehSIRK; spf=pass (domain: gmail.com, ip: 209.85.128.48, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-488c2690057so25244625e9.0 for ; Sun, 19 Apr 2026 23:27:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666473; x=1777271273; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=96iFcisf+ApYG8HqNz0coW9LHkUEvUohTrhdn9wLFh0=; b=kzehSIRK4+oHwmTTdvhM8hdQLcIXr+QK1TlQf8tBLMCjWGuwGp4cc6nC3Lbhk/etEH iZ6H8g2FcVzCvqodbfJcSwNRFzQQkEBmcIyEETR2ZzKW3dK4ECQkM6fe8UiH335a/CrU b7RI5PIARc7kpNob354/ROwu+3U5gRCfzkLOW6UdEZiJc9UPbPm7+CPI9yiUXIDlYdFX qgBGmtWxYJj2EHe/A/sbAxydxFDjkdalVg+jroaGEvJMqDEDXaUrvaEIv/2CnzjOFgQh m60hmGqiJHdmyOQQSGARLzRwJ1+orXpP6XDBKrD2HieEKtDpk3rYrWJfirHtsqGp6YDc 0BLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666473; x=1777271273; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=96iFcisf+ApYG8HqNz0coW9LHkUEvUohTrhdn9wLFh0=; b=StmOCIzpGIfJa7xOGWuIDzm1eEUCfmDfS2IrnzAwU3JAbrnRGKb5REClF7Zut3tTYA m/UMxyPGLsSE8XJmYi+6pwZNE6TldjRQoun0ommpL83pKD4NBy1xoKQfSmSJSO5BLZCw bhOhlUQX2lINnQJNYTi+lMCS588VhtNgcwXHBlOjam6RmCi9AnG65oQiae8Yd5EItgvO /LRYWLHm7os8+7lB/XLzVRyMBTA2tvXKQ3cY9esqsEefJZmqrvzrZoMIJflupfvwHKZr C4hLv25ZqdXE5nhZ50iVUhfG8hToJxePRUi2o67oTjVvFJwkHab3SrhsNlFwPyOAYRCS EoFA== X-Gm-Message-State: AOJu0YyD0HdFA/PTsE/2ceKPYU3a9DGrdCYpnh5aNMebdktPvAJnwZWx Ml7ONYOMEdLVxcLoao2TGmP/26idux53KtJ2Sb/1lpwPiOm54fAF2pu/ZUTu3w== X-Gm-Gg: AeBDietbsustHrk/p+j67snkEUgep6xANA1i5zzkA97Ax8Q2kv7Q1fhfq/Mx3H9peev 7s4R2bNsd/SRGXS+4qxT4CuOB83Y+wtBFLHpHKOnGYXXNTNtc91dqAF2gJGHsbi3yLUJ3vDjUsk Sx9++b1qmurnfl0MwLLBO+AAeOf+e3XVY85+F3DYeyM6H9Agi03dDjm1yi1OGTWgIYXecnTNAvg BEqZNAGKdS/hIGu4J4TwExEx3NuICgYEolnnGyb5kxUrx+zxRDS0WTxT2eiwODUJXTxfraqqBTp 6GjjNAQQbeDPdIjtrivihS5wAzebZOUQc29fAiwYAS5wEsQSOoNbXZOarb4dp5BbLfHEQh0prsX wvGjFRJF3WMed3BmSXfJHChK50oCnWTmSl4jxmNxdeB2LhpSOpandxOlQ+SUyMk8HWgqzjLmMj+ KcQxZEZ7MHDMFr3e4nrEt6bYRSxr0Wv3s= X-Received: by 2002:a05:600c:42cc:b0:488:ffb1:494c with SMTP id 5b1f17b1804b1-488ffb14a0cmr69721045e9.12.1776666472825; Sun, 19 Apr 2026 23:27:52 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.27.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:27:52 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 02/17] jq: patch CVE-2026-32316 Date: Mon, 20 Apr 2026 08:27:34 +0200 Message-ID: <20260420062750.3795917-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126466 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32316 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../jq/jq/CVE-2026-32316.patch | 53 +++++++++++++++++++ meta-oe/recipes-devtools/jq/jq_1.8.1.bb | 10 ++-- 2 files changed, 58 insertions(+), 5 deletions(-) create mode 100644 meta-oe/recipes-devtools/jq/jq/CVE-2026-32316.patch diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2026-32316.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2026-32316.patch new file mode 100644 index 0000000000..1277b356d8 --- /dev/null +++ b/meta-oe/recipes-devtools/jq/jq/CVE-2026-32316.patch @@ -0,0 +1,53 @@ +From 321e62b356df2d4ed47aba4f3818e447ec4d77fc Mon Sep 17 00:00:00 2001 +From: itchyny +Date: Thu, 12 Mar 2026 20:28:43 +0900 +Subject: [PATCH] Fix heap buffer overflow in `jvp_string_append` and + `jvp_string_copy_replace_bad` + +In `jvp_string_append`, the allocation size `(currlen + len) * 2` could +overflow `uint32_t` when `currlen + len` exceeds `INT_MAX`, causing a small +allocation followed by a large `memcpy`. + +In `jvp_string_copy_replace_bad`, the output buffer size calculation +`length * 3 + 1` could overflow `uint32_t`, again resulting in a small +allocation followed by a large write. + +Add overflow checks to both functions to return an error for strings +that would exceed `INT_MAX` in length. Fixes CVE-2026-32316. + +CVE: CVE-2026-32316 +Upstream-Status: Backport [https://github.com/jqlang/jq/commit/e47e56d226519635768e6aab2f38f0ab037c09e5] +Signed-off-by: Gyorgy Sarvari +--- + src/jv.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/jv.c b/src/jv.c +index e4529a4..74be05a 100644 +--- a/src/jv.c ++++ b/src/jv.c +@@ -1114,7 +1114,12 @@ static jv jvp_string_copy_replace_bad(const char* data, uint32_t length) { + const char* end = data + length; + const char* i = data; + +- uint32_t maxlength = length * 3 + 1; // worst case: all bad bytes, each becomes a 3-byte U+FFFD ++ // worst case: all bad bytes, each becomes a 3-byte U+FFFD ++ uint64_t maxlength = (uint64_t)length * 3 + 1; ++ if (maxlength >= INT_MAX) { ++ return jv_invalid_with_msg(jv_string("String too long")); ++ } ++ + jvp_string* s = jvp_string_alloc(maxlength); + char* out = s->data; + int c = 0; +@@ -1174,6 +1179,10 @@ static uint32_t jvp_string_remaining_space(jvp_string* s) { + static jv jvp_string_append(jv string, const char* data, uint32_t len) { + jvp_string* s = jvp_string_ptr(string); + uint32_t currlen = jvp_string_length(s); ++ if ((uint64_t)currlen + len >= INT_MAX) { ++ jv_free(string); ++ return jv_invalid_with_msg(jv_string("String too long")); ++ } + + if (jvp_refcnt_unshared(string.u.ptr) && + jvp_string_remaining_space(s) >= len) { diff --git a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb index 6eaa2de6df..71d7387bf8 100644 --- a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb +++ b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb @@ -10,11 +10,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=cf7fcb0a1def4a7ad62c028f7d0dca47" SRCREV = "4467af7068b1bcd7f882defff6e7ea674c5357f4" -SRC_URI = " \ - git://github.com/jqlang/jq.git;protocol=https;branch=master;tag=jq-${PV} \ - file://run-ptest \ - file://0001-Support-building-with-disable-maintainer-mode-and-so.patch \ -" +SRC_URI = "git://github.com/jqlang/jq.git;protocol=https;branch=master;tag=jq-${PV} \ + file://run-ptest \ + file://0001-Support-building-with-disable-maintainer-mode-and-so.patch \ + file://CVE-2026-32316.patch \ + " inherit autotools ptest From patchwork Mon Apr 20 06:27:35 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86434 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C63F5F36C38 for ; Mon, 20 Apr 2026 06:28:05 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13764.1776666475336530866 for ; Sun, 19 Apr 2026 23:27:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=XDoDw1cv; spf=pass (domain: gmail.com, ip: 209.85.128.47, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-4891c00e7aeso4549525e9.2 for ; Sun, 19 Apr 2026 23:27:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666474; x=1777271274; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=u3So1Pd5pLJgdWfwTf6LXciKf6sgpa2Ua1hb3NKgJ3E=; b=XDoDw1cvHGiaH328OPCBFVUki5rP+0h4CPxPX8M75BAyFxRHvFq8We+h5sXplipoX+ X+vfNHEFFLJJHJiLpTQdi6OP5wW+Cdr/GBCYcunZaFavzUJ4fcRf5EvhzQMw84S5zIt5 kphwFttIDga3K3kgu1FLta9C2+UJksSfSBcbHb4qThvBX6KasQODwCCYLUMZr0xpBAol twYcBS7BLE+RI3wfXcfpulIvsvlBPShMOAITgvlsmZoVJSO51pfnJs8EMMzGvF7Yfy0N KnG1OfntuWkiixJ8Im8iI+s0vXIjRUEqQN1UcWk+emTty48gDvF/imGDf2KHJroGd9UX KMdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666474; x=1777271274; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=u3So1Pd5pLJgdWfwTf6LXciKf6sgpa2Ua1hb3NKgJ3E=; b=cV6ttaM5M0gzt5Sp1UG0D1BrLbv+lxxIyWVGHJ4OrtATHh0asyATNcaDAv1o5Ae3CB HjSCnaKmeHQp+i9h8uIJeusHsjRM03dDV0gVzkimffba1MQMXl7Q9um0rT14S/8Q9w4k jEphRckC3Bx5NktmddsVSbooZ04hBbZUwTx35rqmkD0qdQwU5snfsDuSfu9gztzN9Wpz RVpE+Ip/0OGcoARJPIpuEc6Qaep536cHo0dZZah3daSwJYAEqynS/G3KO6Mt7KTj0r8b YNy4oEHndU98hiRik+RPy3keXonZ699kvZY3+LkJCuZocN6rpln33OwiopUOS+BzQPMV QIRg== X-Gm-Message-State: AOJu0YzKEgDWXo/6qjK7jx0x2hMo1SUNRy1Eau7k1AEBkVzmhjlhQoeY zH1uS4++CtDQ+FFKWX7nu9DZko7PpaDrpE1o4NiCF6O5V3Qm4uaK/UAOe4F3Qg== X-Gm-Gg: AeBDietJgQEQm8GQFazv07x431N4aE86Puwn+MetO2cXHK73Y0L93j4KXymH8O74lex 498Ozo+R2BY/PQRkT0YheuFSKp1HSj9NUwhKhdcr+btn0y/0aEZNlMI48U306IR7XRgEINAUSmd +lVjmb3isl3nl4yeSfdNsrNtuzL5Vp6ByckT+cQa3PXhBTLAhMZZ+QIIcxLRJiDIvxu3AcCP6VG 0JT8rt6i5sfxN35PeM4VxbYFMMMi0PFDW3wcAqNaJxYhl17FamvMr4U1Yx2eLU8u8YBovlmAegD 7dCvsCiJiz+5hV2gQBp8f3Ir33ih0NVnpDFjxayq71PWWfDHHjxadp6YSxCqkSN9VgWRsUoF9gR bSdTw3jsUQOQgvzG+DRfo6gUA36pS5kgTCbtMAEX163URctc6wwtJmVLU+Etp1s/szYwJ0N6Epj lvPZZrm3uAL399SlJzUaFBatLc7z1EZXE= X-Received: by 2002:a05:600c:1554:b0:485:439b:683f with SMTP id 5b1f17b1804b1-488fb775fd5mr166888775e9.20.1776666473540; Sun, 19 Apr 2026 23:27:53 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.27.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:27:53 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 03/17] jq: patch CVE-2026-33947 Date: Mon, 20 Apr 2026 08:27:35 +0200 Message-ID: <20260420062750.3795917-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126467 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33947 Backport the patch that is referenced by the NVD report. Signed-off-by: Gyorgy Sarvari --- .../jq/jq/CVE-2026-33947.patch | 104 ++++++++++++++++++ meta-oe/recipes-devtools/jq/jq_1.8.1.bb | 1 + 2 files changed, 105 insertions(+) create mode 100644 meta-oe/recipes-devtools/jq/jq/CVE-2026-33947.patch diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2026-33947.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2026-33947.patch new file mode 100644 index 0000000000..69a8381f06 --- /dev/null +++ b/meta-oe/recipes-devtools/jq/jq/CVE-2026-33947.patch @@ -0,0 +1,104 @@ +From 5fd935884a6f5b3d8ecdcacfc5d3982140f3a478 Mon Sep 17 00:00:00 2001 +From: itchyny +Date: Mon, 13 Apr 2026 11:23:40 +0900 +Subject: [PATCH] Limit path depth to prevent stack overflow + +Deeply nested path arrays can cause unbounded recursion in +`jv_setpath`, `jv_getpath`, and `jv_delpaths`, leading to +stack overflow. Add a depth limit of 10000 to match the +existing `tojson` depth limit. This fixes CVE-2026-33947. + +CVE: CVE-2026-33947 +Upstream-Status: Backport [https://github.com/jqlang/jq/commit/fb59f1491058d58bdc3e8dd28f1773d1ac690a1f] +Signed-off-by: Gyorgy Sarvari +--- + src/jv_aux.c | 21 +++++++++++++++++++++ + tests/jq.test | 25 +++++++++++++++++++++++++ + 2 files changed, 46 insertions(+) + +diff --git a/src/jv_aux.c b/src/jv_aux.c +index bc1405f..594a21f 100644 +--- a/src/jv_aux.c ++++ b/src/jv_aux.c +@@ -375,6 +375,10 @@ static jv jv_dels(jv t, jv keys) { + return t; + } + ++#ifndef MAX_PATH_DEPTH ++#define MAX_PATH_DEPTH (10000) ++#endif ++ + jv jv_setpath(jv root, jv path, jv value) { + if (jv_get_kind(path) != JV_KIND_ARRAY) { + jv_free(value); +@@ -382,6 +386,12 @@ jv jv_setpath(jv root, jv path, jv value) { + jv_free(path); + return jv_invalid_with_msg(jv_string("Path must be specified as an array")); + } ++ if (jv_array_length(jv_copy(path)) > MAX_PATH_DEPTH) { ++ jv_free(value); ++ jv_free(root); ++ jv_free(path); ++ return jv_invalid_with_msg(jv_string("Path too deep")); ++ } + if (!jv_is_valid(root)){ + jv_free(value); + jv_free(path); +@@ -434,6 +444,11 @@ jv jv_getpath(jv root, jv path) { + jv_free(path); + return jv_invalid_with_msg(jv_string("Path must be specified as an array")); + } ++ if (jv_array_length(jv_copy(path)) > MAX_PATH_DEPTH) { ++ jv_free(root); ++ jv_free(path); ++ return jv_invalid_with_msg(jv_string("Path too deep")); ++ } + if (!jv_is_valid(root)) { + jv_free(path); + return root; +@@ -511,6 +526,12 @@ jv jv_delpaths(jv object, jv paths) { + jv_free(elem); + return err; + } ++ if (jv_array_length(jv_copy(elem)) > MAX_PATH_DEPTH) { ++ jv_free(object); ++ jv_free(paths); ++ jv_free(elem); ++ return jv_invalid_with_msg(jv_string("Path too deep")); ++ } + jv_free(elem); + } + if (jv_array_length(jv_copy(paths)) == 0) { +diff --git a/tests/jq.test b/tests/jq.test +index 4ecf72f..6186d8b 100644 +--- a/tests/jq.test ++++ b/tests/jq.test +@@ -2507,3 +2507,28 @@ strflocaltime("" | ., @uri) + 0 + "" + "" ++ ++# regression test for CVE-2026-33947 ++setpath([range(10000) | 0]; 0) | flatten ++null ++[0] ++ ++try setpath([range(10001) | 0]; 0) catch . ++null ++"Path too deep" ++ ++getpath([range(10000) | 0]) ++null ++null ++ ++try getpath([range(10001) | 0]) catch . ++null ++"Path too deep" ++ ++delpaths([[range(10000) | 0]]) ++null ++null ++ ++try delpaths([[range(10001) | 0]]) catch . ++null ++"Path too deep" diff --git a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb index 71d7387bf8..6df1d46f48 100644 --- a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb +++ b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb @@ -14,6 +14,7 @@ SRC_URI = "git://github.com/jqlang/jq.git;protocol=https;branch=master;tag=jq-${ file://run-ptest \ file://0001-Support-building-with-disable-maintainer-mode-and-so.patch \ file://CVE-2026-32316.patch \ + file://CVE-2026-33947.patch \ " inherit autotools ptest From patchwork Mon Apr 20 06:27:36 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86432 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9D25F36C36 for ; Mon, 20 Apr 2026 06:28:05 +0000 (UTC) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13765.1776666476039285489 for ; Sun, 19 Apr 2026 23:27:56 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=NaPCH5f1; spf=pass (domain: gmail.com, ip: 209.85.128.50, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-488ba840146so24494725e9.1 for ; Sun, 19 Apr 2026 23:27:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666474; x=1777271274; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=K8vCAKDjBfteapj4EvIIkTxzMUBifYBMD6tfeJJqBWE=; b=NaPCH5f1tUd16k/AdM6awyL02w4A81L/wyuZ36seFYIXzlpSRVKtPWcadGTIyAuqhp 5il5nWG01b72UI/phL5KRMqzcxNNTyQrR7lVHmyaVPIk0E8MI/kTNQG1dyW6qCQfQQQr PoO0IP2odh+FPji2wfiQ8clIyOwymsfxnxIW7df0u8f1BHWfyC50ho8J6BFrOMSacmJv TR3Q9XqjWedMBQZRJvG1xayZpL1+WxWoK75AOPtvaQ93pbdNVrEHnnIlGvLE3qgeJNF3 OZ+gtBwaDnf6VNFxr+37OQR60Wa6RW4X9/5nuu8ZUO570BnVrFBfCVgJr9YQiT2GiMTt ziww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666474; x=1777271274; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=K8vCAKDjBfteapj4EvIIkTxzMUBifYBMD6tfeJJqBWE=; b=Xc9MKQXBmgKIkirSDIXYwQz/yNWj1uP7aiK0dJlrc8Zb+8dmemnf+BFw+VSKCfmbvp YiWWsY9Lro6HuAQz21uY87s2NncU9bWsAbrLzH8dyICGI0ADmo8w3VARpa5WST5851gs PJ3zUSd6k1oD1qucDnW8fNbcokn2iZOupiM6HlG1SKO4KVDH+SugpoSw4surFUmZQSgW g+mg/kuQEhPmdRynGXTIpP4hQE26V3UvD8lStCCEyQC4AphS4XfVJWEGfvuEP7LKVCzJ 9A1mWgEZ7CE/7+zP1WYXXZvr5MEf74OO4RoAVIjqmbnUX2WvkksrbzJpG1uwrpNrWPtG uugw== X-Gm-Message-State: AOJu0YyI+jzikiyyzTALvGIaulpEcNKl/7wMHkvURNcMnzqGfkLKzffb DYlJN1M94/inXtYXmTf5IvNG7EjAHoRAopCGAxH5qN55SoGxK22jO70fYJ07Bg== X-Gm-Gg: AeBDiet7Jv7ozOk3G5nw+JWPd43QbwwPzY/NQWksm4orA38sdFqsilI84M8jmQnctOe u1guF4NLKFpFM2o+k9cyuwKy3ElolsbEvN4MAYL9yynhZub2YmZHiXm2E60ZETIgWbjUrMXri8/ pXVc6kH4Pd/+r26JhIhcJ6Jku6bwO304HxeLUA3A7qdNxFYWwZ/9mc45RPyDfzJ69Vv247Z4ILm vdPCpfYWDZN+tVtsHGO3E1BCmsxdDtZQI9T1npvBxHz5jq+QI+XIms+Tkee2ZjnzhFsBshWFmNr aCxB6ReZdQKlNXP402wXSF8a5okvFBQvGYP7hpoary8cKKm/saif3ju2OG7maYnYj4q41EWo8KC TEnJAXsODPRznlVc1zEwTxzMRjvrJxSLWeapKeV0kN5WhawT0D72MeXPB9dzHf1r8E+UAtYSPna U67ay80TkvUN/oavRMGKxYKzydhlBqMK4= X-Received: by 2002:a05:600c:4e14:b0:489:1f08:91b with SMTP id 5b1f17b1804b1-4891f080a7emr19711185e9.16.1776666474325; Sun, 19 Apr 2026 23:27:54 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.27.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:27:53 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 04/17] jq: patch CVE-2026-33948 Date: Mon, 20 Apr 2026 08:27:36 +0200 Message-ID: <20260420062750.3795917-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126468 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33948 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../jq/jq/CVE-2026-33948.patch | 49 +++++++++++++++++++ meta-oe/recipes-devtools/jq/jq_1.8.1.bb | 1 + 2 files changed, 50 insertions(+) create mode 100644 meta-oe/recipes-devtools/jq/jq/CVE-2026-33948.patch diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2026-33948.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2026-33948.patch new file mode 100644 index 0000000000..8625429c74 --- /dev/null +++ b/meta-oe/recipes-devtools/jq/jq/CVE-2026-33948.patch @@ -0,0 +1,49 @@ +From 19a792c4cdb6b91c056eac033ac3367af6e67755 Mon Sep 17 00:00:00 2001 +From: itchyny +Date: Mon, 13 Apr 2026 08:46:11 +0900 +Subject: [PATCH] Fix NUL truncation in the JSON parser + +This fixes CVE-2026-33948. + +CVE: CVE-2026-33948 +Upstream-Status: Backport [https://github.com/jqlang/jq/commit/6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b] +Signed-off-by: Gyorgy Sarvari +--- + src/util.c | 8 +------- + tests/shtest | 6 ++++++ + 2 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/util.c b/src/util.c +index bcb86da..60ec4d5 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -309,13 +309,7 @@ static int jq_util_input_read_more(jq_util_input_state *state) { + if (p != NULL) + state->current_line++; + +- if (p == NULL && state->parser != NULL) { +- /* +- * There should be no NULs in JSON texts (but JSON text +- * sequences are another story). +- */ +- state->buf_valid_len = strlen(state->buf); +- } else if (p == NULL && feof(state->current_input)) { ++ if (p == NULL && feof(state->current_input)) { + size_t i; + + /* +diff --git a/tests/shtest b/tests/shtest +index 887a6bb..a046afe 100755 +--- a/tests/shtest ++++ b/tests/shtest +@@ -842,4 +842,10 @@ if ! $msys && ! $mingw; then + fi + fi + ++# CVE-2026-33948: No NUL truncation in the JSON parser ++if printf '{}\x00{}' | $JQ >/dev/null 2> /dev/null; then ++ printf 'Error expected but jq exited successfully\n' 1>&2 ++ exit 1 ++fi ++ + exit 0 diff --git a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb index 6df1d46f48..acea1e4b27 100644 --- a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb +++ b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb @@ -15,6 +15,7 @@ SRC_URI = "git://github.com/jqlang/jq.git;protocol=https;branch=master;tag=jq-${ file://0001-Support-building-with-disable-maintainer-mode-and-so.patch \ file://CVE-2026-32316.patch \ file://CVE-2026-33947.patch \ + file://CVE-2026-33948.patch \ " inherit autotools ptest From patchwork Mon Apr 20 06:27:37 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86431 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 93A48F36C31 for ; Mon, 20 Apr 2026 06:28:05 +0000 (UTC) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.14175.1776666476881003607 for ; Sun, 19 Apr 2026 23:27:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=j6uY8agl; spf=pass (domain: gmail.com, ip: 209.85.128.51, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-48a3e9862f0so220115e9.1 for ; Sun, 19 Apr 2026 23:27:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666475; x=1777271275; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VaEpieJu+vaqFFOSyAogw7oA/TpHvGyArX8NLlhATQg=; b=j6uY8agle3V+d/hp7lFHLQz16IJwa0gc4EW60lI+3AAUU3vDuH105AeBCmYrt6019Y iJWYc72Nwjzy4diYttAIyJRhr+InVe4kLzWyPvA1MR4HxeNKjh40QwMunygBwjGOYFeR 8X/qjYJWQ0wLI1peA6Vd0o11bieLBEX87D2qfxerul/leSEsBBFjJQYgyJSwelA57AFf M3GttBkcJ6IIU5WBANOI0VkZOD0Lx3CgRCfRt/p+o+jGwAyvSaJoKTwG9c+hawpJdyrh Repqc2TMQuCzowtD0Co0OIankQShNZmHdAqNdjb+2zqsGRpo6m1crZwtTW5cY4/HhEQk M+fQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666475; x=1777271275; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=VaEpieJu+vaqFFOSyAogw7oA/TpHvGyArX8NLlhATQg=; b=JrgNwOT2MYUZrAoEhg8RpZbefZSEHMRBPpcV1Aj4H8XYcFCHC28da0qtrFiu0qGik4 /Tu1eApq3XXgWOHDe5D9JI5PdW+pMocelR6zWGfxyCgozQmPzTzMHAsZGbGh1ReiD+Zj gvrQWagjJomN2pOR64Iwq4fcllHXr5UROmaf6lUJ3XrvrF4m1BaAJ201ITEv8IUu4Fp0 wiFSWDrHUBt81CQWq6gIjc1dsteCBfzQJAcn3H2Iv3ovUymvhe9iLPPLE6/iaqhQEvy+ kfKsLR9zJXWQIyA5QHANR9TI9xFiuv5KgDLvUGYZQdHbXQ+7cRVonnj2taQUzXKrlKgc wabw== X-Gm-Message-State: AOJu0YxmGZ91kFaqO5mpeNS3NHRsudFj5QStx/YbUYaK1JjFafaAM9f6 mYZyBl0ZTzd9IWhhlERk4FT/+EC7BRWlVLpt0BE5jJ4yqt6Z/2MjEZ0F25mwmg== X-Gm-Gg: AeBDievXlpGkKpFsvBg2VqqxiDsKrTKeTtNg9CE8UyVS5s004aUv0oNkzpiB52JedcY kqbgdaljWKsGg0P2wAnesSuARgizXO6tTg3So1l+gnLTXCZjJGfzc9st9+ui7+/0FikkAt0Fryg yQxinHB4Z+MpFKVfK0OUoQ1TxKvJpSko3lo2R3eA9fWU03CqGzZU4HBt5u9LVOxmXbfSrib0Pla 2ZYjgOGkmGAayeIDj8EBirbtBj+P6xzilFplwbpL4cCP53CbqFO/JNEShOdaqL1TuG2HEjCnmYS bM8SDJehTH+AsLvpfs2nnIITPBqHTSTLEXr85fIKEIbgjqggEwaUdsqYbysEJhsIX56LlrXjimj 5IRkjv5HxDQB+KgXEzkvFZkuVbArlTegDX8n7FG4tMxrNjwh2Y0Cil7BCkydVSAg1rNCO7EwjpN k5Ev5cbcrlwMyDeIcTBoAQjkCSfYHHGf8= X-Received: by 2002:a05:600c:34ca:b0:48a:761:5816 with SMTP id 5b1f17b1804b1-48a07615b87mr4263575e9.8.1776666475042; Sun, 19 Apr 2026 23:27:55 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.27.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:27:54 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 05/17] jq: patch CVE-2026-39979 Date: Mon, 20 Apr 2026 08:27:37 +0200 Message-ID: <20260420062750.3795917-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126469 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-39979 Backport the patch that is referenced by the NVD advisory.y Signed-off-by: Gyorgy Sarvari --- .../jq/jq/CVE-2026-39979.patch | 31 +++++++++++++++++++ meta-oe/recipes-devtools/jq/jq_1.8.1.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta-oe/recipes-devtools/jq/jq/CVE-2026-39979.patch diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2026-39979.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2026-39979.patch new file mode 100644 index 0000000000..40c57a46a0 --- /dev/null +++ b/meta-oe/recipes-devtools/jq/jq/CVE-2026-39979.patch @@ -0,0 +1,31 @@ +From ac09f274b6c029a23e3dffc38afac819b5daacc4 Mon Sep 17 00:00:00 2001 +From: itchyny +Date: Mon, 13 Apr 2026 11:04:52 +0900 +Subject: [PATCH] Fix out-of-bounds read in jv_parse_sized() + +This fixes CVE-2026-39979. + +Co-authored-by: Mattias Wadman + +CVE: CVE-2026-39979 +Upstream-Status: Backport [https://github.com/jqlang/jq/commit/2f09060afab23fe9390cce7cb860b10416e1bf5f] +Signed-off-by: Gyorgy Sarvari +--- + src/jv_parse.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/jv_parse.c b/src/jv_parse.c +index ffcf51f..e6b8aa9 100644 +--- a/src/jv_parse.c ++++ b/src/jv_parse.c +@@ -892,8 +892,9 @@ jv jv_parse_sized_custom_flags(const char* string, int length, int flags) { + + if (!jv_is_valid(value) && jv_invalid_has_msg(jv_copy(value))) { + jv msg = jv_invalid_get_msg(value); +- value = jv_invalid_with_msg(jv_string_fmt("%s (while parsing '%s')", ++ value = jv_invalid_with_msg(jv_string_fmt("%s (while parsing '%.*s')", + jv_string_value(msg), ++ length, + string)); + jv_free(msg); + } diff --git a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb index acea1e4b27..026f6bfa71 100644 --- a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb +++ b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/jqlang/jq.git;protocol=https;branch=master;tag=jq-${ file://CVE-2026-32316.patch \ file://CVE-2026-33947.patch \ file://CVE-2026-33948.patch \ + file://CVE-2026-39979.patch \ " inherit autotools ptest From patchwork Mon Apr 20 06:27:38 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86430 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B400F36C32 for ; Mon, 20 Apr 2026 06:28:05 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.14176.1776666477464784536 for ; Sun, 19 Apr 2026 23:27:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=UVjVoAUs; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-48984d29fe3so2398805e9.0 for ; Sun, 19 Apr 2026 23:27:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666476; x=1777271276; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Fz83dpZTn9busdByLZj92+0dcc5WDMxdXw2IS+UQlv0=; b=UVjVoAUslPs8PJ+0IVL7Frri4kNOPr4njkee44iSfLqmQJzdjVU+VgDMj4z73cLhKW TKtMoNKBXbK3mGPSaG8xDnWvdvrK60cn/C2dt9pz/GK1Pk8RkV+bSOiePzP9Xbe3ltK3 HqzzrfKusAN1zdteg3NqPr1ntmJ+J6ZZu4cD7sFkAulqmEyj1ee8dMwhv3WUbZOUPqwZ 9wdMdAorCWOap/ljrdi20W5nje5Tr+hrNkGz9I87HixYK1VAc5mlJLU8LJAAgxvqnn8S hOBm2KDorI5oFxqaQ/Mn2C24I6Ui0AWNq2YAyNFQCEm5PMbpYfhPfwCLIRK/G91qGBPY jmYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666476; x=1777271276; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Fz83dpZTn9busdByLZj92+0dcc5WDMxdXw2IS+UQlv0=; b=i/GSsU7Y6deQp6G82qX3EH2gcTZ/A74J34i93hbbBbLB2ze9RsTT2dO1gA1bbS7UEW EBhMKEeLG41747d4KG+iocvPyUO/w4fCmMCIu7rd4Kb3wprwUwwGJVcHaxAaN+F+YQx4 IfvHUoPSsl6Wq8L5veV4Ia9H3T4YOdZz/RuMA3deyIBO93se9vWPDRbfoYhZX9co6IT0 PlWJLlKYHrnE2rDYj252M6OKisCx0kDWXNCvXSx7bFZbstnwhYSlgBfFHb3Se/B6jGPX GNNvfEV3zU/Ac5rjdFVm/CA7Kdm8krWiovlt0jT4s4hFSHLxTSv5f1Nhib3yjR2dQPRY VVyg== X-Gm-Message-State: AOJu0YyckRfXa3jE+vvqKQT9ajNrzWGekolLfj2PyKfFVanxi9fZbnWw U1/vSx9RRNd3FD5BKj3JGruB0eYJB4vpS9tEcsUBbFQmnXFi1sh8f+UeahBCIg== X-Gm-Gg: AeBDietR4u0dEoKQfLQcWbcorzQkGbnG4MZtryqTJeiJsVEHM1YaIPyU/C/lO6bDVB0 WTu4PDZEIjMTzR85xCQ/FkCmINyB8WsLJkRSAsl1zCstxEA8P3EUs7W56AgQ6zsGnhkVCfrfncm mKibVQXKbCtnjmwrXDTdWjSAJ0QoglvoZps1jnApuVKB6jitWasxEIpy18B8RoLITHbjpeHMwwz A4+3O0GK5FT26EwfYqgwIX+qHv2xfxd8Uf0Fu6MEEPipMWQy6LfTDW/z5Sm4pxSc5CHnkSx/Jod nbg9bLEmi/hB3nZEwu9DoUaVH6jYgCZFdIYLijvzKx6exkDvtGekJGdGA/7xhXA4NHQDyfkgTw2 d3CVDk8rlX0WfrFlvy6Vnr3LJL9hvWZpiDDbpDj1RXmLYAqn8gDWTas4B4Ya+mH0JQC/qTiNb9V Tm3LzEMmyATSgulpJFJ9pvtTEPb4Cvktg= X-Received: by 2002:a05:600c:5295:b0:485:30d4:6b9e with SMTP id 5b1f17b1804b1-488fb77facemr179977635e9.21.1776666475772; Sun, 19 Apr 2026 23:27:55 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.27.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:27:55 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 06/17] lcms: patch CVE-2026-41254 Date: Mon, 20 Apr 2026 08:27:38 +0200 Message-ID: <20260420062750.3795917-6-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126470 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-41254 Backport the patches referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../lcms/lcms/CVE-2026-41254_1.patch | 28 +++++++++++++++ .../lcms/lcms/CVE-2026-41254_2.patch | 34 +++++++++++++++++++ meta-oe/recipes-support/lcms/lcms_2.18.bb | 5 ++- 3 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch create mode 100644 meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch diff --git a/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch new file mode 100644 index 0000000000..2ed8e9f587 --- /dev/null +++ b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch @@ -0,0 +1,28 @@ +From c83cfcd249d06950a307cee8d1e22b7f6a78a8a7 Mon Sep 17 00:00:00 2001 +From: Marti Maria +Date: Thu, 19 Feb 2026 09:07:20 +0100 +Subject: [PATCH] Fix integer overflow in CubeSize() + +Thanks to @zerojackyi for reporting + +CVE: CVE-2026-41254 +Upstream-Status: Backport [https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0] +Signed-off-by: Gyorgy Sarvari +--- + src/cmslut.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/cmslut.c b/src/cmslut.c +index 1089148..b245209 100644 +--- a/src/cmslut.c ++++ b/src/cmslut.c +@@ -460,7 +460,8 @@ void EvaluateCLUTfloatIn16(const cmsFloat32Number In[], cmsFloat32Number Out[], + static + cmsUInt32Number CubeSize(const cmsUInt32Number Dims[], cmsUInt32Number b) + { +- cmsUInt32Number rv, dim; ++ cmsUInt32Number dim; ++ cmsUInt64Number rv; + + _cmsAssert(Dims != NULL); + diff --git a/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch new file mode 100644 index 0000000000..be8c759a6f --- /dev/null +++ b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch @@ -0,0 +1,34 @@ +From f5994aea02d5620f3182cafdcf116ffe9d6c9fd2 Mon Sep 17 00:00:00 2001 +From: Marti Maria +Date: Thu, 12 Mar 2026 22:57:35 +0100 +Subject: [PATCH] check for overflow + +Thanks to Guanni Qu for detecting & reporting the issue + +CVE: CVE-2026-41254 +Upstream-Status: Backport [https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc] +Signed-off-by: Gyorgy Sarvari +--- + src/cmslut.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/cmslut.c b/src/cmslut.c +index b245209..c1dbb32 100644 +--- a/src/cmslut.c ++++ b/src/cmslut.c +@@ -468,12 +468,12 @@ cmsUInt32Number CubeSize(const cmsUInt32Number Dims[], cmsUInt32Number b) + for (rv = 1; b > 0; b--) { + + dim = Dims[b-1]; +- if (dim <= 1) return 0; // Error +- +- rv *= dim; ++ if (dim <= 1) return 0; + + // Check for overflow + if (rv > UINT_MAX / dim) return 0; ++ ++ rv *= dim; + } + + // Again, prevent overflow diff --git a/meta-oe/recipes-support/lcms/lcms_2.18.bb b/meta-oe/recipes-support/lcms/lcms_2.18.bb index 79e4a6f694..1ff3b3908f 100644 --- a/meta-oe/recipes-support/lcms/lcms_2.18.bb +++ b/meta-oe/recipes-support/lcms/lcms_2.18.bb @@ -3,7 +3,10 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=e9ce323c4b71c943a785db90142b228a" -SRC_URI = "${SOURCEFORGE_MIRROR}/lcms/lcms2-${PV}.tar.gz" +SRC_URI = "${SOURCEFORGE_MIRROR}/lcms/lcms2-${PV}.tar.gz \ + file://CVE-2026-41254_1.patch \ + file://CVE-2026-41254_2.patch \ + " SRC_URI[sha256sum] = "ee67be3566f459362c1ee094fde2c159d33fa0390aa4ed5f5af676f9e5004347" DEPENDS = "tiff" From patchwork Mon Apr 20 06:27:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86429 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F6F2F36C30 for ; Mon, 20 Apr 2026 06:28:05 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13766.1776666478275559751 for ; Sun, 19 Apr 2026 23:27:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=cUD/ZgzF; spf=pass (domain: gmail.com, ip: 209.85.128.53, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-4890d945eb4so5711825e9.0 for ; Sun, 19 Apr 2026 23:27:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666477; x=1777271277; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=wQHUcmycMtUB9LAdI3eVmQYRc/AZ64IKq41+RFPSAW8=; b=cUD/ZgzFgMDthoP+eAF5CK1fmLkprneiCAcFSk7bElg/cTwxKo4mC2djubiMpin+Ud W3+mB8Ntee6gcPWoUG76vMsIVTHD/WJS3JRXUdgCFuKjMDE5UkRg5K/7mKNxjDILC3X2 G9zsdLeeSGtROc9+1DNi0/0Y5h5SN7qufIDjOhmTZs2blQi4GUsqEvqdJJSUpcXj6wod vxeSIbGRntj9BISONULY/x2mHwlXJ/0tKRM1I2V1E2FbdFcMjJ1fifRQOCkzoAJ0bGoG 51SOD0D7zSVa4BnjN7r6mtNmok/Zy4rX/v3HWwXq1WjW2iMMGOPyNIKf/dMTzKuwT00X u5Rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666477; x=1777271277; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=wQHUcmycMtUB9LAdI3eVmQYRc/AZ64IKq41+RFPSAW8=; b=Eqfu9IDVeP9yPHLqHaarHOzIzAJhluGxr1nXcpT7P4n/6tlF25lXUI26UfsL+armAH 5LvP9+iIMHYtK44JDEfLJYscO/fAwkPcv8fJvIS1zk0GRd0Ih4gLHS6LnNqXwmrtjxnz ayy5Pw8enV44i+r8uSduyhjN+gcYgA15gKEMo4LzGOyPjhI2vcfWfzQBM6nAJ2a6QKlz zEz4iWMe/ICxLCG2L3tg6ZgSUGtMs5JqgTjnvLl2VHs7CSpLxK3RIdg4Bs1vnRU1ByES wfk0ZJM19x+/6e9g0Xq66gt0CfEbbawu7sIRQiIjoJnhqX8sJyc1vNptRJhlsZWn2WSO rMyg== X-Gm-Message-State: AOJu0Yx4/NV+/TtznLoHPzz2dHzk26Rhftami9Ul6gSO0C2btC35qKvZ Irv3rbbo8wQBZlcPfTIh3nDssC06NCVwTbGQnQtMegVXhgAZaiJC3kRWlnAdiw== X-Gm-Gg: AeBDiesERa51sLsOkv/1swn6ysHr+c2v20C04LpN64TvHcxjIDCqU0ZS5EO3/4ytGV8 SL9XJ99p4qisak7u+uvz/WcAatVSRjRiNA81qAQ3ssw9Gizfc+fmuRWQQ1QJK16cMnqmNA7cW1H Gct1peVnLNQ97NqUGWSOKL9FkvTT2cBLCN+v8Uf23Vqx+weHDMcpo+w0APNcqnJsdYQpaiLpkRd hhqUMUbvnpk24R3PA1OQN4HdWDA0CsGOZdKkjQ7lM5x8Y8N3OMyu37ehC+YWprDd8Z8udL2REQJ l90Mba9kdjH9UjWoOUNuTm6JBgo4p1pgK72t5vj3FjiKQIDAjIfT62KQl1904TKV+HstnJ4FHJu a5tAQ/oRIxa8IAqENrbne6ZPrHtLRJ+zjMIyx6xPFJmDQaPxwff6QWpFYaT/WONKia8gk416ST8 1j6b0WGyvsq4VjMUu4T5f5P5qrHyNq9edNx3zcv9Cubg== X-Received: by 2002:a05:600c:33a4:b0:489:1abb:5559 with SMTP id 5b1f17b1804b1-4891abb574amr26339465e9.5.1776666476504; Sun, 19 Apr 2026 23:27:56 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.27.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:27:56 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-networking][PATCH 07/17] libcoap: upgrade 4.3.5a -> 4.3.5b Date: Mon, 20 Apr 2026 08:27:39 +0200 Message-ID: <20260420062750.3795917-7-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126471 Contains fix fox CVE-2026-29013 Shortlog: https://github.com/obgm/libcoap/compare/v4.3.5a...v4.3.5b Signed-off-by: Gyorgy Sarvari --- .../libcoap/{libcoap_4.3.5a.bb => libcoap_4.3.5b.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-devtools/libcoap/{libcoap_4.3.5a.bb => libcoap_4.3.5b.bb} (97%) diff --git a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5b.bb similarity index 97% rename from meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb rename to meta-networking/recipes-devtools/libcoap/libcoap_4.3.5b.bb index 611795e17d..e7279013ed 100644 --- a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb +++ b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5b.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=05d17535846895e23ea4c79b16a9e904" SRC_URI = "git://github.com/obgm/libcoap.git;branch=release-4.3.5-patches;protocol=https;tag=v${PV} \ file://run-ptest \ " -SRCREV = "e3fdcdcfbd1588754fe9dd4b754ac9397260f0f9" +SRCREV = "851533c3cf63d16984d370ce39d586ecb3694971" # patch releases often use alphabetical suffixes CVE_VERSION_SUFFIX = "alphabetical" From patchwork Mon Apr 20 06:27:40 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86428 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 533E1F36C2E for ; Mon, 20 Apr 2026 06:28:05 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13767.1776666479082271252 for ; Sun, 19 Apr 2026 23:27:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=AohQ49qR; spf=pass (domain: gmail.com, ip: 209.85.128.49, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-488af96f6b2so34263205e9.0 for ; Sun, 19 Apr 2026 23:27:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666477; x=1777271277; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Q36sJyRUFm3zAz/bRjdOc+bvd5Yl3OV5aZxJCB6nbmg=; b=AohQ49qRkBdr57S+3Nun9TtyP1D+UOBIvdW35b+xikRi48dhq/97NkiFpU+Sphypx7 VotBYLu4YF9l68cDQ949S+bGunYOnQpnRRXXTkDWDsv9GSK+AWE6TZzyagkn/+FqbNaK eN38w0BreOtPdZCjIiVPXOjiY9hDMJB1EuL+7iJq+GT6xnVu9p/nPJomy/Qpf5eRWcNx NzFuP2VDrWTFQDSfPcyyk/ezMg0XmepO0K3w9dV53sLP2fejASAnnro7BlUAlX79/8kK n/+GGERMPdYN31EAbyNxGmhyTcaEACqy3QZOgYTXoQW3D4scf3rCOoQ3+ToBb376zAUS rOkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666477; x=1777271277; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Q36sJyRUFm3zAz/bRjdOc+bvd5Yl3OV5aZxJCB6nbmg=; b=kszbp3il4hi1IVHijhfMfeKBCj21rp2rokFAJs193ZE0JV5fn01K2YU9TTIpKridaU 8FkOy0E3cZZykdZsfDknv6LI6yvO7qE9lm5n3lnfNwVOyjM0poOehnPQ2egO6P/45Yn1 uM/n/UGiuXQxtSoBNthdECRW5oybhLIrCOTc+Te0/NsZDbiOT8RWABlzrjdIT/dt7VEd 2uDtJgxdyt817KUYxpKS5rYkKyRepjEGjWSj7D/DX52JMuqnyK1G5z/AOzSZgbkXkkTe FWJkPKxyCV+2ebvim+1PbCmjK2FdF/TyzT2IkmTQSlvr2/u/hGVqLWbP3SpKN/EAXNm8 RNDw== X-Gm-Message-State: AOJu0Yy83U6CDKp3DBomImfEZyBAfs6vJAtPNI/SPTh5vrij//dKgMw2 YBhV2eVQgUCTPXQwUOx8WBph5zozlMtAl/Ly3UDVDX5H7khViHuCZt3wTx2S2w== X-Gm-Gg: AeBDievfZn0pjy8ob89XuVIqJZUWVA2gc7VkrM+dv5z1zKjFwDS3HsndyqiIZNcGCNm 7EE5tZ11T/pTakfO+AIZNi3JmvUpAQe7u5+0iwxDhk7NbFTuzez/MSRmTAyri3bSKAD2M/FGFfV u5LdpHvc4jDyLKi8Xq/ANGgiXZMHR+xyk4ifKNqWt/CtZqSXm+KSeaxcpp1vcSsGxH6XOgxF9pn xvRo7CAHyQCN4rahkGkcNlcI3EaCDgbR0Wx/B7xClHHxt/3cJx/Iz1b5PlkwqpSTy5mK1sa/d7k WKpAryY5U+1KGUKStLU2I5JnaDbfuekAchxy/LDukUXMAIEJ/rqWfAVM3Fu8t6eLWsFjPQK56oG O9mqfA3vj5Od8KD9dhZSn5u5gpybbv4CNL5bXuqgaYWFfGIPgqkqshRFyGohlVTnHxbDuvwRUVW sVvj44WJy2iX0rWNVC0RJpTs48wmfu6+c= X-Received: by 2002:a05:600c:8483:b0:488:7ff6:1f75 with SMTP id 5b1f17b1804b1-488fb782d91mr171288265e9.21.1776666477248; Sun, 19 Apr 2026 23:27:57 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.27.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:27:56 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 08/17] gphoto2: upgrade 2.5.28 -> 2.5.32 Date: Mon, 20 Apr 2026 08:27:40 +0200 Message-ID: <20260420062750.3795917-8-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126472 Drop patches that were merged in this release. Changelog: - --get-exif , --get-all-exif added - --reverse modifier option added for fileoperations commands - kill -USR2 can now stop --capture-movie - updated translations Signed-off-by: Gyorgy Sarvari --- ...ototypes-of-callbacks-with-libgphoto.patch | 50 ------------------- ...figure-Filter-out-buildpaths-from-CC.patch | 8 +-- ...01-configure.ac-remove-AM_PO_SUBDIRS.patch | 8 +-- ...thread_t-abstract-type-for-thead-IDs.patch | 39 --------------- .../{gphoto2_2.5.28.bb => gphoto2_2.5.32.bb} | 4 +- 5 files changed, 9 insertions(+), 100 deletions(-) delete mode 100644 meta-oe/recipes-graphics/gphoto2/gphoto2/0001-Match-prototypes-of-callbacks-with-libgphoto.patch delete mode 100644 meta-oe/recipes-graphics/gphoto2/gphoto2/0001-gphoto2-Use-pthread_t-abstract-type-for-thead-IDs.patch rename meta-oe/recipes-graphics/gphoto2/{gphoto2_2.5.28.bb => gphoto2_2.5.32.bb} (70%) diff --git a/meta-oe/recipes-graphics/gphoto2/gphoto2/0001-Match-prototypes-of-callbacks-with-libgphoto.patch b/meta-oe/recipes-graphics/gphoto2/gphoto2/0001-Match-prototypes-of-callbacks-with-libgphoto.patch deleted file mode 100644 index e0c3de469a..0000000000 --- a/meta-oe/recipes-graphics/gphoto2/gphoto2/0001-Match-prototypes-of-callbacks-with-libgphoto.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 366930ccc1a261c3eb883da2bf3c655162ccd75f Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Wed, 1 Mar 2023 22:58:37 -0800 -Subject: [PATCH] Match prototypes of callbacks with libgphoto - -In https://github.com/gphoto/gphoto2/pull/535/commits/ccc4c1f092bd21ebc713f4d7b9be85be49f92f1e -we tried to fix by using pthread_t but it also needs to make changes in -libgphoto and these changes can be invasive, therefore lets revert to -older types and to fix musl problem fix it via type casts - -Upstream-Status: Backport [https://github.com/gphoto/gphoto2/pull/569] -Signed-off-by: Khem Raj ---- - gphoto2/main.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/gphoto2/main.c b/gphoto2/main.c -index 0dac947..cd3c990 100644 ---- a/gphoto2/main.c -+++ b/gphoto2/main.c -@@ -1198,7 +1198,7 @@ thread_func (void *data) - pthread_cleanup_pop (1); - } - --static pthread_t -+static unsigned int - start_timeout_func (Camera *camera, unsigned int timeout, - CameraTimeoutFunc func, void __unused__ *data) - { -@@ -1215,14 +1215,14 @@ start_timeout_func (Camera *camera, unsigned int timeout, - - pthread_create (&tid, NULL, thread_func, td); - -- return (tid); -+ return (unsigned int)tid; - } - - static void --stop_timeout_func (Camera __unused__ *camera, pthread_t id, -+stop_timeout_func (Camera __unused__ *camera, unsigned int id, - void __unused__ *data) - { -- pthread_t tid = id; -+ pthread_t tid = (pthread_t)id; - - pthread_cancel (tid); - pthread_join (tid, NULL); --- -2.39.2 - diff --git a/meta-oe/recipes-graphics/gphoto2/gphoto2/0001-configure-Filter-out-buildpaths-from-CC.patch b/meta-oe/recipes-graphics/gphoto2/gphoto2/0001-configure-Filter-out-buildpaths-from-CC.patch index 3d54d58e18..bd916e339a 100644 --- a/meta-oe/recipes-graphics/gphoto2/gphoto2/0001-configure-Filter-out-buildpaths-from-CC.patch +++ b/meta-oe/recipes-graphics/gphoto2/gphoto2/0001-configure-Filter-out-buildpaths-from-CC.patch @@ -14,13 +14,13 @@ Signed-off-by: Khem Raj --- a/configure.ac +++ b/configure.ac @@ -26,7 +26,9 @@ AC_PROG_INSTALL - AC_SYS_LARGEFILE + ]) - GP_CONFIG_MSG([Compiler],[${CC}]) --AC_DEFINE_UNQUOTED([HAVE_CC],"$CC",[The C compiler we're using]) + GP_CONFIG_MSG([Compiler], [${CC}]) +-AC_DEFINE_UNQUOTED([HAVE_CC], ["$CC"], [The C compiler we are using]) +CC_NO_SYSROOT=`echo $CC | sed -e \ + 's|--sysroot=.*\b||g'` -+AC_DEFINE_UNQUOTED([HAVE_CC], ["$CC_NO_SYSROOT"], [The C compiler we're using]) ++AC_DEFINE_UNQUOTED([HAVE_CC], ["$CC_NO_SYSROOT"], [The C compiler we are using]) dnl AC_STRUCT_TIMEZONE diff --git a/meta-oe/recipes-graphics/gphoto2/gphoto2/0001-configure.ac-remove-AM_PO_SUBDIRS.patch b/meta-oe/recipes-graphics/gphoto2/gphoto2/0001-configure.ac-remove-AM_PO_SUBDIRS.patch index 14976ffb72..358dbbb51a 100644 --- a/meta-oe/recipes-graphics/gphoto2/gphoto2/0001-configure.ac-remove-AM_PO_SUBDIRS.patch +++ b/meta-oe/recipes-graphics/gphoto2/gphoto2/0001-configure.ac-remove-AM_PO_SUBDIRS.patch @@ -14,10 +14,10 @@ Upstream-Status: Pending --- a/configure.ac +++ b/configure.ac @@ -46,7 +46,6 @@ dnl i18n support - dnl --------------------------------------------------------------------------- - GP_GETTEXT_HACK([],[Lutz Müller and others],[${MAIL_GPHOTO_TRANSLATION}]) - ALL_LINGUAS="az cs da de en_GB es eu fi fr hu id is it ja nl pa pl pt_BR ro ru rw sk sr sv uk vi zh_CN zh_TW" + GP_GETTEXT_SETUP([GETTEXT_PACKAGE_GPHOTO2], + [gphoto2], + [po]) -AM_PO_SUBDIRS() - AM_GNU_GETTEXT_VERSION([0.14.1]) + AM_GNU_GETTEXT_VERSION([0.19.1]) AM_GNU_GETTEXT([external]) AM_ICONV() diff --git a/meta-oe/recipes-graphics/gphoto2/gphoto2/0001-gphoto2-Use-pthread_t-abstract-type-for-thead-IDs.patch b/meta-oe/recipes-graphics/gphoto2/gphoto2/0001-gphoto2-Use-pthread_t-abstract-type-for-thead-IDs.patch deleted file mode 100644 index a27c02cefc..0000000000 --- a/meta-oe/recipes-graphics/gphoto2/gphoto2/0001-gphoto2-Use-pthread_t-abstract-type-for-thead-IDs.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 23c67e93e51f700d0aeecfc08277e39f51201fc3 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Fri, 2 Sep 2022 12:59:46 -0700 -Subject: [PATCH] gphoto2: Use pthread_t abstract type for thead IDs - -This is not a plain old datatype in every libc, e.g. with musl this -would fail in type conversion - -Upstream-Status: Submitted [https://github.com/gphoto/gphoto2/pull/535] -Signed-off-by: Khem Raj ---- - gphoto2/main.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/gphoto2/main.c b/gphoto2/main.c -index 2bf5964..9a6b05d 100644 ---- a/gphoto2/main.c -+++ b/gphoto2/main.c -@@ -1198,7 +1198,7 @@ thread_func (void *data) - pthread_cleanup_pop (1); - } - --static unsigned int -+static pthread_t - start_timeout_func (Camera *camera, unsigned int timeout, - CameraTimeoutFunc func, void __unused__ *data) - { -@@ -1219,7 +1219,7 @@ start_timeout_func (Camera *camera, unsigned int timeout, - } - - static void --stop_timeout_func (Camera __unused__ *camera, unsigned int id, -+stop_timeout_func (Camera __unused__ *camera, pthread_t id, - void __unused__ *data) - { - pthread_t tid = id; --- -2.37.3 - diff --git a/meta-oe/recipes-graphics/gphoto2/gphoto2_2.5.28.bb b/meta-oe/recipes-graphics/gphoto2/gphoto2_2.5.32.bb similarity index 70% rename from meta-oe/recipes-graphics/gphoto2/gphoto2_2.5.28.bb rename to meta-oe/recipes-graphics/gphoto2/gphoto2_2.5.32.bb index 40409ed388..e5e7c6926f 100644 --- a/meta-oe/recipes-graphics/gphoto2/gphoto2_2.5.28.bb +++ b/meta-oe/recipes-graphics/gphoto2/gphoto2_2.5.32.bb @@ -8,11 +8,9 @@ RDEPENDS:gphoto2 = "libgphoto2" SRC_URI = "${SOURCEFORGE_MIRROR}/gphoto/${BP}.tar.bz2;name=gphoto2 \ file://0001-configure.ac-remove-AM_PO_SUBDIRS.patch \ - file://0001-gphoto2-Use-pthread_t-abstract-type-for-thead-IDs.patch \ - file://0001-Match-prototypes-of-callbacks-with-libgphoto.patch \ file://0001-configure-Filter-out-buildpaths-from-CC.patch \ " -SRC_URI[gphoto2.sha256sum] = "2a648dcdf12da19e208255df4ebed3e7d2a02f905be4165f2443c984cf887375" +SRC_URI[gphoto2.sha256sum] = "4e379a0f12f72b49ee5ee2283ffd806b5d12d099939d75197a3f4bbc7f27a1a1" inherit autotools pkgconfig gettext From patchwork Mon Apr 20 06:27:41 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86427 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 44B6AF36C2C for ; Mon, 20 Apr 2026 06:28:05 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13768.1776666479906221611 for ; Sun, 19 Apr 2026 23:28:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=fvUk08eU; spf=pass (domain: gmail.com, ip: 209.85.128.44, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-488b150559bso19872445e9.1 for ; Sun, 19 Apr 2026 23:27:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666478; x=1777271278; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=xp7J3G5SP2J9RSyEitHxEKvw5YHRjbcgqszFPRGpSeQ=; b=fvUk08eULvwfbzTdDMkKh8Sz1g5nF8cdGK0bjAV24qpd6rhjJuHUd7zLZpB8aKD+HY 3F51ZTJkjXoFVIs4n5eFrKSKPt96ZGT5zXX466mCZ/Q29cZPbxDNAY5rK5l873dSNfVk 6OENh8AJDB4ZFwT+V0hLgjkZaIBa+tIaJNVGzWEqbrhzv6zFY/hNlF/XMgowVIp9ieDu Uut06sU8rL3mzGWM5XogsfHsNZL6P6b17pwpZjHZke7s7Pk5NmbVF+VVJcdOuCQXWOxQ BwVnxe4cJHQFk2OmkfNPDIH9nqUY1YDibbwAaXCpZTCaT6pZ3j0K1j2qUukFp/AdCZ34 0jYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666478; x=1777271278; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=xp7J3G5SP2J9RSyEitHxEKvw5YHRjbcgqszFPRGpSeQ=; b=l1JcJhreuN/ULCv6GEqrOx3OpIVuzb+yDyiBia7GI9sJx6Fy8B4hn2khBXMgJ+1MgN USDmN0yUuZINVXFEciV4WaA67P4ybEfTLg1UW+Zk/AV2VsYGK3eoPS0sJKgD9IwvaieT iLFgV0JKVES7ibZ2Q6B6206t+8rgYq/EM0IFexedAptf/zY8tDidNmxyX9OuWYxLipaM b8VRrRmJsGzPuSEW59iAqdL/L4XQqKRAL91iyWbHjfAuJDRW6RlR1ICkOnR6xlGU4722 9rGBUjissKRCxcq2z2gMlgKysv4EEugbMnrSrl9ztuWoGl70LiKUIVVzVcbsaz+TZHUw AKqQ== X-Gm-Message-State: AOJu0YyUGlhNKdCvbU0idoAqZzVasKHzDV5bv/PqC2fjePGfn5N6gACL CloGAO2SMPqWUI/8lhLqvKgZ1J+NoDps6Zq06NURRznYuepIlqg8KpDYrzxqyQ== X-Gm-Gg: AeBDieuma99mcTpB+GsnSm9ViCRmYUmyFiMFJg9sWJI/5hloSpfvL0St5+3GrMMtLWM czn1RCEP1zPDSqvS/9bCnGGJMqI2fEahQvycdpjI/jPWTvP8OjELN1f+xay14U2WxND1QiXzDZy z0ILb46JhEv9DUDc5vpdEWBH03kciPUN6FGuYGXKDmTrhPvRsNUYlKDDGKDzFMSJ5RnDk7lk3kq gPO5nbsapg6jcwcCx5JVCVBRBNKFGkeYEMF5XkzVulRFejvYlOclZwcK2w8XQ+xpDCJGaizLhgG yrJl6EWzjfB8OgE7XLF8FvKQAPbXXTermh0A7T5g53AwCiyEIRHGBwfyNWrFA5AZ9QO/+9L3oT7 Lp/XuAvp2QSelsZY87P1+uv8z/zKyViwfoD6NTZxYWD4IGMIduIQmaY7XU3vRvQFpsVUNXwJwXO bRDz5TLmTXpLsXj1pJrMrlycnwPCdTLgU1XzQHENNuFA== X-Received: by 2002:a05:600c:4818:b0:489:1c5f:3a9e with SMTP id 5b1f17b1804b1-4891c5f3cc1mr19779315e9.13.1776666478064; Sun, 19 Apr 2026 23:27:58 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.27.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:27:57 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 09/17] libgphoto2: patch CVE-2026-40333 Date: Mon, 20 Apr 2026 08:27:41 +0200 Message-ID: <20260420062750.3795917-9-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126473 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40333 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../gphoto2/libgphoto2/CVE-2026-40333.patch | 150 ++++++++++++++++++ .../gphoto2/libgphoto2_2.5.33.bb | 5 +- 2 files changed, 153 insertions(+), 2 deletions(-) create mode 100644 meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40333.patch diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40333.patch b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40333.patch new file mode 100644 index 0000000000..77c307e88d --- /dev/null +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40333.patch @@ -0,0 +1,150 @@ +From 8fefd2da7b9e2c7c448086cd251b108c0ebf1262 Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Wed, 8 Apr 2026 15:18:42 +0200 +Subject: [PATCH] Fixed EOS ImageFormat/CustomFuncEx Parsers Lack Length + Parameter +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +ptp_unpack_EOS_ImageFormat() and ptp_unpack_EOS_CustomFuncEx() accept +const unsigned char** data but no length/size parameter. They perform +unbounded reads via dtoh32o calls (up to 36 bytes for ImageFormat, +up to 1024 bytes for CustomFuncEx). Callers in ptp_unpack_EOS_events() +have xsize available but never pass it. + + CVE-2026-40333 + +Reported-By: Sebastián Alba + +CVE: CVE-2026-40333 +Upstream-Status: Backport [https://github.com/gphoto/libgphoto2/commit/1817ecead20c2aafa7549dac9619fe38f47b2f53] +Signed-off-by: Gyorgy Sarvari +--- + camlibs/ptp2/ptp-pack.c | 53 ++++++++++++++++++++++++++++++++++------- + 1 file changed, 44 insertions(+), 9 deletions(-) + +diff --git a/camlibs/ptp2/ptp-pack.c b/camlibs/ptp2/ptp-pack.c +index 09421b7..09dcc24 100644 +--- a/camlibs/ptp2/ptp-pack.c ++++ b/camlibs/ptp2/ptp-pack.c +@@ -1448,7 +1448,7 @@ ptp_unpack_Canon_EOS_FE (PTPParams *params, const unsigned char* data, unsigned + + + static inline uint16_t +-ptp_unpack_EOS_ImageFormat (PTPParams* params, const unsigned char** data ) ++ptp_unpack_EOS_ImageFormat (PTPParams* params, const unsigned char** data, unsigned int *size ) + { + /* + EOS ImageFormat entries look are a sequence of u32 values: +@@ -1492,30 +1492,57 @@ ptp_unpack_EOS_ImageFormat (PTPParams* params, const unsigned char** data ) + + const uint8_t* d = *data; + uint32_t offset = 0; +- uint32_t n = dtoh32o (d, offset); ++ uint32_t n; + uint32_t l, t1, s1, c1, t2 = 0, s2 = 0, c2 = 0; + ++ if (*size < sizeof(uint32_t)) { ++ ptp_debug (params, "parsing EOS ImageFormat property failed 1 (size %d)", *size); ++ return 0; ++ } ++ n = dtoh32o (d, offset); ++ *size -= sizeof(uint32_t); ++ + if (n != 1 && n !=2) { + ptp_debug (params, "parsing EOS ImageFormat property failed (n != 1 && n != 2: %d)", n); + return 0; + } +- ++ if (*size < sizeof(uint32_t)) { ++ ptp_debug (params, "parsing EOS ImageFormat property failed 2 (size %d)", *size); ++ return 0; ++ } + l = dtoh32o (d, offset); ++ *size -= sizeof(uint32_t); ++ + if (l != 0x10) { + ptp_debug (params, "parsing EOS ImageFormat property failed (l != 0x10: 0x%x)", l); + return 0; + } + ++ if (*size < 3*sizeof(uint32_t)) { ++ ptp_debug (params, "parsing EOS ImageFormat property failed 3 (size %d)", *size); ++ return 0; ++ } + t1 = dtoh32o (d, offset); + s1 = dtoh32o (d, offset); + c1 = dtoh32o (d, offset); ++ *size -= 3*sizeof(uint32_t); + + if (n == 2) { ++ if (*size < sizeof(uint32_t)) { ++ ptp_debug (params, "parsing EOS ImageFormat property failed 4 (size %d)", *size); ++ return 0; ++ } + l = dtoh32o (d, offset); ++ *size -= sizeof(uint32_t); ++ + if (l != 0x10) { + ptp_debug (params, "parsing EOS ImageFormat property failed (l != 0x10: 0x%x)", l); + return 0; + } ++ if (*size < 3*sizeof(uint32_t)) { ++ ptp_debug (params, "parsing EOS ImageFormat property failed 5 (size %d)", *size); ++ return 0; ++ } + t2 = dtoh32o (d, offset); + s2 = dtoh32o (d, offset); + c2 = dtoh32o (d, offset); +@@ -1668,12 +1695,20 @@ ptp_unpack_EOS_FocusInfoEx (PTPParams* params, const unsigned char** data, uint3 + + + static inline char* +-ptp_unpack_EOS_CustomFuncEx (PTPParams* params, const unsigned char** data ) ++ptp_unpack_EOS_CustomFuncEx (PTPParams* params, const unsigned char** data, unsigned int *size ) + { +- uint32_t s = dtoh32a( *data ); +- uint32_t n = s/4, i; ++ uint32_t s, n, i; + char *str, *p; + ++ if (*size < sizeof(uint32_t)) ++ return strdup("bad length"); ++ ++ s = dtoh32a( *data ); ++ n = s/4; ++ ++ if (*size < 4+s) ++ return strdup("bad length"); ++ + if (s > 1024) { + ptp_debug (params, "customfuncex data is larger than 1k / %d... unexpected?", s); + return strdup("bad length"); +@@ -1962,7 +1997,7 @@ ptp_unpack_EOS_events (PTPParams *params, const unsigned char* data, unsigned in + case PTP_DPC_CANON_EOS_ImageFormatExtHD: + /* special handling of ImageFormat properties */ + for (j=0;jFORM.Enum.SupportedValue[j].u16 = ptp_unpack_EOS_ImageFormat( params, &xdata ); ++ dpd->FORM.Enum.SupportedValue[j].u16 = ptp_unpack_EOS_ImageFormat( params, &xdata, &xsize ); + ptp_debug (params, INDENT "prop %x option[%2d] == 0x%04x", dpc, j, dpd->FORM.Enum.SupportedValue[j].u16); + } + break; +@@ -2267,7 +2302,7 @@ ptp_unpack_EOS_events (PTPParams *params, const unsigned char* data, unsigned in + case PTP_DPC_CANON_EOS_ImageFormatSD: + case PTP_DPC_CANON_EOS_ImageFormatExtHD: + dpd->DataType = PTP_DTC_UINT16; +- dpd->DefaultValue.u16 = ptp_unpack_EOS_ImageFormat( params, &xdata ); ++ dpd->DefaultValue.u16 = ptp_unpack_EOS_ImageFormat( params, &xdata, &xsize ); + dpd->CurrentValue.u16 = dpd->DefaultValue.u16; + ptp_debug (params, INDENT "prop %x value == 0x%04x (u16)", dpc, dpd->CurrentValue.u16); + break; +@@ -2275,7 +2310,7 @@ ptp_unpack_EOS_events (PTPParams *params, const unsigned char* data, unsigned in + dpd->DataType = PTP_DTC_STR; + free (dpd->DefaultValue.str); + free (dpd->CurrentValue.str); +- dpd->DefaultValue.str = ptp_unpack_EOS_CustomFuncEx( params, &xdata ); ++ dpd->DefaultValue.str = ptp_unpack_EOS_CustomFuncEx( params, &xdata, &xsize ); + dpd->CurrentValue.str = strdup( (char*)dpd->DefaultValue.str ); + ptp_debug (params, INDENT "prop %x value == %s", dpc, dpd->CurrentValue.str); + break; diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb index 3644bd9bf4..ac7892151f 100644 --- a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb @@ -12,8 +12,9 @@ DEPENDS = "libtool jpeg virtual/libusb0 libexif zlib libxml2" SRC_URI = "${SOURCEFORGE_MIRROR}/gphoto/${BP}.tar.xz;name=libgphoto2 \ file://40-libgphoto2.rules \ file://0001-configure-Filter-out-buildpaths-from-CC.patch \ - file://0001-libgphoto2-fix-const-correctness-for-c23-builds.patch \ -" + file://0001-libgphoto2-fix-const-correctness-for-c23-builds.patch \ + file://CVE-2026-40333.patch \ + " SRC_URI[libgphoto2.sha256sum] = "28825f767a85544cb58f6e15028f8e53a5bb37a62148b3f1708b524781c3bef2" UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/gphoto/files/libgphoto/" From patchwork Mon Apr 20 06:27:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86425 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 386A3F36C2A for ; Mon, 20 Apr 2026 06:28:05 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.14177.1776666480458192286 for ; Sun, 19 Apr 2026 23:28:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=EL1b8KR6; spf=pass (domain: gmail.com, ip: 209.85.128.52, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-4891c00e7aeso4550165e9.2 for ; Sun, 19 Apr 2026 23:28:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666479; x=1777271279; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=dzOWvUF/pAuha6IVGQw4W6Vok7soPfsFyhj867knzlg=; b=EL1b8KR63YJcscFiEh4V84tReRJAFjmJbtZ9btrf7NkynTdwgWA675o1RGyK1YZspA XtnbrlW/BtM7YmtNGvCwNykvJyBzLc98VmJbytFZqTccUDhQnHI8O+uNvhebVyEYmvIr lg0gd3ifH8bPruP09AxVyLdMwUlYQU8x6Gt45XetsnqxrcsPiR9RVINGSXNVSgcM3r0M DgyAp5lGL65X0yM81XB7yJQ6Wn07dLzW+pUDerxL50v28g+po1UmOkJzVUekt4OwEB9p ygduIkNcxSsRRqAl62KEyF/pykRcaHM4wZ244pEWbylqOA+RfQEW8EOb88fG/2mLDY/q 85QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666479; x=1777271279; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=dzOWvUF/pAuha6IVGQw4W6Vok7soPfsFyhj867knzlg=; b=CAFrAkHX5+Jit9XFh6lFrJwGeXegwtEP4APYKPIT+dl25jyndqXrDp1M6Kd/MRjaQE ZmL/C4q71d65YZSbnN7oRuki+5H/fNvncBcH8ysn389WWMRyxmum1pDzTSSMvRfhDFw8 cxbXPB0vQdevUclXBc3qBCT3ni4tMmTtPFr2aIRB5s8RMxqhkqASmXn8wV5d41eCg64a /PImhNOVA3LLbOTuLcunHGiUYosoRjjp1lO9rYQtggKpB/mlR2H74VvbZ1S5+0LXuBG/ cL5Y4XzkkT8DUWESguYG98ESObqe3H5J7S4w7l0jtVA0sSgqmCnICdxKo3tr2isxxExh 1U0Q== X-Gm-Message-State: AOJu0YxmM2oft3Ceu4Y8PIgY6rGAkU5YHA8lMuP+TFfoCahNWrooPpzD G7N7XOaW71h9kfKrqISPsMSyOa1KcZrNdxeJOdpbEhzhJsCTg9btkDPKfwNvzg== X-Gm-Gg: AeBDietRQLW9FIYGo1fMduLWt2gWYhSkqMuMIQAva9T2rZX0ZXVI/GrGJm4t9g3TKAY HZQaV4r2kdF6OKWroS7YC4Ogui9KFoPQA3QehfNyhsQwGdTHy/6R1Q2Uxqu5m+T+01CM63dnG8Z qVkqJpj+dFGd4CCRkqgtdVb7OZ4Rib1U8Tm8j/L9E+gwGh75jIdtYBe/yYb/NzaRW+PmAIRt6iy EeN9YupcOsS/+yZruO6cNtEeGXZMuGmiGfOgutUFE/cVvJEvJTqXzr3g9CtCLi6AmZOYlrIRq0O p0ptGYqn66jcuakXmTSKy7UHSS0SrhiFrS8s47nBCoxg/I+hnVoW92niH/KvbfXf8Btoz0OTrFH g5iX8ys4BLG2816oedr1H4Wq/8Pm04IEKTjobhfu8yO3vDwrGqerCI0Pe5fTI13FAcwEE+tcBc9 3ufcMZOYwybLMtiEDuaWJlRNyG3msNobY= X-Received: by 2002:a05:600c:450c:b0:487:55c:e0c1 with SMTP id 5b1f17b1804b1-488fb768816mr170126255e9.14.1776666478781; Sun, 19 Apr 2026 23:27:58 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.27.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:27:58 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 10/17] libgphoto2: patch CVE-2026-40334 Date: Mon, 20 Apr 2026 08:27:42 +0200 Message-ID: <20260420062750.3795917-10-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126474 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40334 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../gphoto2/libgphoto2/CVE-2026-40334.patch | 37 +++++++++++++++++++ .../gphoto2/libgphoto2_2.5.33.bb | 1 + 2 files changed, 38 insertions(+) create mode 100644 meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40334.patch diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40334.patch b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40334.patch new file mode 100644 index 0000000000..883582dff0 --- /dev/null +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40334.patch @@ -0,0 +1,37 @@ +From 20b33a26b2efdbf2c35c5cacc54a041855ec764b Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Wed, 8 Apr 2026 15:15:54 +0200 +Subject: [PATCH] Fixed Canon FolderEntry Missing Null Termination +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +ptp_unpack_Canon_FE() copies filename with strncpy into a 13-byte +buffer without explicit null termination. The EOS variant at line +1451–1452 correctly adds fe->Filename[PTP_CANON_FilenameBufferLen-1] += 0; confirming this was recognized as necessary but not applied to the +original Canon path. + + CVE-2026-40334 + +Reported-By: Sebastián Alba + +CVE: CVE-2026-40334 +Upstream-Status: Backport [https://github.com/gphoto/libgphoto2/commit/259fc7d3bfe534ce4b114c464f55b448670ab873] +Signed-off-by: Gyorgy Sarvari +--- + camlibs/ptp2/ptp-pack.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/camlibs/ptp2/ptp-pack.c b/camlibs/ptp2/ptp-pack.c +index 09dcc24..982b4f4 100644 +--- a/camlibs/ptp2/ptp-pack.c ++++ b/camlibs/ptp2/ptp-pack.c +@@ -1369,6 +1369,7 @@ ptp_unpack_Canon_FE (PTPParams *params, const unsigned char* data, PTPCANONFolde + fe->ObjectSize = dtoh32a(data + PTP_cfe_ObjectSize); + fe->Time = (time_t)dtoh32a(data + PTP_cfe_Time); + strncpy(fe->Filename, (char*)data + PTP_cfe_Filename, PTP_CANON_FilenameBufferLen); ++ fe->Filename[PTP_CANON_FilenameBufferLen-1] = '\0'; + } + + /* diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb index ac7892151f..e8e56171a1 100644 --- a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb @@ -14,6 +14,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/gphoto/${BP}.tar.xz;name=libgphoto2 \ file://0001-configure-Filter-out-buildpaths-from-CC.patch \ file://0001-libgphoto2-fix-const-correctness-for-c23-builds.patch \ file://CVE-2026-40333.patch \ + file://CVE-2026-40334.patch \ " SRC_URI[libgphoto2.sha256sum] = "28825f767a85544cb58f6e15028f8e53a5bb37a62148b3f1708b524781c3bef2" From patchwork Mon Apr 20 06:27:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86426 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1AC3DF36C28 for ; Mon, 20 Apr 2026 06:28:04 +0000 (UTC) Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.14178.1776666481290016326 for ; Sun, 19 Apr 2026 23:28:01 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=q2ygmW18; spf=pass (domain: gmail.com, ip: 209.85.221.42, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f42.google.com with SMTP id ffacd0b85a97d-43fe608cb92so1650070f8f.2 for ; Sun, 19 Apr 2026 23:28:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666480; x=1777271280; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=JNmRyBlaYGvzsofgIeKWx4satM2DRmu+mPMDL51yacE=; b=q2ygmW18Fc4g1mIDOvwsabv15IfCTkeBymEEJ35gWrCbUCPBn8cyRtdzz4IcQqWCRx uyt4pRUtyLXZapnXTp6HtuThA48SXCA+aclEKXOwSwNLf2rqgcigHGitS3qKZvExyZov sbqoSOAcg5zyr44g/Id8bs8ILwAsg5eOLxEezDLk/lrWLJ4raQ0uiYuMf0WYRGk681Bk MQmvW5+4HxMmLnZe6+ngEyFNlUmVPEHGysKvt5/tnwjrREFI89oFCW2hcKeYoRpnO5JW glfXc26hiC0l5MO8MdMHlCWJBzI5UARoY473hifO/zSPSoBOAafDZ4T438GjD/wePlUM vxKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666480; x=1777271280; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=JNmRyBlaYGvzsofgIeKWx4satM2DRmu+mPMDL51yacE=; b=S83uik5lH8v87PnwGos9eALbmHvk+v1QuM1AsOSBM8N+AwcT2BfvE7336XrY4CvA/i /9EYCcyyijqj/Y/B6MFMIdWnhrokXlHXeU3xw6MYZR/I99240qMkqTxe+EeArQ8KLPgU h/gJbHddxRXpYp4fWFrkoP98Hdwv8+6AAgyLu24srjhhI9LlaLuzYF+jS6HfNtulMvjP vMbj/Zefw7mzomJRibQRzCWctPhNWSxwm1jCZAq8sQ4mndO0kVfoUyXgdOaSGiIAQRJI 513wSG1ZdxTTbXpIQyKH7BEhvrsuGVyocQ/MpTJxQ26aR0hB0kKYIMRFOtXAMKdM0ghZ +wcg== X-Gm-Message-State: AOJu0YwHJZg8ULygjVWQRKxF4D/5YOYTqzl557yW1+Lizmgik/4ZjSW3 1P0+T/KPR47hi1iGzQ8nYYyEMReVwMJb8Gw7p4xMcysLY+BfnKr7TO8pLSE3Fg== X-Gm-Gg: AeBDievJufvmze8Ik3k8OHN1mKV2vSoD7inRxxJdqOyDwb3O4nKWKJCHZqVfak1AOLK vybEgi7ogCP6E+AkyjdBwrceGCjDOW4CDpLLKA99bXftZiZRKVD8qQRQuJ52MviQTQW1/A70mVn 7dJX/HVcmRu3uj0lE4dZenCal9N2Bkqo3iWJvDybJANTUc/LthQH0YfYKUEzH8bN4waJUCI/Y6J KO81f3PUGZs6yRnthr2jwOVUY0T0b8cY/aH2Rdg1XtcB86xTf3GVvSAb9Uzwqap2e5GwVKexxqZ pe70U3L2Lt1fWIjnZGq3wrkjHeyCp6cqqS3EAcey5DVWyhke22Ej5YJ4JX9LLuUokFIITWmEkp6 rLr8f7VJak9Pp5jUYa0lE1/cgXmLpgEHm9KdbKuRfCJpr1WtYh86oD7asknKSDCCMsrjISpqGxy o55Xa9UAZkCr4FkA8czPnqjn85ajCdgGk= X-Received: by 2002:a05:600c:8588:b0:489:2005:b36e with SMTP id 5b1f17b1804b1-4892005b4e9mr8297715e9.19.1776666479493; Sun, 19 Apr 2026 23:27:59 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.27.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:27:59 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 11/17] libgphoto2: patch CVE-2026-40335 Date: Mon, 20 Apr 2026 08:27:43 +0200 Message-ID: <20260420062750.3795917-11-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126475 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40335 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../gphoto2/libgphoto2/CVE-2026-40335.patch | 43 +++++++++++++++++++ .../gphoto2/libgphoto2_2.5.33.bb | 1 + 2 files changed, 44 insertions(+) create mode 100644 meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40335.patch diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40335.patch b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40335.patch new file mode 100644 index 0000000000..dfe832e6c8 --- /dev/null +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40335.patch @@ -0,0 +1,43 @@ +From edcdf804662eb4340fdc371af4853d6579e969ab Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Wed, 8 Apr 2026 15:07:38 +0200 +Subject: [PATCH] =?UTF-8?q?Fixed=20UINT128/INT128=20Unchecked=20Offset=20A?= + =?UTF-8?q?dvance=20(CWE-125)=20=E2=80=94=20MEDIUM?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Finding 5: UINT128/INT128 Unchecked Offset Advance (CWE-125) — MEDIUM + +In ptp_unpack_DPV(), the PTP_DTC_UINT128 and PTP_DTC_INT128 cases advance *offset += 16 without verifying 16 bytes remain. The entry check at line 609 only guarantees *offset < total (at least 1 byte available). After the unchecked advance, *offset can exceed total, and the CTVAL macro's bounds check (total - *offset < sizeof(target)) wraps due to unsigned arithmetic. + +CVE-2026-40335 + +Reported-By: Sebastián Alba + +CVE: CVE-2026-40335 +Upstream-Status: Backport [https://github.com/gphoto/libgphoto2/commit/433bde9888d70aa726e32744cd751d7dbe94379a] +Signed-off-by: Gyorgy Sarvari +--- + camlibs/ptp2/ptp-pack.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/camlibs/ptp2/ptp-pack.c b/camlibs/ptp2/ptp-pack.c +index 982b4f4..7fc120d 100644 +--- a/camlibs/ptp2/ptp-pack.c ++++ b/camlibs/ptp2/ptp-pack.c +@@ -614,10 +614,14 @@ ptp_unpack_DPV ( + case PTP_DTC_UINT64: CTVAL(value->u64,dtoh64a); break; + + case PTP_DTC_UINT128: ++ if (total - *offset < 16) ++ return 0; + *offset += 16; + /*fprintf(stderr,"unhandled unpack of uint128n");*/ + break; + case PTP_DTC_INT128: ++ if (total - *offset < 16) ++ return 0; + *offset += 16; + /*fprintf(stderr,"unhandled unpack of int128n");*/ + break; diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb index e8e56171a1..269731731b 100644 --- a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb @@ -15,6 +15,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/gphoto/${BP}.tar.xz;name=libgphoto2 \ file://0001-libgphoto2-fix-const-correctness-for-c23-builds.patch \ file://CVE-2026-40333.patch \ file://CVE-2026-40334.patch \ + file://CVE-2026-40335.patch \ " SRC_URI[libgphoto2.sha256sum] = "28825f767a85544cb58f6e15028f8e53a5bb37a62148b3f1708b524781c3bef2" From patchwork Mon Apr 20 06:27:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86424 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EEF37F36C26 for ; Mon, 20 Apr 2026 06:28:03 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13770.1776666481873144863 for ; Sun, 19 Apr 2026 23:28:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=VaZLJEwg; spf=pass (domain: gmail.com, ip: 209.85.128.44, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-4891c00e7aeso4550275e9.2 for ; Sun, 19 Apr 2026 23:28:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666480; x=1777271280; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uQ4Xqz+CG9hYGcpbF6OFVgmu8oxQzBPkgUKsoIIOg/4=; b=VaZLJEwgeHk3hkl8U5bCFzuIkch1RjTsi3h+pqHa5VYztVyNK1Y77sUZt8Ri79a87l 6roLU61TmRvjHYqWHgYRTD9Gp0M1h0olo4NvGeCkXs0AO+NNCr/YAOAt9LDYjwjlh3eC YpNaCl3QrE6aGd0cIRlha1vLBS6L5UanwFjA7n18nJHi2vQVZ5VUsSjQ7aQuUxIp1op8 iFSy5GRvnLOvaERXI4yakt4glouvdVayT1rUmgkANf491QaS7u21bhrP85kcwO3rKQwv z3MPTUTGo41+1mVHG5pyliCBkaFWgy/so/Zr/o1sdtENCc+ES7vJcql7rCiUjvqxU/FO 6psg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666480; x=1777271280; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=uQ4Xqz+CG9hYGcpbF6OFVgmu8oxQzBPkgUKsoIIOg/4=; b=hjZddcljrSMBbsoRrN+lHPsz7vTxIvxd2uuHvD085/0/3nfT4/XILvq+P6v2pKCsTf 9FO1kp+Y6NNnaEHJBjbNNa7yP67WMpcEVv91Th7x0H5e2iItZbnTh/Uf8wqrrayoUV6h S79eE447TmThJl1XIAwNChQruw15d3OJdmxC5x5i8nUYLyFyN5EJoAPeM0Gf/Zdd7LAd tyw0dU9ZzqPhGWDagdVD4EmqcdqeSn2oDHzVJguFZ0xyUywJuvt0Md5sIL9iBvOyeY72 vZbsf6sGlh+uuJxMVw9mByG7vQ/cedhdnwYXx1gxzvDhp7dkJNs8UTt0ldtI9OsyslI+ 7tyg== X-Gm-Message-State: AOJu0YzzIDeF2JPjQ6ll/kOJGDltQE7UX+V5JcFNTmDeSsKSeU4/6BBH NnWbf30Ov5KXoBkJusvh7U5uSuCBCPReZLxVPcjRFCcw4GpJYS+RLHGhx5Mi/w== X-Gm-Gg: AeBDietx6omprtniUCrq9EDPpL40ERbr+G14FI3CFEdjEpTIS2GLciGrdarflKiR6lX TcejYT0MpInOTNkliAJKveBaTj+7r+Ar41Gs+UlcQ84b3NwSgk20K/1eQsxzmXBbiNAV/LhgPjr YqKJFI9fjZklGyDC0JWCg4Z4K51/WuztCCKfQpP2C7LRVYeOQHM7qn/Bxwn5VYp6Jl2rXfLxIZb YdVtXYVGpcE4snWI9+gpIHgb9sUMNSLVkvY0l2ovaQx86iUHj+xHwQnytCde4pYjChn0I4OElhr Ck674/CEflQNFyrSeJBavup4QM6VpeciFPx1cozsDK/YETARaNQCCkefTDKQmTs9M2icT6t9hIw YBhrTlp1KaBqP3+PPydxWDqDwhaeSW6R/OWis8/zJrQyH8oGh3gc8EmGmrfX3L2QWEow1tNYQ4L 4jHdTZiDeh7yUyOInH+HuFBkXaupmh06k= X-Received: by 2002:a05:600c:46cb:b0:488:a723:ea53 with SMTP id 5b1f17b1804b1-488fb744fbemr166078045e9.7.1776666480188; Sun, 19 Apr 2026 23:28:00 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.27.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:27:59 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 12/17] libgphoto2: patch CVE-2026-40336 Date: Mon, 20 Apr 2026 08:27:44 +0200 Message-ID: <20260420062750.3795917-12-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126476 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40336 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../gphoto2/libgphoto2/CVE-2026-40336.patch | 44 +++++++++++++++++++ .../gphoto2/libgphoto2_2.5.33.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40336.patch diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40336.patch b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40336.patch new file mode 100644 index 0000000000..1a809b4f25 --- /dev/null +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40336.patch @@ -0,0 +1,44 @@ +From e19c45d3530f1585805711e14aa4ea788e499f46 Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Wed, 8 Apr 2026 15:13:51 +0200 +Subject: [PATCH] Fixed Sony DPD Secondary Enum List Memory Leak +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Finding 4: Sony DPD Secondary Enum List Memory Leak (CWE-401) — LOW + +File: ptp-pack.c:884-885 + +When processing a secondary enumeration list (2024+ Sony cameras), line +884–885 overwrites dpd->FORM.Enum.SupportedValue with a new calloc() +without freeing the previous allocation from line 857. The original +array and any string values it contains are leaked. + +CVE-2026-40336 + +Reported-By: Sebastián Alba + +CVE: CVE-2026-40336 +Upstream-Status: Backport [https://github.com/gphoto/libgphoto2/commit/404ff02c75f3cb280196fc260a63c4d26cf1a8f6] +Signed-off-by: Gyorgy Sarvari +--- + camlibs/ptp2/ptp-pack.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/camlibs/ptp2/ptp-pack.c b/camlibs/ptp2/ptp-pack.c +index 7fc120d..fc51d77 100644 +--- a/camlibs/ptp2/ptp-pack.c ++++ b/camlibs/ptp2/ptp-pack.c +@@ -879,6 +879,11 @@ ptp_unpack_Sony_DPD (PTPParams *params, const unsigned char* data, PTPDeviceProp + /* check if we have a secondary list of items, this is for newer Sonys (2024) */ + if (val < 0x200) { /* if a secondary list is not provided, this will be the next property code - 0x5XXX or 0xDxxx */ + if (dpd->FormFlag == PTP_DPFF_Enumeration) { ++ /* free old enum variables */ ++ for (i=0;iFORM.Enum.NumberOfValues;i++) ++ ptp_free_propvalue (dpd->DataType, dpd->FORM.Enum.SupportedValue+i); ++ free (dpd->FORM.Enum.SupportedValue); ++ + N = dtoh16o(data, *poffset); + dpd->FORM.Enum.SupportedValue = calloc(N,sizeof(dpd->FORM.Enum.SupportedValue[0])); + if (!dpd->FORM.Enum.SupportedValue) diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb index 269731731b..bb5470fa7a 100644 --- a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb @@ -16,6 +16,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/gphoto/${BP}.tar.xz;name=libgphoto2 \ file://CVE-2026-40333.patch \ file://CVE-2026-40334.patch \ file://CVE-2026-40335.patch \ + file://CVE-2026-40336.patch \ " SRC_URI[libgphoto2.sha256sum] = "28825f767a85544cb58f6e15028f8e53a5bb37a62148b3f1708b524781c3bef2" From patchwork Mon Apr 20 06:27:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86423 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB5D6F36C24 for ; Mon, 20 Apr 2026 06:28:03 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.14180.1776666482632439512 for ; Sun, 19 Apr 2026 23:28:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=ODaWB6Ja; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-4891e5b9c1fso3320585e9.2 for ; Sun, 19 Apr 2026 23:28:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666481; x=1777271281; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=qfRTzyXB2WrrdPvboFq9hgu2POK9zd2fVfP5AYmfV98=; b=ODaWB6Ja0z/d3lErGRzmW7E9gPoI73SCojc8cnpigU/yiEQyl9tavNZ6eo6SrhYKoz OlL4rXv8BiTWNzVSnZUJYQDZqvH4IxlmDupCAraB593tXBQ5OmE8WZ+tymijfcgGthcD t0n+ScYJLz8grKkfce4pzJOasa7Bcf6/dJlCS95x7jAAua/xGLI/ibsFpqYNukmff8kV 8tk+0r1L1TWrAM+oVJeD/FqrqpMAZjnVsHo0vhX6SL3BJeuR87j5HqCxvVljroqZUeqA lGiStnUeD2WC+lvDr7hzbPQdDtGoLtqp9aNnpS6BH0mtbQTgfKg0fV2sqeMmazWhj/gA uiSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666481; x=1777271281; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=qfRTzyXB2WrrdPvboFq9hgu2POK9zd2fVfP5AYmfV98=; b=lKmXkIdRSxGONRDJqHC1ZWLekOrQkm/NignZVU+oSysKHp8v4NQ6/cs2pHA4vHSyKI UHgfLjcki0250BmokbMyOgq9TE3B69gcwjocYn8BoCpdtSJ2/2qLcByvb7FqsYlmVlmL OVYWgX0WUoL2rYScFYt7hbCqyhwwM2ZgkAknvbleP52hK0iNntcMZ0zzdaU7vEX1X2m/ k6c2tSMRGIO37IDTf6AnoET1kmX5EjhYBsZYK3J8dEWhU5v/TjFo08b+3RHNSAkqgRPv 3Il86h2EiX/YERlXhdsRXx5xABjY84b1qBvQ35ri5CluzqWOz9XIYorpgjJ94BNn9xkI Xiog== X-Gm-Message-State: AOJu0YyiS+wUKIXXXLWJAQmX/GBJ0q8j3w3os32FREUMDj6GXyhg1PC+ SCu48rNSAmM8GPd0skjReE/QeMLMPU0BeRLNMS24HoWgIqq+dVfKzxKFpFgzQQ== X-Gm-Gg: AeBDieup6NuGVqSXGe+r/ZvfJU0ncH422Lh6FE1OACfjBNL5BQ9HzLndG0jaFz/cRJK oBrvFtxqGy/ANU8WSA2pg2CsZEp5+ncjo5gVXZfRKr2tpl6ZDhfznh1jRpO3nGESEOQokv68fTt ZmCMMWOY2sNr4kGOggby64gN5uS+wXZHUzXo4btyD2tJwhJiKIAURc3HlY9Wgt9/m6watM3ovdQ yokJiaxsfVJpdfxMhcmXtl/x/j6/oNSs+YM4tdpkyHF2u6+tUtFSmm0JxqqnvvYv13oMSPv6Axg grfhezGaZvDhzKD38g/oehC8quoK65xubxtPIAAGki783KJogjxSjiRVIpaYhJmIEc8FPQiOCYn IEnd/GWfn/lmCEiOUR5LBQv8AxUcD0nf+4NX7lXNfXD8CwcIe0Jfbtc9cR50ZWLjTAyrl+8EZUc au+ZAb5rD7Alj/bZ4Q9j64b5xruZvHcu8= X-Received: by 2002:a05:600c:8207:b0:485:3193:6ddb with SMTP id 5b1f17b1804b1-488fb73cf74mr182854695e9.3.1776666480852; Sun, 19 Apr 2026 23:28:00 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.28.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:28:00 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 13/17] libgphoto2: patch CVE-2026-40338 Date: Mon, 20 Apr 2026 08:27:45 +0200 Message-ID: <20260420062750.3795917-13-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126477 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40338 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../gphoto2/libgphoto2/CVE-2026-40338.patch | 34 +++++++++++++++++++ .../gphoto2/libgphoto2_2.5.33.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40338.patch diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40338.patch b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40338.patch new file mode 100644 index 0000000000..9f233f2ec9 --- /dev/null +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40338.patch @@ -0,0 +1,34 @@ +From 43cc20e807cd2935869617a7d8b9488070712c0e Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Sat, 11 Apr 2026 10:47:52 +0200 +Subject: [PATCH] =?UTF-8?q?Fixed=20Sony=20DPD=20Enum=20Count=20OOB=20Read?= + =?UTF-8?q?=20(CWE-125)=20=E2=80=94=20MEDIUM?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In the PTP_DPFF_Enumeration case of ptp_unpack_Sony_DPD(), dtoh16o(data, *poffset) reads 2 bytes for enumeration count N without verifying 2 bytes remain. The standard parser at line 704 has this check. + +CVE-2026-40338 + +Reported-By: Sebastián Alba + +CVE: CVE-2026-40338 +Upstream-Status: Backport [https://github.com/gphoto/libgphoto2/commit/3b9f9696be76ae51dca983d9dd8ce586a2561845] +Signed-off-by: Gyorgy Sarvari +--- + camlibs/ptp2/ptp-pack.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/camlibs/ptp2/ptp-pack.c b/camlibs/ptp2/ptp-pack.c +index fc51d77..f90d2a5 100644 +--- a/camlibs/ptp2/ptp-pack.c ++++ b/camlibs/ptp2/ptp-pack.c +@@ -851,6 +851,7 @@ ptp_unpack_Sony_DPD (PTPParams *params, const unsigned char* data, PTPDeviceProp + break; + case PTP_DPFF_Enumeration: { + #define N dpd->FORM.Enum.NumberOfValues ++ if (*poffset + sizeof(uint16_t) > dpdlen) goto outofmemory; + N = dtoh16o(data, *poffset); + dpd->FORM.Enum.SupportedValue = calloc(N,sizeof(dpd->FORM.Enum.SupportedValue[0])); + if (!dpd->FORM.Enum.SupportedValue) diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb index bb5470fa7a..df23932535 100644 --- a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb @@ -17,6 +17,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/gphoto/${BP}.tar.xz;name=libgphoto2 \ file://CVE-2026-40334.patch \ file://CVE-2026-40335.patch \ file://CVE-2026-40336.patch \ + file://CVE-2026-40338.patch \ " SRC_URI[libgphoto2.sha256sum] = "28825f767a85544cb58f6e15028f8e53a5bb37a62148b3f1708b524781c3bef2" From patchwork Mon Apr 20 06:27:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86422 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA535F36C23 for ; Mon, 20 Apr 2026 06:28:03 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13771.1776666483295118563 for ; Sun, 19 Apr 2026 23:28:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=UJhX3ZcG; spf=pass (domain: gmail.com, ip: 209.85.128.48, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-488a14c31eeso19422825e9.0 for ; Sun, 19 Apr 2026 23:28:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666482; x=1777271282; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/MGZBU1yIaflHWTerP/48mHON6sMsQwxJuo/pNEzPEc=; b=UJhX3ZcGOjlQq066/LVUVo/qRPj0tCgnIJRA5dZXXFOwZqgY/siaaZJd1Hn7nf6irH d3uPsmQCYH7iTS8tZ7pVjB73AC4LRMn33aogahCUq2ibTes937F6oYpyDstK4wiSZkwa dGXKejsjxFuIU7dbfxQemkgG/uMYtDQncZtjPug9MtXBpGlGksC4ByQ8sFBeTIsY2oct Dxynh6FkFbFE497t7HhE65tFuWsNFUZ0Rs5s8/htkECgaaaQQkSBA+pOubLaK5WeR4nD exOI/ieNAHmV3YhyqBfa0My3dsuz7xKQe2oxIqnvqSYHxAOBStpn5+T59B+bIknKm1C1 C7XA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666482; x=1777271282; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=/MGZBU1yIaflHWTerP/48mHON6sMsQwxJuo/pNEzPEc=; b=blW7u/c7t11IIIak4TfajUkiDZnBNQ57r39pygXUD6bTBTATJjQvDo7XwIoMl2tU9l 9zJy0sh+uL+lRjCrTiu4gD5zI6a4h5Oz+szylAM7n/Ain04RM18BBE5HjP9VtCMWYvri dmRBxbG+bwexg/DHl5P4NqGdBVRkBuPDH92nBGnNMChD5bPkPKUFVsnVjEY8R+fZYp30 GDBmvprEqXohyDd/iAMIRKmTbAxR041AO0uJcqKoTDmICXicJ/KuIS4uaK9BQLxMsvx4 6dwgqqSO5E8VPlXAwN/P/DS4kuWzOEer23ohZBvomNPzgob+jnIWK7KprK246IKyfeT1 DMVg== X-Gm-Message-State: AOJu0YwezQJx0+qmL97GrLyg7lrgr08L7eeQRfr8a0XH5wLK7pZgCQpQ kUsIe0IbLX/inSgEcUe/+PXM+30jckGB3xo0ijCmsKRXxYvfrEdEwCzfGsvurw== X-Gm-Gg: AeBDies+cjgzXW3bMX3s2apjPdrt9LXN8XEhASE8YRRF6w4FeIyncPIJd+1/X2XFsWo gmUND8rLo2cteLrmr9kzp13/zp+WW918T0S+cOy3+3oUsrGtMo2p5ql6An7sS5d55+8p+GNnrpZ W00U3A6e7/FZwf1/jKmnMuW4m8KZm9Lybn9Z94IedKStIXpxhZDe7rg7auhBuYE6c1ZpOFuGbzh 1LHV5Tz3BRKfz6z+IPOJ1ASggI3rEa1eIE9mH8d9AHfmnNp8IkJbfQttK2ry+zVGeqa67dc7Zit gKViV8gz3qlDrbF0O66Wwq1nPGJ8bOPFU5IFND/70qxSLYNWrnVX8JwR3gxxOxgcqaQQucX33Y2 2BNtZK8mgN08Qv94J8gJemiVIsO5LPPtYfTsjHdrNwOnUg+lNHUv/6Tr+KHtxdjiJ1+8LNVO+wQ 2/YQFkDH9o73rNyhUUgjgk4i+htXTR3xI= X-Received: by 2002:a05:600c:8b8c:b0:489:1d74:56d with SMTP id 5b1f17b1804b1-4891d7406famr26709255e9.29.1776666481524; Sun, 19 Apr 2026 23:28:01 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.28.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:28:01 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 14/17] libgphoto2: patch CVE-2026-40339 Date: Mon, 20 Apr 2026 08:27:46 +0200 Message-ID: <20260420062750.3795917-14-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126478 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40339 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../gphoto2/libgphoto2/CVE-2026-40339.patch | 41 +++++++++++++++++++ .../gphoto2/libgphoto2_2.5.33.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40339.patch diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40339.patch b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40339.patch new file mode 100644 index 0000000000..b00ac72772 --- /dev/null +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40339.patch @@ -0,0 +1,41 @@ +From 585e8113b541469347d09c341c2e8b468b431adb Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Sat, 11 Apr 2026 10:50:47 +0200 +Subject: [PATCH] =?UTF-8?q?Fixed=20Sony=20DPD=20FormFlag=20OOB=20Read=20(C?= + =?UTF-8?q?WE-125)=20=E2=80=94=20MEDIUM?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +ptp_unpack_Sony_DPD() reads the FormFlag byte via dtoh8o(data, *poffset) +without a prior bounds check. The standard ptp_unpack_DPD() at line +686–687 correctly validates *offset + sizeof(uint8_t) > dpdlen before +this same read, but the Sony variant omits this check. + +CVE-2026-40339 + +Reported-By: Sebastián Alba + +CVE: CVE-2026-40339 +Upstream-Status: Backport [https://github.com/gphoto/libgphoto2/commit/09f8a940b1e418b5693f5c11e3016a1ad2cea62d] +Signed-off-by: Gyorgy Sarvari +--- + camlibs/ptp2/ptp-pack.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/camlibs/ptp2/ptp-pack.c b/camlibs/ptp2/ptp-pack.c +index f90d2a5..28648a5 100644 +--- a/camlibs/ptp2/ptp-pack.c ++++ b/camlibs/ptp2/ptp-pack.c +@@ -833,9 +833,10 @@ ptp_unpack_Sony_DPD (PTPParams *params, const unsigned char* data, PTPDeviceProp + code or the Data Type is a string (with two empty strings as + values). In both cases Form Flag should be set to 0x00 and FORM is + not present. */ +- + if (*poffset==PTP_dpd_Sony_DefaultValue) + return 1; ++ if (*poffset + sizeof(uint8_t) > dpdlen) ++ return 1; + + dpd->FormFlag = dtoh8o(data, *poffset); + ptp_debug (params, "formflag 0x%04x", dpd->FormFlag); diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb index df23932535..be761bc940 100644 --- a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb @@ -18,6 +18,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/gphoto/${BP}.tar.xz;name=libgphoto2 \ file://CVE-2026-40335.patch \ file://CVE-2026-40336.patch \ file://CVE-2026-40338.patch \ + file://CVE-2026-40339.patch \ " SRC_URI[libgphoto2.sha256sum] = "28825f767a85544cb58f6e15028f8e53a5bb37a62148b3f1708b524781c3bef2" From patchwork Mon Apr 20 06:27:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86438 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D53DF36C40 for ; Mon, 20 Apr 2026 06:28:06 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13772.1776666483859273427 for ; Sun, 19 Apr 2026 23:28:04 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=Hflow2st; spf=pass (domain: gmail.com, ip: 209.85.128.49, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-4896c22fcbaso1487105e9.0 for ; Sun, 19 Apr 2026 23:28:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666482; x=1777271282; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hmqmTwgRz3aareP7MGTeVX9W7DNC84+Mxm9K491YBQI=; b=Hflow2stSbLBImy8uudurYsWuVlLPWt7b0gIHCPfBmNEcWTlig7IfxXK6kNLNBAK/A h1ETFjri+c/hIOEyYLy04ZhNGhZzAcQRftmJtEyHw1N0XmcvkxV3AkrhyzpMvK5DWpu5 wyt3C6Qx0JZ7RsfeLX6XA6KBjzfn5J0wiJUrUJv/RsLQMQp32BlFklJzpvF4oUUEZ4vt lXMFBZCnoFDIHZMKUEGe+jjJfbhu1+xDf3j9uOU03fr9pV8zYX7RcPUO0IeunI3CxOAx ORQiQJvFGJLFEPqxgczpErGVgnhWwPoohY26e9nPKfz/8YdvTpZ2X5thF6xtniMs6iP+ kvWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666482; x=1777271282; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=hmqmTwgRz3aareP7MGTeVX9W7DNC84+Mxm9K491YBQI=; b=E02bo/99n6E44EJ715kzarRIIdSrrH19gWbZjt7tvbQNrjnKrXGxiiDYBRFBNRxO84 wg03HO1CP/7dBFrxrAkuwzoKtArUV4fjtIVcShq5SQCk4emnFCp17mspFUeneYKB4BJh 1+QkD8kqIknmzFLv4BbRjEPheA2xRdYMhOGttwN3Z1UhUumNWYZbLJOTaYGOCxVV41Ho eKEECbyUid1vTSuRyUDgp7rKDXTLIJ0qDoJTB4Cb1hAJb45x5MoQmdUmrCgJnMc9rLif 485O7LuHo/OetrsrEHHjz6jqNdwpViTtWibV8sJtONbEV0ER3msGjqvJX8xUmu5NJo7j r2Mw== X-Gm-Message-State: AOJu0YxjW0in2qXwUO1VRO7EyKVQkrtJk68DoZg9effQ3CdPKMVcxGO0 8ppJH2rUONqVNDFXotIH99VNRy1/fC+WCPPlO2q1sMowcwwWA7hUiUZ4OO7uPQ== X-Gm-Gg: AeBDietEk7IsmgY9g+d1dyCftDE1aa0Ti9BiXgxZZ4Djtx3r+dxJlgMgGXPiU0LcZ4F +uvStDW6MNeYb+NHA6ccD6rL1hene3FYsZR8WTC+SYwPXeaxuRrC/pzOpXgUXGDWqsWyTaO3ghc tEU+1R2TI1QQb5QBlMlGB4t8nzOYGxeHr8zwyDI/2f8ZvM+zrP9GkEUBGyRm6S9pkRRct6ZOUKO 9CNwkek0sRTjXslkwWii7QBX07pjqWG1n74aGtldWDE/XcNqHbajKCZYaDzcNqRJURAu3e6+ZmC PSbrien9yT5ALqtnlpuhhwScEDdB4G6MNi5fAO3jCIwq0+2L9TfHbiS5k6gDqwv1xV1dtIekhj5 xreIfAyL75HOrMNxcjr8xeor1NvvLGF9bbZVKvEqiKbGxCWfGkh6fPYManIXs6ImpTQP7fd7Y6W KfN/5R6iw/J/nLyGaEatx+BGE43tlvL0A= X-Received: by 2002:a05:600c:a00c:b0:488:c51f:e04e with SMTP id 5b1f17b1804b1-488fb765e65mr162444755e9.13.1776666482167; Sun, 19 Apr 2026 23:28:02 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.28.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:28:01 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 15/17] libgphoto2: patch CVE-2026-40340 Date: Mon, 20 Apr 2026 08:27:47 +0200 Message-ID: <20260420062750.3795917-15-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126479 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40340 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../gphoto2/libgphoto2/CVE-2026-40340.patch | 40 +++++++++++++++++++ .../gphoto2/libgphoto2_2.5.33.bb | 1 + 2 files changed, 41 insertions(+) create mode 100644 meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40340.patch diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40340.patch b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40340.patch new file mode 100644 index 0000000000..a0852692b0 --- /dev/null +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40340.patch @@ -0,0 +1,40 @@ +From fd9f234df894caec6c65144b5a4f0264aadf0989 Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Wed, 8 Apr 2026 16:01:48 +0200 +Subject: [PATCH] Fixed ObjectInfo Parser OOB Read +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +ptp_unpack_OI() validates len < PTP_oi_SequenceNumber (i.e., len < 48) but then accesses: + + Offsets 48–51: dtoh32a(data + PTP_oi_SequenceNumber) at line 563 (4 bytes OOB) + Offset 52: data[PTP_oi_filenamelen] at line 547 (5 bytes OOB) + Offset 56: data[PTP_oi_filenamelen+4] at line 547 (9 bytes OOB) + +The Samsung Galaxy 64-bit objectsize detection heuristic reads up to 9 bytes beyond the validated boundary. + + CVE-2026-40340 + +Reported-By: Sebastián Alba + +CVE: CVE-2026-40340 +Upstream-Status: Backport [https://github.com/gphoto/libgphoto2/commit/7c7f515bc88c3d0c4098ac965d313518e0ccbe33] +Signed-off-by: Gyorgy Sarvari +--- + camlibs/ptp2/ptp-pack.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/camlibs/ptp2/ptp-pack.c b/camlibs/ptp2/ptp-pack.c +index 28648a5..9eba06f 100644 +--- a/camlibs/ptp2/ptp-pack.c ++++ b/camlibs/ptp2/ptp-pack.c +@@ -526,7 +526,7 @@ ptp_unpack_OI (PTPParams *params, const unsigned char* data, PTPObjectInfo *oi, + { + char *capture_date; + +- if (!data || len < PTP_oi_SequenceNumber) ++ if (!data || len < PTP_oi_filenamelen + 5) + return; + + oi->Filename = oi->Keywords = NULL; diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb index be761bc940..c82e76a06e 100644 --- a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb @@ -19,6 +19,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/gphoto/${BP}.tar.xz;name=libgphoto2 \ file://CVE-2026-40336.patch \ file://CVE-2026-40338.patch \ file://CVE-2026-40339.patch \ + file://CVE-2026-40340.patch \ " SRC_URI[libgphoto2.sha256sum] = "28825f767a85544cb58f6e15028f8e53a5bb37a62148b3f1708b524781c3bef2" From patchwork Mon Apr 20 06:27:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86437 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35058F36C24 for ; Mon, 20 Apr 2026 06:28:06 +0000 (UTC) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.14183.1776666484571843127 for ; Sun, 19 Apr 2026 23:28:04 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=JF2uhTi0; spf=pass (domain: gmail.com, ip: 209.85.128.50, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-4891f625344so2897865e9.0 for ; Sun, 19 Apr 2026 23:28:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666483; x=1777271283; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=nxHNoKGDGoAJzZsg6Ja25bgw2mMuAw+KN4DdlDMtrUw=; b=JF2uhTi0rCdgeyaxYbog7ifgZrkVhya/IO0EHwAmAANQqhECZ+6GX7IcB+PPtpjkMl pI6QWEZIY4wZw51Z9obthGbv1iRlAe9fMI69H3eIwyj6yr1As167abWXSKQwvTNMhJUU dOJJqz73dWqzBR/C2F02ExZIjmiWpwcZpMhkpYGTLYZsqoEG7GIBiqMU7Ks4ykUo1tEd xCtFK0q6z7WIucYlBGT/o/k9V6k3AKMhLNV9XyNS0RdbGRzIymFSlpVvHGAqlUf63eeI 7xL33g+j9CYn8wrvmwoOE/MgERZMBh3NsT/3vEobQ3ttsvDUhBvE3QOT9JHUM3Vd1IYm eBww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666483; x=1777271283; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=nxHNoKGDGoAJzZsg6Ja25bgw2mMuAw+KN4DdlDMtrUw=; b=hEiEEvHapWc1BhGTAkOfIOB4ouE98jPlWkpSLty1x8BoVlnRVRJCxnX4qFu4d5lSzi CSTx4yDmGnCJztQFXeIw1CtM7gFpRQ/+KqJs6M2fBjTACQEtWpxVcZDIpFi/zdtWCypz MJyHzAITe67QPYWLIQBgZwaMPcumJlR/snUGGZfKYgddR8UPGqVPajMKdrhbXog9JxuO g6PErXCbebJC39hrPY1k8mSZFUsDsxwMVjcLhwDBXmzeuKrxMYl2BB6W3QyLzWoiFJlo gpHnVCK7K9I16ip2lmL+XXriel+JBnAUVrUAejJy/jc8BOxybQRpW9uzitq63CqL0Ps3 H52A== X-Gm-Message-State: AOJu0Ywi9H2ewpGCq2dw/gBHxum1SLBz/rUI9StmmO8oFoQFgT5GZU2e WT4PYlNsVolX2Qq8ch670O3d7eKh26L+FwIVP54ECTVZ3ZXnm3o12JRRmHhWHw== X-Gm-Gg: AeBDieu5u8i1d6Dx6ctjeaWP33m9c6gMqnzsUv/yu3ePDIlDMwLC4zRvqnEm4Dm+0UL 3sKGevRQ9RbNYPNDA3Ku2DwJHsBPBls/n2/I3vIx0f/blkvz/spM6XcwA0m8eo3tUfMXV6kIJN0 eHyqHWGJU/zDH7FpmvteXSpd6A7WVZWJM66XXAviE31fUuQENDhjt9fhaenTg+LGbGSb/LYQLgI ljHbXRAb3UTjHeV8njtafbmx0BSR4LB0WHLjCagJAOi+c2lg5dBTWZx8vjJglxrFu9OOLMsD6IK ZCM6PMO8iA7tVdDbg0tZ1NjAatTYTIkeKmHjQ7ASZ5a4qWpBJ+2YptTmEzVcdLfcexz889HmbCz IF+nLqPFInxf4/ROc264O1czJ/EDS/An692LhFLXuk0tK0aVxigy55oJaj7/M/UkSFquLpYBkLI hnh33iiDHnNtTusLOxHnmHRahOpVd6j6ikz+2gQgLoHg== X-Received: by 2002:a05:600c:870e:b0:488:aa33:dc8f with SMTP id 5b1f17b1804b1-488fb84ffb8mr168560425e9.0.1776666482851; Sun, 19 Apr 2026 23:28:02 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.28.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:28:02 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 16/17] libgphoto2: patch CVE-2026-40341 Date: Mon, 20 Apr 2026 08:27:48 +0200 Message-ID: <20260420062750.3795917-16-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126480 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40341 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../gphoto2/libgphoto2/CVE-2026-40341.patch | 69 +++++++++++++++++++ .../gphoto2/libgphoto2_2.5.33.bb | 1 + 2 files changed, 70 insertions(+) create mode 100644 meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40341.patch diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40341.patch b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40341.patch new file mode 100644 index 0000000000..b71792c185 --- /dev/null +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2/CVE-2026-40341.patch @@ -0,0 +1,69 @@ +From 3674dbeafa5157a264ca5e562ffdbef159a2185f Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Wed, 8 Apr 2026 15:28:52 +0200 +Subject: [PATCH] Fixed OOB read in ptp_unpack_EOS_FocusInfoEx + +Do not read out values before checking there is sufficient size + +CVE-2026-40341 + +CVE: CVE-2026-40341 +Upstream-Status: Backport [https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987] +Signed-off-by: Gyorgy Sarvari +--- + camlibs/ptp2/ptp-pack.c | 34 +++++++++++++++++++++++++--------- + 1 file changed, 25 insertions(+), 9 deletions(-) + +diff --git a/camlibs/ptp2/ptp-pack.c b/camlibs/ptp2/ptp-pack.c +index 9eba06f..11428ab 100644 +--- a/camlibs/ptp2/ptp-pack.c ++++ b/camlibs/ptp2/ptp-pack.c +@@ -1629,23 +1629,39 @@ ptp_pack_EOS_ImageFormat (PTPParams* params, unsigned char* data, uint16_t value + static inline char* + ptp_unpack_EOS_FocusInfoEx (PTPParams* params, const unsigned char** data, uint32_t datasize) + { +- uint32_t size = dtoh32a( *data ); +- uint32_t halfsize = dtoh16a( (*data) + 4); +- uint32_t version = dtoh16a( (*data) + 6); +- uint32_t focus_points_in_struct = dtoh16a( (*data) + 8); +- uint32_t focus_points_in_use = dtoh16a( (*data) + 10); +- uint32_t sizeX = dtoh16a( (*data) + 12); +- uint32_t sizeY = dtoh16a( (*data) + 14); +- uint32_t size2X = dtoh16a( (*data) + 16); +- uint32_t size2Y = dtoh16a( (*data) + 18); ++ uint32_t size; ++ uint32_t halfsize; ++ uint32_t version; ++ uint32_t focus_points_in_struct; ++ uint32_t focus_points_in_use; ++ uint32_t sizeX; ++ uint32_t sizeY; ++ uint32_t size2X; ++ uint32_t size2Y; + uint32_t i; + uint32_t maxlen; + char *str, *p; + ++ if (datasize<4) { ++ ptp_error(params, "FocusInfoEx has invalid size (%d)", datasize); ++ return strdup("bad size 0"); ++ } ++ ++ size = dtoh32a( *data ); + if ((size > datasize) || (size < 20)) { + ptp_error(params, "FocusInfoEx has invalid size (%d) vs datasize (%d)", size, datasize); + return strdup("bad size 1"); + } ++ ++ halfsize = dtoh16a( (*data) + 4); ++ version = dtoh16a( (*data) + 6); ++ focus_points_in_struct = dtoh16a( (*data) + 8); ++ focus_points_in_use = dtoh16a( (*data) + 10); ++ sizeX = dtoh16a( (*data) + 12); ++ sizeY = dtoh16a( (*data) + 14); ++ size2X = dtoh16a( (*data) + 16); ++ size2Y = dtoh16a( (*data) + 18); ++ + /* If data is zero-filled, then it is just a placeholder, so nothing + useful, but also not an error */ + if (!focus_points_in_struct || !focus_points_in_use) { diff --git a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb index c82e76a06e..04c4786f84 100644 --- a/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb +++ b/meta-oe/recipes-graphics/gphoto2/libgphoto2_2.5.33.bb @@ -20,6 +20,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/gphoto/${BP}.tar.xz;name=libgphoto2 \ file://CVE-2026-40338.patch \ file://CVE-2026-40339.patch \ file://CVE-2026-40340.patch \ + file://CVE-2026-40341.patch \ " SRC_URI[libgphoto2.sha256sum] = "28825f767a85544cb58f6e15028f8e53a5bb37a62148b3f1708b524781c3bef2" From patchwork Mon Apr 20 06:27:49 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 86433 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19824F36C3D for ; Mon, 20 Apr 2026 06:28:06 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13774.1776666485315477370 for ; Sun, 19 Apr 2026 23:28:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=OtpNWF1w; spf=pass (domain: gmail.com, ip: 209.85.128.48, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-4891b0786beso5799095e9.1 for ; Sun, 19 Apr 2026 23:28:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776666484; x=1777271284; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=a1B6T9c12VXYW2OFAPQp8c7CAgQohMQQkInOekUN3TI=; b=OtpNWF1wIa3TKUvyn1BZ2zruDDZCiQlI0v6E3jYmbRTRHDKLOPqlgCxdD0BfPFNqdj 5DrH/tAVBc6VHoBcbDkzxHdIqJxaxqwLCwznRBtFke0DeaeaKOhxDLr3IdUshRrceTRP DR7ZZbDR9A/NGbZfvSC1FK5RCKFEPokyN/UqhsMYKS59YXuzNclH0asyi7yBgOlLh3eM otrjpn4A0GmoF6u8HmvWs4Xi6u85GR6NkVt9gADNfphud4n/CcLyn0vdh0IGnfzt0pzD 0HrkX43JOD41BfKy71Yqoes4vQtrr1M8AhZ1SPFOJgk8ARjzW+5ruGPCuxeweELmxSEi lNHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776666484; x=1777271284; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=a1B6T9c12VXYW2OFAPQp8c7CAgQohMQQkInOekUN3TI=; b=liKntB376XTCJZdiPyEb/8FlWURh1bplHCZm4aj5n6eyFWiFPDXOoACdbOlic8LFz+ Gk85yRp+os8EG/F+y2Dwzb1juyWHdqD89p6ll4R0D6if6J+REPjn0WFMfI+Vo8Wp70gU lzLU59Fu8a8cO1x9Ynl+BzbU4aueIH1uNs53XbREJrf1BBAXEIdmxXaAvVrg+K60tH1U UCz6jomRPIL+R78w/HcDOHfWPkb4QV8CP3zPWBJoBxn1CTQ3wDiDOJB0wJvzWEwwEZYx QWtekRx8iKsYDI/psSocmYMVJUKPP/mnpu9Ik04qW5wqBqDnGdqnHFILBu7NrbF7Aq6t PTow== X-Gm-Message-State: AOJu0YzvXsATaWMsXu00gWCj6+iiTR5HC+ZEePs7AXhXBSJS5YJOkZGf DwwhlJOE23antLS2g3/a96TWB0bjrLJuQsxLMDz04QkiSOAURFbqDRzRSoTiYA== X-Gm-Gg: AeBDietxYVqxVPvOb7xcw6zV6G3vMZT/2oPPIUp1x0v3CeqOi+zlOYecY+WpRdCTgea aoWRvePgvu0xsOzBwTntsGru44047WwvQKn+dTaXSfTorHiimnV8I8mYfIG2icceKO6ovmfoNsG 5GH4X4etPQWD1piADTU/vj1I87B9JMLA/Xzjfu5yCU9eAFK1pX1QsH56UZjTw/6/wUNIiOqt/Ik N/F5GuJEqxAlk2JmDG0fS91ZnpqGXAlRZLJtCcTOhqnDdYQtAT+/NkrwYhrZ8mOXr+ETHp0qzUX c8q5+pys6ZKDQnp1RquXrVxcjNjgqD75F14EyR0AFEVh6jxFR7ow9o/+E9TnipjJu+iqzkKOKrF BjiZTRVFjaI3iqpqjgDmBydGplvDx4FMAk0Z6d+lvWQTOIziDsNF44MB9pVquWMFuxgE1fgb3bG Heuj9g0mlN3SxS7KNXsNB4YPzGyrj4Jno= X-Received: by 2002:a05:600c:c05a:b0:488:80b6:873a with SMTP id 5b1f17b1804b1-488fb771be4mr133789475e9.21.1776666483486; Sun, 19 Apr 2026 23:28:03 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc17f642sm238296665e9.5.2026.04.19.23.28.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Apr 2026 23:28:03 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 17/17] libraw: mark CVE-2026-20911 and CVE-2026-21413 patched Date: Mon, 20 Apr 2026 08:27:49 +0200 Message-ID: <20260420062750.3795917-17-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260420062750.3795917-1-skandigraun@gmail.com> References: <20260420062750.3795917-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Apr 2026 06:28:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126481 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-20911 https://nvd.nist.gov/vuln/detail/CVE-2026-21413 Both CVEs are tracked with incorrect version info: NVD indicates that 0.22.1 is explicitly vulnerable, but the fixes are actually included in this release. Relevant commits: CVE-2026-20911: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b CVE-2026-21413: https://github.com/LibRaw/LibRaw/commit/75ed2c12a35b765b3b6ad695cc1f044f19efe644 Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-support/libraw/libraw_0.22.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb index 2e11a7f1f9..e99f0e46b6 100644 --- a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb +++ b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb @@ -13,3 +13,5 @@ CVE_STATUS[CVE-2026-5318] = "fixed-version: fixed since 0.22.1" CVE_STATUS[CVE-2026-5342] = "fixed-version: fixed since 0.22.1" CVE_STATUS[CVE-2026-20884] = "fixed-version: fixed since 0.22.1" CVE_STATUS[CVE-2026-24450] = "fixed-version: fixed since 0.22.1" +CVE_STATUS[CVE-2026-20911] = "fixed-version: fixed since 0.22.1" +CVE_STATUS[CVE-2026-21413] = "fixed-version: fixed since 0.22.1"