From patchwork Thu Apr 30 11:46:24 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87258 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B841EFF8875 for ; Thu, 30 Apr 2026 11:47:03 +0000 (UTC) Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com [209.85.216.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.18171.1777549622051227009 for ; Thu, 30 Apr 2026 04:47:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=Ox8bGMon; spf=pass (domain: gmail.com, ip: 209.85.216.42, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f42.google.com with SMTP id 98e67ed59e1d1-364c5317d67so535400a91.2 for ; Thu, 30 Apr 2026 04:47:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549621; x=1778154421; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=oAOKjHLbnmcKTeBRJrt2Rf7IBOiArKsQlI1OlOzjCLY=; b=Ox8bGMon9LcYToGx5w5WxNU31dc1BbVSYlPgntPKneNS10jLS/MdrWK9swD/rMTaJ8 oCWjxfuS7usqsTt7n6n9999OBaTiNQg94WN5EZUqMG3lYqIir5Fy1X+YW8e4RT3Hib2m HBrNV5CD4GQWfxUx7lFkxfZqyt99iTo5GSs+Q9OWcFsVXChnvETL+w88LFXjVaC/o/93 BVlhNbyayahYE/NQIBURSpwPBANQ+68HmfNwL7cl/grXUlWtlVeNIpzC5P150t8OjFEa LZjOBomvfO+BfjfIJsyJKK0ukhuSUZDSbw3Xe393eDVskMEB4qeUMwQLuIBrDvXNwScW 1Xzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549621; x=1778154421; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=oAOKjHLbnmcKTeBRJrt2Rf7IBOiArKsQlI1OlOzjCLY=; b=ZCI2VCaT9m3p52Wz5dhsLTfNvxBjDwHFAiZnG66Lsp2J1Y1q37rfo45u/dNsyeFrAA AFURIJ6xPCi7K9JaqVolXtgeVrYJXft+KueTqripYPavGahuVjb7jtod3CSfCpuLvO1t 5ZdZzLBZb8JwopOplU5VfTEhSOUbRtCdePYm7qkhz3U56doGwGsYQ7+pHDQiKXcx1Qn0 rV5481LSqXPTI40i8Fh9HPmTC82NgJ+RNkuAgp5MVuru8ZoQgtkZa0ZiBggIKCep3sSK YGDRKEYvqNqfMrQNXNZcYwVEx/KXKkYF2Ii6mS6bzDZLBpiACYGc5ORQSgYDQSCcqQsn pOqA== X-Gm-Message-State: AOJu0Yz0p9/J+7x6rofD0gzh23xF6q4XU0quV7bU+M92AFsmwVPIX3xm 4EhFjIjFWPNPcPWFPNVZvKnDIdLAipxXxqQifKW9pK+3kM63QfX8FEw6x3QZIsht X-Gm-Gg: AeBDieu6ze+RWOtvDcJYSUhO71FSu/qDtjGS5Q1wcUZDogKTlE3YzB3DdlPx8nUrsaG jrnca98IqnW/KC9yQXeJpdUAIqzhsNbzpgXj1N8VdQ9hA73yH+moSdg65vtD1FYp1+GZj3iq/wC pYKWEWk7P3jwI81Vz4GPrKeTMjNKfIMdpQM5LAuckPm+yiLJJUmB7HFcg0PfK0YzOcrB3AUtCn5 AAtp4VEJKjVvXvnwJeBAofch1jRwsSJzn2mubhf9GDneDtPvellZ5sLd7koS/NCDC1zUiaC/5ye 1pm/qK/xjeExC11bJOgtB+M20Jt+jZDHuD/zc9gQGWb9MNgNGR/u+MdUdcgqzNuj9Wkt4kWy+t+ L9DC0ov1EJDPWvCio8FCHAept0d9L+9QzxS64dnDX2kMHm7NuG7uHJZ+5Dc+j/qmaWiKvU6YIwI RAp6jJAsyyPRiQKStOufY5uIPwFJJQod8QFUM8J7EJehEmI/U= X-Received: by 2002:a17:90b:2d8c:b0:35e:30bc:96e2 with SMTP id 98e67ed59e1d1-364c305ff6dmr2758765a91.10.1777549621101; Thu, 30 Apr 2026 04:47:01 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.46.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:00 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Bartosz Golaszewski , Khem Raj , Ankur Tyagi Subject: [oe][meta-oe][whinlatter][PATCH 1/24] libgpiod: update to v2.2.3 Date: Thu, 30 Apr 2026 23:46:24 +1200 Message-ID: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126735 From: Bartosz Golaszewski Bug-fix release addressing a couple problems in gpio-manager and tests. Signed-off-by: Bartosz Golaszewski Signed-off-by: Khem Raj (cherry picked from commit 172c473caf11c00ce4221f786050f0b9805d868c) Signed-off-by: Ankur Tyagi --- .../libgpiod/{libgpiod_2.2.2.bb => libgpiod_2.2.3.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-support/libgpiod/{libgpiod_2.2.2.bb => libgpiod_2.2.3.bb} (98%) diff --git a/meta-oe/recipes-support/libgpiod/libgpiod_2.2.2.bb b/meta-oe/recipes-support/libgpiod/libgpiod_2.2.3.bb similarity index 98% rename from meta-oe/recipes-support/libgpiod/libgpiod_2.2.2.bb rename to meta-oe/recipes-support/libgpiod/libgpiod_2.2.3.bb index 09b0928dfa..a23d65bcaa 100644 --- a/meta-oe/recipes-support/libgpiod/libgpiod_2.2.2.bb +++ b/meta-oe/recipes-support/libgpiod/libgpiod_2.2.3.bb @@ -13,7 +13,7 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}-2.x:" SRC_URI += "file://gpio-manager.init" -SRC_URI[sha256sum] = "7e3bff0209d75fbca2e9fcff1fd5f07cc58b543e129e08b6d4bb1e4a56cfec0d" +SRC_URI[sha256sum] = "70012b0262e4b90f140431efa841ca89643b02ea6c09f507e23cec664a51b71a" # Enable all project features for ptest PACKAGECONFIG[tests] = " \ From patchwork Thu Apr 30 11:46:25 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87261 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC1FBCD13DA for ; Thu, 30 Apr 2026 11:47:13 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.18173.1777549625012814876 for ; Thu, 30 Apr 2026 04:47:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=fCJ3+9aQ; spf=pass (domain: gmail.com, ip: 209.85.216.43, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-35d971fb6f1so859321a91.0 for ; Thu, 30 Apr 2026 04:47:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549624; x=1778154424; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hmyuziv4Ad/cgRnrNFV9ufGFGHXw55xV9lVNjH+vSCc=; b=fCJ3+9aQUoz2rW0xp2E53akYVW2LnRXUttywn8wPtsjrW2e5wRsiMkVPSHb7FwLtWH RLz88WFSr4YTwCmh0xrDOUd8XBUqJA9IDprqPeyOBhJox3COQDQl7NUuoWl8sjp3jJZq MzmIERYwWRnc6BHzv3gkLxnOAPFejDBPA7gepvCuKo4M69sUrexmn4gB0oCEgFClVKVw LsgnSFwzEDM2ELCwL3QjYAnU0WWOFxSch03ovadohPrHx/nz5q9eecD+gkRy154p+a2A MhJkBGzSqB0lexVwLfHLazPid4CUJ6zmaFQIqSm6hJbP5J3Eh1Fs8U3oiDbfPtuYuzEH WAfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549624; x=1778154424; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=hmyuziv4Ad/cgRnrNFV9ufGFGHXw55xV9lVNjH+vSCc=; b=c+mWGD8M3M4/09Lo4kDZyJyLJNwctddu14+JrqiA1Ll+VIK/dEKixTZCJtIrP6UU/s VpJBR+YPhfUWguYz61v4UGkZYWb5Fi+Q5VI1P0gXHjqi1MwUAGY4GhYToiuIOPqWA0PU u3o4RuOxuBwFVrdOaWf+b2C6qInrrgWghzfC34CupWvR/Hhjlv0E3RgPkbBWqKaK8WqU 3zkCMOSzRSVJ8JGEYNyA6BPYPkdfbsixD/I1zzn5tTvCAKpXnn/ZWOIhtRwgODMSjzVl fGmgeUGWw3bkdVZARYfc8y03IPhlFD1LtN9jKL6zguQLvniFzVvKDJ6XBTMbnuzWEncO RROA== X-Gm-Message-State: AOJu0YyfAd/HB0M6MtFSzUHZCv5LF9aDZkI3u1oIKnNSUpgekuqP3idn KhpU1s0KyPyosXaU3dsW/fmU+DUHO2HeIsLpJpQ1IjwPnu9b02uWbDaxnuNDP13V X-Gm-Gg: AeBDiesQsqBrb8Ax7CgIodYIBtDaHydHzoiAzaUwIyFUSBDV7iaEOOlNtGyIPyB92H0 11+tiJ8Rr+b8lqnZlzh8waCrn3mjHydmwG2p5EGFRU3lp8Tk5i9+mpLc2PP0e+xfEh2GQ5aW6jD hZ4rwdI6WmOlCqKQHz94nLO8ptZ/LKaCOHEI5cQ2i0rbZE4m+MjH1gOAcBqKJ/Bpnl/tSHAw58a 8IYvYRfbparwSyAWpVdMZ+ysdAi93RkdkZrqtv7Qhj/jHOkOq0bChvKGwKiPgMtpkrLSyh/2zKi F2i+Kmmy7E4jgTlHUWWM6nyuwh+w6U8JiRG9nGbc/9trFtDPm48q3/++4iNEjroXmyEFr27CNPO /4Xg/Ihfc+q6j3SXNTU/9Sp+DuGfk7k1m03P67YaZUJi0cpCcom1IWNsbMPyxAqvCyyIhkZIwNT KSt3NpFmp8+c7rhIkDA94Xr22vJ/hgA+cgD2LmwRQnKs1aSHq8lqitD+r4GQ== X-Received: by 2002:a17:90b:51cb:b0:35d:93ff:284f with SMTP id 98e67ed59e1d1-364c312dcd4mr2568069a91.15.1777549624170; Thu, 30 Apr 2026 04:47:04 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:03 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Bartosz Golaszewski , Khem Raj , Ankur Tyagi Subject: [oe][meta-oe][whinlatter][PATCH 2/24] libgpiod: update to v2.2.4 Date: Thu, 30 Apr 2026 23:46:25 +1200 Message-ID: <20260430114649.4184890-2-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126736 From: Bartosz Golaszewski Bug-fix release addressing several issues discovered during an AI-augmented security audit. The most severe bug was found in the C extension code of the python bindings - which also get an update - but there were some memory leaks and integer overflow bugs in the core C library as well as in tools and DBus daemon. Full changelog: Bug fixes: - fix buffer over-read bugs when translating uAPI structs to library types - fix variable and argument types where necessary - sanitize values returned by the kernel to avoid potential buffer overflows - fix memory leaks in gpio-tools - add missing return value checks in gpio-tools - fix period parsing in gpio-tools - use correct loop counter in error path in gpio-manager Improvements: - make tests work with newer coreutils by removing cases checking tools' behavior on SIGINT which stopped working due to changes in behavior of the timeout tool Also: drop the patch that's now upstream from the recipe. Signed-off-by: Bartosz Golaszewski Signed-off-by: Khem Raj Signed-off-by: Ankur Tyagi --- .../libgpiod/{libgpiod_2.2.3.bb => libgpiod_2.2.4.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-support/libgpiod/{libgpiod_2.2.3.bb => libgpiod_2.2.4.bb} (98%) diff --git a/meta-oe/recipes-support/libgpiod/libgpiod_2.2.3.bb b/meta-oe/recipes-support/libgpiod/libgpiod_2.2.4.bb similarity index 98% rename from meta-oe/recipes-support/libgpiod/libgpiod_2.2.3.bb rename to meta-oe/recipes-support/libgpiod/libgpiod_2.2.4.bb index a23d65bcaa..4617f5643b 100644 --- a/meta-oe/recipes-support/libgpiod/libgpiod_2.2.3.bb +++ b/meta-oe/recipes-support/libgpiod/libgpiod_2.2.4.bb @@ -13,7 +13,7 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}-2.x:" SRC_URI += "file://gpio-manager.init" -SRC_URI[sha256sum] = "70012b0262e4b90f140431efa841ca89643b02ea6c09f507e23cec664a51b71a" +SRC_URI[sha256sum] = "13207176b0eb9b3e0f02552d5f49f5a6a449343ce47416158bb484d9d3019592" # Enable all project features for ptest PACKAGECONFIG[tests] = " \ From patchwork Thu Apr 30 11:46:26 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87259 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9B566FF8875 for ; Thu, 30 Apr 2026 11:47:13 +0000 (UTC) Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18366.1777549627904058318 for ; Thu, 30 Apr 2026 04:47:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=llHxoVN4; spf=pass (domain: gmail.com, ip: 209.85.216.52, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f52.google.com with SMTP id 98e67ed59e1d1-35da1af3e10so769926a91.3 for ; Thu, 30 Apr 2026 04:47:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549627; x=1778154427; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6bDC+CpFjRJeE8jL/RAvuJ9OkzQSI6iQ2rclgeKbCWw=; b=llHxoVN4XZ9jIaa4A5o89nbpAGtwFLG1Y76FIH0WWaEBaSwTgfHZ5S97pZxGG/Ndu6 Tu6RF4uIp4Vgk0JbF/BztZGq96MTVOBVHC9Ttm50H2xCFCZe3LD3jaW0pu5Qxm+II21P F7Xk/NMtm6YPRg6EjEsv+pOz4szCoKcZjpwlcLkMT0Fx/+RBHHTIeu/fBUyvh1MVWWXX G2h3MweuSHGwNg1Oq8L13wKdcQ4HCtaMOxXfJNlWvVmbjvcyomTOOiwWUFIwugDAWsdY G7DT0UwZBk7IKElVLBzJjI/1If1u2P/xJwGy0xbDCpofF+a2fk7VVt1fQDeyWh4Qknvc OSYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549627; x=1778154427; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=6bDC+CpFjRJeE8jL/RAvuJ9OkzQSI6iQ2rclgeKbCWw=; b=rmG1FU3BPrVCKZy4IRkwklSJ6VrGW/syhrDoc+/E8u4i2McEJQmoqgWNk6ti1Ix73A am1INwXVAAXFJrvcqrUzpKq7k+7mPiFL/5wCBLM1xvv/6Qg3Dk1mIB1xVhqCxUpCdz+l QsS9vxl6FMhI8gxJiLyl0zLvywxe9djKQKTQFHtjIzC9nmgcsqhGIz1B0E9ME6+BXU2h wXaOPm8d49VFHmcb7jNwWYvmI6OtVDuiLTRONxerq2QiIq4qw/urENA3YXiHQVMzKIAT oVnerh959FSfdrKVvK/BssQVqO33rApG7wPm3VuU5opsADyBbAcm3qb89aRC7010N/mt LqBQ== X-Gm-Message-State: AOJu0YyRvFYr0hUGDIsFSnTvZF9OYVYYjgM50YlGE/HJA/OVclwkV+2G 7rVFghM9WL5T3xgi9JFyR/B45wKVpa0XeJgk2koLTsWiafOR5QFGok5IKQtd59JV X-Gm-Gg: AeBDietd33bMfGJ2oyFREzryG57knRHw1hydqCJ+KwgISKVX1SuCcp2uBbpT/LOJySS 9Vl905sOWJvTBgi+2C/7+ri4lYWZ3YiOaA0QnK7gtPxTeFByXFnAEXXzC/Y71NURQeVJYZDcQiB 3R/UgvSL4UEOwTSYNegItCiNiQNPXh25mO1llu7KShZsRPwEqqA2+ir/gkJp6uPfQ19yXHAPSSv eorNHkviBe8Gg2YRNzsBnhXP9gP8J9o4/TGcGoINukZplJG9LdtwKBMOy6xoIa0eu51QWdXcQeC vCzYtHdO1QWrF5ZFspQ8ekmniNBk6VNJmPIN0dzarXGAT92P6UHqsVEg+FTrDMiGocouea/0DsG M5rAdNRKiPkMuoPk7ZxJYbLYDbQikdFoMC5k7kWhl1Kqzg0ByBFQJqNxM4n5Vyw7EmWhl37tY10 StneynliWtrr2byIKteI7H1SyTQwD5nTazm9o6yXm64eZm0Wo= X-Received: by 2002:a17:90b:270b:b0:35c:30a8:330 with SMTP id 98e67ed59e1d1-364c2d9f623mr2613305a91.0.1777549627056; Thu, 30 Apr 2026 04:47:07 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:06 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Gyorgy Sarvari , Khem Raj , Ankur Tyagi Subject: [oe][meta-oe][whinlatter][PATCH 3/24] xdg-dbus-proxy: upgrade 0.1.6 -> 0.1.7 Date: Thu, 30 Apr 2026 23:46:26 +1200 Message-ID: <20260430114649.4184890-3-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126737 From: Gyorgy Sarvari Contains fix for CVE-2026-34080. Since it is tracked without version info by NVD, mark it explicitily as patched. Drop the patch that is included in this release. While here, also add the recipe to the ptest list - it's a fast one, runs under a second. Changelog: - Drop the autotools build system - Unbreak the CI - Prevent a crash on disconnect - Fix building with glibc >= 2.43 - Fix the eavesdrop filtering to prevent message interception Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj Signed-off-by: Ankur Tyagi --- .../{xdg-dbus-proxy_0.1.6.bb => xdg-dbus-proxy_0.1.7.bb} | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) rename meta-oe/recipes-support/xdg-dbus-proxy/{xdg-dbus-proxy_0.1.6.bb => xdg-dbus-proxy_0.1.7.bb} (75%) diff --git a/meta-oe/recipes-support/xdg-dbus-proxy/xdg-dbus-proxy_0.1.6.bb b/meta-oe/recipes-support/xdg-dbus-proxy/xdg-dbus-proxy_0.1.7.bb similarity index 75% rename from meta-oe/recipes-support/xdg-dbus-proxy/xdg-dbus-proxy_0.1.6.bb rename to meta-oe/recipes-support/xdg-dbus-proxy/xdg-dbus-proxy_0.1.7.bb index 43536f5d7b..36b046482e 100644 --- a/meta-oe/recipes-support/xdg-dbus-proxy/xdg-dbus-proxy_0.1.6.bb +++ b/meta-oe/recipes-support/xdg-dbus-proxy/xdg-dbus-proxy_0.1.7.bb @@ -11,8 +11,10 @@ DEPENDS = " \ inherit meson pkgconfig -SRC_URI = "git://github.com/flatpak/xdg-dbus-proxy.git;protocol=https;branch=main" +SRC_URI = "git://github.com/flatpak/xdg-dbus-proxy.git;protocol=https;branch=main;tag=${PV}" -SRCREV = "1c1989e56f94b9eb3b7567f8a6e8a0aa16cba496" +SRCREV = "6a170fa77e3cbecb48f9dd2478fe5c0a119eb467" + +CVE_STATUS[CVE-2026-34080] = "fixed-version: fixed in 0.1.7" BBCLASSEXTEND = "native" From patchwork Thu Apr 30 11:46:27 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87260 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B412ACD13D2 for ; Thu, 30 Apr 2026 11:47:13 +0000 (UTC) Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18367.1777549630898553615 for ; Thu, 30 Apr 2026 04:47:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=IcyaMiyf; spf=pass (domain: gmail.com, ip: 209.85.216.52, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f52.google.com with SMTP id 98e67ed59e1d1-364ad762ef8so481083a91.1 for ; Thu, 30 Apr 2026 04:47:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549630; x=1778154430; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xKdwbkhPuFQ0MyhsfvWL/5UpZi2aDcymWWrgH+1Gaf8=; b=IcyaMiyfY5RgfesNBqR/gpxOgrlZQHqg3QL7Kt/Xdebc/rU7Q3Y2OdrqOx4ijPm8zY SJ3i8KLPju5k5xaQsRc76rNz1Q1FLwFDr6zoF4YN5VNusxyOeygJMuzI8AArGcFUFbTU CF8KTsaAPmmbkVITATX1mulxKGBzQ+hl/PHcXNVO24UgQQo1V7BMxZsYOQhf48BTqFSG SL510biBLMCTILZqnJ9WediQDbauY+pbldTpYhxpSj2hti9XVurnkLOGDbff2ZVx4rLS g7noZEmK9N+MPn6OkAu+2uGNAkdbU8jFl5j32iMWlLwUDhZgjr5bXgaEBuEoGQtSiEd9 E48g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549630; x=1778154430; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=xKdwbkhPuFQ0MyhsfvWL/5UpZi2aDcymWWrgH+1Gaf8=; b=mfwqL9hBDuNTC48sYbvmodEcYYXdS8GeZfRgZoYJUjzA0hihl0ko1NppRcajrDB7AD T6skTKJ+3HEpW1Gs2z0YysTD1hJF9K69sbfTJPNLweMFT51gkF8F/hO4usF4uiy/hhHB OB9lmZ40PSySKy4aGJeTHWvagOXUH/46yEYny+SdEF6dcFFErAYI4ill5yn0iM3oQrCv t1/TQasS3yNijHrU+ukWowJAtmyEYBnJCGnbG3aTrFuYKA5Qcs4Y8N7hCPFfYp7zH2gD erd5vul8/G0YJ3kiLr4zudohrMXw5M4rIt7Pv1I6n95vootyiavIT05Ku2PopUpTqDxO aljg== X-Gm-Message-State: AOJu0YxLslbOzSRqqN/2qB4jBtjbMMlUYm3mVWF6XIPh1nN8/XPdZrXL n1Rkg6o14ovwceWQXrmqZasJjoPw5Smufj8HGbhcF3QScMce48kic8SWQpNilLUB X-Gm-Gg: AeBDietW+qsR5tH4A/E3FajHb9SbG1cdSJ4Knh967CtKGhHK7GiC1BDKMMshCXPjKuC eUZSPGnKYgV3UhxkwlsLcsP78swNx4EAQSO4zEOTr8QFG4C/mjvh8dgVf/AeuDkEdGRQKfaVysC XCIeLDGUhGflHCsVGofU8jPEFLJG0kH5yx2fZZCgvILA/AJYA4AQDPzDIE6IS9VBxGNjxipTXjB EohYFyVy0OjXCwX2WWgt4YfgwUAJZVXVdkkTcgG49gezL/qk5emPR2+oddkfn2ELDcJYWpyaa+x ih769hZZITGA3XrYLd7NG+73KFVfWOyoFCP6//xKgkOmUPrOrGwv+Ht7jyNEYW12cvYxpft/VYA WnnZ0J8T4COHi+zXVlTs8hzvmrobx5Fw6aIMr1tI7PtJHvpgtOw9g89FCFtZxPg10Dkfu+FnIZ5 LBxBpZZuedAS95OdX+GcHB/XiG99Y8yKJ31zJEv7hSa9IwXKFPg3NnfKF0DQ== X-Received: by 2002:a17:90b:5783:b0:35f:be09:1a2b with SMTP id 98e67ed59e1d1-364c30042bcmr2769765a91.10.1777549629917; Thu, 30 Apr 2026 04:47:09 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:09 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Gyorgy Sarvari , Khem Raj , Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 4/24] corosync: patch CVE-2026-35091 Date: Thu, 30 Apr 2026 23:46:27 +1200 Message-ID: <20260430114649.4184890-4-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126738 From: Gyorgy Sarvari Details: https://nvd.nist.gov/vuln/detail/CVE-2026-35091 Pick the patch that mentions the CVE ID explicitly (it was identified by Debian also as the fix[1]) [1]: https://security-tracker.debian.org/tracker/CVE-2026-35091 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj (cherry picked from commit 701b22fda35648efc333d6e6e7abd8e70aa49870) Signed-off-by: Ankur Tyagi --- .../corosync/corosync/CVE-2026-35091.patch | 47 +++++++++++++++++++ .../corosync/corosync_3.1.10.bb | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta-networking/recipes-extended/corosync/corosync/CVE-2026-35091.patch diff --git a/meta-networking/recipes-extended/corosync/corosync/CVE-2026-35091.patch b/meta-networking/recipes-extended/corosync/corosync/CVE-2026-35091.patch new file mode 100644 index 0000000000..8afa5d6841 --- /dev/null +++ b/meta-networking/recipes-extended/corosync/corosync/CVE-2026-35091.patch @@ -0,0 +1,47 @@ +From b9cb461121c8721c94a94309eb345a3c2f9ee9b4 Mon Sep 17 00:00:00 2001 +From: Jan Friesse +Date: Thu, 2 Apr 2026 09:00:39 +0200 +Subject: [PATCH] totemsrp: Return error if sanity check fails +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Previously, the check_memb_commit_token_sanity function correctly +checked the minimum message length. However, if the message was too +short, it incorrectly returned a success code (0) instead of the +expected failure code (-1). + +This commit ensures the appropriate error code is returned when the +message length sanity check fails. + +Fixes: CVE-2026-35091 + +Reported-by: Sebastián Alba Vives (@Sebasteuo / 0xS4bb1) +Signed-off-by: Jan Friesse +Also-proposed-by: nicholasyang +Reviewed-by: Christine Caulfield + +CVE: CVE-2026-35091 +Upstream-Status: Backport [https://github.com/corosync/corosync/commit/a16614accfdb3481264d7281843fadf439d9ab1b] +Signed-off-by: Gyorgy Sarvari +--- + exec/totemsrp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/exec/totemsrp.c b/exec/totemsrp.c +index 35bf971..94d6c21 100644 +--- a/exec/totemsrp.c ++++ b/exec/totemsrp.c +@@ -3811,10 +3811,10 @@ static int check_memb_commit_token_sanity( + log_printf (instance->totemsrp_log_level_security, + "Received memb_commit_token message is too short... ignoring."); + +- return (0); ++ return (-1); + } + +- addr_entries= mct_msg->addr_entries; ++ addr_entries = mct_msg->addr_entries; + if (endian_conversion_needed) { + addr_entries = swab32(addr_entries); + } diff --git a/meta-networking/recipes-extended/corosync/corosync_3.1.10.bb b/meta-networking/recipes-extended/corosync/corosync_3.1.10.bb index 07d9333ec8..7ccccefed5 100644 --- a/meta-networking/recipes-extended/corosync/corosync_3.1.10.bb +++ b/meta-networking/recipes-extended/corosync/corosync_3.1.10.bb @@ -9,6 +9,7 @@ inherit autotools pkgconfig systemd github-releases SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \ file://corosync.conf \ + file://CVE-2026-35091.patch \ " SRC_URI[sha256sum] = "be361c827f99b215b3bd3fa2fb071c03dac6831c2a351963d938caef62604bc8" UPSTREAM_CHECK_GITTAGREGEX = "v(?P\d+(\.\d+)+)" From patchwork Thu Apr 30 11:46:28 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87264 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF384CD13DE for ; Thu, 30 Apr 2026 11:47:23 +0000 (UTC) Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.18175.1777549634329614392 for ; Thu, 30 Apr 2026 04:47:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=Df153oku; spf=pass (domain: gmail.com, ip: 209.85.216.50, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f50.google.com with SMTP id 98e67ed59e1d1-362e50b4641so468035a91.0 for ; Thu, 30 Apr 2026 04:47:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549633; x=1778154433; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/Hf4Zgmiv8DLQCxJnwX/FCIpqDUgzM/QvlrIc+bmUjs=; b=Df153oku+X3jKmv6RCQ/cPgvZyjUSD2bBQJvJj/Tl4N0W+xl8pg400kMxvSe/9EZjQ akKg3eyHKHr1drS/l31EuF4b2sUDZBMwL6lem9mPXbfZ1f2iUfiABbKfAO7GPcTHuIKp +QNp8ycJ/8aW4ln+5v67+6fJpv8rjBxrCPq0Z/z6ejuEe3JwyWhAvntJS2XPorTv2M+y +DXx+NcuBB0sZUj59o0Akbw7ACYTm9d/BEJdPlOF0sFqlitcm57ahk6cHCbzJsGtM5NW lOI4rLeniHANMCSGa4ZjmETgNrh5ciSJpouI6XPrBRKQ7XAW4ST+HyGLA8/UfSxbTNfW o0nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549633; x=1778154433; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=/Hf4Zgmiv8DLQCxJnwX/FCIpqDUgzM/QvlrIc+bmUjs=; b=ekZnxnKPl/Ee4fPZgrsQhn+mx0MDVPHKSdPuiAeeXpJXOiKtZrUUZfo+Ps4pTAulj4 g3Apk+NK+nfkc0TZ7Uj9ij/8HX7BYYVtCCyDVfdL5X7+LsLpz+hrUlQ6cKoW/dJZzfgM nUDBv05uk/YFCmIuRCk8u3CLL0sCoDONh4yC2MBht8Y+jDb+YoSJ6KH5jih2W7jQMi0G 9FtzZ7YRXALnnRJR10tbLUx83ceck46FXK4UCYPtUi+T5A+TFTkaXpNRVVqSWUu/jSjt yCXjNqXJ26El+6f89B/6GpR0+R4dHLDYiOrCX2bjo7745I06nRgVICdBrrby8OwQJpRF HWPQ== X-Gm-Message-State: AOJu0Yy98l2pCDK/tMuMpOcfxYaRsMEqqywmHut8vu7hOHNPgROrnobg pSXGYQLBat7nBgzDLfxQtKqV3qibdyXsB95neFZcXQ3ki+BGz2ZcVqMOR8TixtbW X-Gm-Gg: AeBDieuIBmZyYIFf2wlfTALnG7O/DDUPyZfsFP8Ude+vPTq3E4LSUCntrfEqVMUWbny h99eCPkLQ2aTZJH2JcQVvmgLZ1DMTbm6XQQrO+MRbItEHbVTdXh2wUwHDzfb/HTXXUkyJ+An/7C LZP46oWfKJ9j5y+XPws6Ih0nh2hu/tj2Ka21EMZyLgjoSgQyTEjVFLsl253NyzoV1S1FR1YJ/QH QSiZ/LpEArsqyU9ea2zEKfe+eJyt0n3CONlbObON9GxKWXos2j+ZJEVZF9TfIgopdH4Pbq5oOIK mJwpARY1Bszg21LxaC3hzBQqaxzBLnOm7n36t5euwuD1a75UT9VQSKkrqy4FdkxJN7z32bOsv4/ mTGumaTefzMskI5C52ADinERY2MNf76ME8h34QP2kH4ljUU1Cf7ln77f4MJde69rjFjafyolfsY B+mRU/qPBa1WhIFEip3RyvQLqDT08nT/OqDBNfH8S65Mll/cw= X-Received: by 2002:a17:90b:3d0b:b0:361:423d:2026 with SMTP id 98e67ed59e1d1-364c2fce7cdmr2912128a91.12.1777549633494; Thu, 30 Apr 2026 04:47:13 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:13 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Gyorgy Sarvari , Khem Raj , Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 5/24] corosync: patch CVE-2026-35092 Date: Thu, 30 Apr 2026 23:46:28 +1200 Message-ID: <20260430114649.4184890-5-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126739 From: Gyorgy Sarvari Details: https://nvd.nist.gov/vuln/detail/CVE-2026-35092 Pick the patch that mentions the CVE ID explicitly (the same commit was identified by Debian also[1]) [1]: https://security-tracker.debian.org/tracker/CVE-2026-35092 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj (cherry picked from commit af73e716bc7150ae8d912d8af00f6995e25f2031) Signed-off-by: Ankur Tyagi --- .../corosync/corosync/CVE-2026-35092.patch | 57 +++++++++++++++++++ .../corosync/corosync_3.1.10.bb | 1 + 2 files changed, 58 insertions(+) create mode 100644 meta-networking/recipes-extended/corosync/corosync/CVE-2026-35092.patch diff --git a/meta-networking/recipes-extended/corosync/corosync/CVE-2026-35092.patch b/meta-networking/recipes-extended/corosync/corosync/CVE-2026-35092.patch new file mode 100644 index 0000000000..8182647840 --- /dev/null +++ b/meta-networking/recipes-extended/corosync/corosync/CVE-2026-35092.patch @@ -0,0 +1,57 @@ +From 8f8a4747a0223b8897deda9a40a8a099c61fa80f Mon Sep 17 00:00:00 2001 +From: Jan Friesse +Date: Thu, 2 Apr 2026 09:44:06 +0200 +Subject: [PATCH] totemsrp: Fix integer overflow in memb_join_sanity +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This commit addresses an integer overflow (wraparound) vulnerability +in the check_memb_join_sanity function. + +Previously, the 32-bit unsigned network values proc_list_entries and +failed_list_entries were added together before being promoted to +size_t. This allowed the addition to wrap around in 32-bit arithmetic +(e.g., 0x80000000 + 0x80000000 = 0), resulting in a required_len +calculation that was incorrectly small. + +The solution is to cast the list entries to size_t and verify that +neither exceeds the maximum allowed value before the addition occurs. + +Fixes: CVE-2026-35092 + +Reported-by: Sebastián Alba Vives (@Sebasteuo / 0xS4bb1) +Signed-off-by: Jan Friesse +Also-proposed-by: nicholasyang +Reviewed-by: Christine Caulfield + +CVE: CVE-2026-35092 +Upstream-Status: Backport [https://github.com/corosync/corosync/commit/4082294f5094a7591e4e00658c5a605f05d644f1] +Signed-off-by: Gyorgy Sarvari +--- + exec/totemsrp.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/exec/totemsrp.c b/exec/totemsrp.c +index 94d6c21..6845cec 100644 +--- a/exec/totemsrp.c ++++ b/exec/totemsrp.c +@@ -3786,7 +3786,17 @@ static int check_memb_join_sanity( + failed_list_entries = swab32(failed_list_entries); + } + +- required_len = sizeof(struct memb_join) + ((proc_list_entries + failed_list_entries) * sizeof(struct srp_addr)); ++ if (proc_list_entries > PROCESSOR_COUNT_MAX || ++ failed_list_entries > PROCESSOR_COUNT_MAX) { ++ log_printf (instance->totemsrp_log_level_security, ++ "Received memb_join message list_entries exceeds the maximum " ++ "allowed value... ignoring."); ++ ++ return (-1); ++ } ++ ++ required_len = sizeof(struct memb_join) + ++ (((size_t)proc_list_entries + (size_t)failed_list_entries) * sizeof(struct srp_addr)); + if (msg_len < required_len) { + log_printf (instance->totemsrp_log_level_security, + "Received memb_join message is too short... ignoring."); diff --git a/meta-networking/recipes-extended/corosync/corosync_3.1.10.bb b/meta-networking/recipes-extended/corosync/corosync_3.1.10.bb index 7ccccefed5..77dea16e98 100644 --- a/meta-networking/recipes-extended/corosync/corosync_3.1.10.bb +++ b/meta-networking/recipes-extended/corosync/corosync_3.1.10.bb @@ -10,6 +10,7 @@ inherit autotools pkgconfig systemd github-releases SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \ file://corosync.conf \ file://CVE-2026-35091.patch \ + file://CVE-2026-35092.patch \ " SRC_URI[sha256sum] = "be361c827f99b215b3bd3fa2fb071c03dac6831c2a351963d938caef62604bc8" UPSTREAM_CHECK_GITTAGREGEX = "v(?P\d+(\.\d+)+)" From patchwork Thu Apr 30 11:46:29 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87262 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3AB3CCFA13 for ; Thu, 30 Apr 2026 11:47:23 +0000 (UTC) Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18371.1777549636594713929 for ; Thu, 30 Apr 2026 04:47:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=sTy3JQmU; spf=pass (domain: gmail.com, ip: 209.85.216.45, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f45.google.com with SMTP id 98e67ed59e1d1-35d94f4ee36so519300a91.3 for ; Thu, 30 Apr 2026 04:47:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549636; x=1778154436; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3RFSQl8ytVi0wW8GHCzQB5JK4P1McmUcHFnwd/vBVB0=; b=sTy3JQmU682aHnszTSlClXkRidsIqgRha2snlYBezHU09G7gIfspNap0IvoH2X/IWC ryTIl+DXZa54rvv91fvoS1rHkK2gV354WM6XaJrqi2Pcumf/MFh8fyYv9KZ2hIzJiAhJ fNyFoEUzJ+WblVJn9rL+H9E+OMF7VXCx+77nJjC5lB0VYWx59oLKSigIR0GjHppA3eno QnMtxwKebapkpCoLCQTRbSvfaZ4AGNk5r05n7z0dr2BAerJCO0E21d91h4UCCGIDanV2 ARQusLBn6O7zblaXEypVwsw04aFOeFA18cw1ogxVateT3Y3op2YPD0npC+sxMhlbepJg TxzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549636; x=1778154436; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=3RFSQl8ytVi0wW8GHCzQB5JK4P1McmUcHFnwd/vBVB0=; b=L8Kcm+UBk2Ax4ED1eouZ0QgYcq1tZkEzZ8XjT9WIPkNf29CaAEAJ24tMcgX2yRT3Tk e7oDPb+12CV/JjWZwVZz+UUx6MJHI1Nqrr3UJZZV7SWZsyUaG57noqb3v0Ru3hi+g4P+ BljjyyHM4k36Bo+dAcVOPqnc/PAoqBBvnH9TB6t4wM6gfOB/ehcR1E2WmHmZ/omMN+Zf qgaKJwDhKRPo2Q9L3kBejAPydqiC5YbviPhy0s/8dBwyzTpAplJPkF4PFoCLL+XfObDp yPfBmNwGrBm7MGLUsXVl/vRtCZ+qBjDZdhDOEifF8fC8UVL3AmdTQ3TJ5SqifRcmNw3E fflg== X-Gm-Message-State: AOJu0YzWp2Sq5p0vKSNc5d7g75B5Wbp0AZbUD026SylXowALd4prsJrA lyr6CzoGTkWhNA5gol/14EcpgjZc0oXc4WLg/ticoR+x2cZvxrP5I5onR6Ab7FIi X-Gm-Gg: AeBDiesslmrlCe4F60MmjTTmig9vH2tciAXzXySg3KifcmWenP+79g6dTADzGmFVFNx HisDVwDhacCc9iZc0dS7TEhstAeaddk/hUuP+ib/Kr9+K9cmNUPwBlSfrU5H89z9IAUfhfzAX+D o7wNwLOGDIAvrB7xL+GV+ZfYgmUU47NkfnsHYbA0w+FtEqarHvqD7gt38forZ2O4gz6z6/1zLNv UxKfgfTZDia+VIZFz2nVEcPlTrReXAUmaOPNSX3uiFtUlAkPw2XHrRyyz/2/70YNNNqiOqO87n5 L1tcOXOXiTTl6Hlf7PnVrLRM8mRBGrGgaYG5w48nBl2dUpDjzhfIHle2hus44MrY2N18gv0oTKU G3I1lL6e+9RK/F4oj3HI0juk/EWuVamKDN0uo0nc2gYoSPgcOSt4GVc2nZaj8KkDGHy0LQ3tQPW rn49v3liCsa28jKOpIpDLeX+dGhQGf/svxBVxRcBrPi8Pm+NA= X-Received: by 2002:a17:90b:2d8c:b0:361:45df:103 with SMTP id 98e67ed59e1d1-364c302a1bfmr2637593a91.12.1777549635811; Thu, 30 Apr 2026 04:47:15 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:15 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-webserver][whinlatter][PATCH 6/24] monkey: fix QA issue Date: Thu, 30 Apr 2026 23:46:29 +1200 Message-ID: <20260430114649.4184890-6-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126740 From: Ankur Tyagi Signed-off-by: Ankur Tyagi --- meta-webserver/recipes-httpd/monkey/monkey_1.8.4.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta-webserver/recipes-httpd/monkey/monkey_1.8.4.bb b/meta-webserver/recipes-httpd/monkey/monkey_1.8.4.bb index 126a2a6fa5..4e4b272897 100644 --- a/meta-webserver/recipes-httpd/monkey/monkey_1.8.4.bb +++ b/meta-webserver/recipes-httpd/monkey/monkey_1.8.4.bb @@ -51,6 +51,10 @@ do_install:append() { if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -Dm 644 ${UNPACKDIR}/monkey.service ${D}/${systemd_unitdir}/system/monkey.service fi + + # QA Issue: monkey installs files in /var/volatile, but it is expected to be empty [empty-dirs] + # these folders are supposed to be recreated at runtime + find ${D}/var -type d -empty -delete } INITSCRIPT_NAME = "monkey" From patchwork Thu Apr 30 11:46:30 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87265 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D04C5CD13D2 for ; Thu, 30 Apr 2026 11:47:23 +0000 (UTC) Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com [209.85.216.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.18176.1777549639893930754 for ; Thu, 30 Apr 2026 04:47:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=leVS6rN/; spf=pass (domain: gmail.com, ip: 209.85.216.42, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f42.google.com with SMTP id 98e67ed59e1d1-35e576110adso601435a91.0 for ; Thu, 30 Apr 2026 04:47:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549639; x=1778154439; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1yP1o2jwsf8kxqbzqIGyshbjdFCPSxQYyBx6ym+G/rw=; b=leVS6rN/ULKnLNNbUMlolmaO3wrTiAkLPDRbXNn9AO96Vse2N/tuGeOJ6tc5uh+Mpg xTKvTNWCJCy//EULvC434pGizrXD0o98UMKkgGKmf+PkVmmWLPEXLn3lchuiSIGAUYnG 4DEVPGAeLvN8fc0iNjDyvfiXiLL5uyPX76FAbKWhCQ9TpO+n1aKRSyy2XcHuej/cHTKB UJR4Taa9eplQGZLnXO260xuuUDEeresPgUCjTU9RVsyBIkIaPpd2GAPywPzb9ZDL+mYa KSxMW1Ke7chsOrAYMJHVzjKHYam7gSOMBZGmWNc4hBbzpdmZE9SXOljI5b7ks3oYkrYu NmTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549639; x=1778154439; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=1yP1o2jwsf8kxqbzqIGyshbjdFCPSxQYyBx6ym+G/rw=; b=SrrlQZJwbOV2549XMvdcAEc1Ejit4BpvUYA3RH+wI7ilIJU+6rYqIwGHdJvZPbNSJ3 3YgJuJ6rk28apRjrQodowIbyAwkfRzsKuVAogjAWpbMZcKcfExLIMv7DjqrgnUYkkm6f 3Kcn62hcOYfviAHq3PGL+0iFcfI5/OhWfpQl0yAcRrwP08SXhZTnQm1vNEeRgqKH6URz d/6XLdsmnQ6qHtYXGf3GtOls3hUthITiIry0axBjT6+XrKs+FX4bOUdeoMF1jw8Jx6t3 B/GVqra48DcLC+D4cUuLXL5zC/ZTwuEPilSyvo0lAw0eOy1Z6a5Wu6jerkrTTZuUlws3 ko2w== X-Gm-Message-State: AOJu0YxUPXbdZLOuRJsOIz+6eSMKP7ofSV2Qbta8MZMAQgiGCGaNKloV ayETLe1OsljTi/tGheQ0z2XCAYTBTpanvBXmeeXSMDjKGXU2l23klI/C/T9ycUwM X-Gm-Gg: AeBDiesWjmfPPY3l0hSFP5ULBjE4MkCFZdA0ke+h0h4n9scoBQ7H1tfOVYIYB/t+VGy 7PYuJiB/62xBuYAkIfx5wR41SmleW43i6n+12tatIGiiXRLca4B0UyloHLrA8sFSHVRfCG130IA uo0qG5Iv4q97HGmeny5hFjcdm93Rk75j0ght2ROR/Soshlo1mLyTylUvAc5GjNSKK/mv7Q4qyxw jiq28UD1Z8Ma8VavehPVyKkrnwGfy//sDo4cgqYdvpd5tuD8K2ohl/N90BqOju3PytVSaTq54Ji aipAIlye0/eg+HSSzeeYiNnXJlg0GvugcknlNbj4rZtcFUThvHxa6+uNoI5/wseNMn1uKbO+GtR mZGAg531599p7QwSjyGyNM1i7FlPZdYCcttJA+Y25YKf3TGnCiNLU13a9dRTxC09jsjbLsSFPDT fHK7JHk+sv7pK3QQjA3iOv3unyU/tdPYmR2DbK9vGv5oDI2mk= X-Received: by 2002:a17:90b:2242:b0:35d:aa02:d776 with SMTP id 98e67ed59e1d1-364c44c077emr1679435a91.2.1777549638712; Thu, 30 Apr 2026 04:47:18 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:18 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Gyorgy Sarvari , Khem Raj , Ankur Tyagi Subject: [oe][meta-webserver][whinlatter][PATCH 7/24] monkey: patch CVEs Date: Thu, 30 Apr 2026 23:46:30 +1200 Message-ID: <20260430114649.4184890-7-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126741 From: Gyorgy Sarvari These patches are about a number of CVEs files against the application: CVE-2025-63649, CVE-2025-63650, CVE-2025-63651, CVE-2025-63652, CVE-2025-63653, CVE-2025-63655, CVE-2025-63656, CVE-2025-63657 and CVE-2025-63658. These patches are taken from a pull request[1] that is referenced in the relevant bug report[2]. The patches don't target specific CVEs on separately, but they fix a number of CVEs altogether. Based on upstream analysis (in the linked issue) a number of these CVEs are duplicates of each other and/or not exploitable. The valid CVEs are fixed by these patches. I haven't added specific CVE info to the patches, one hand because of the above, it is hard to separate the patches by CVE, and secondarily because NVD tracks these CVEs with incorrect version info: NVD considers 1.8.6 fully fixed, even though the patches are only in the master branch, untagged at this time. After updating the recipe to 1.8.6+, the vulnerabilites will disappear from the CVE report due to this. [1]: https://github.com/monkey/monkey/pull/434 [2]: https://github.com/monkey/monkey/issues/426 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj (cherry picked from commit d31f07340fad43120f5e2ee4aee98cdec6f2717d) Signed-off-by: Ankur Tyagi --- ...tp-fix-malformed-request-crash-paths.patch | 160 ++++++++++++++++++ ...eduler-guard-protocol-close-callback.patch | 51 ++++++ ...server-parser-harden-boundary-checks.patch | 108 ++++++++++++ .../recipes-httpd/monkey/monkey_1.8.4.bb | 6 +- 4 files changed, 324 insertions(+), 1 deletion(-) create mode 100644 meta-webserver/recipes-httpd/monkey/files/0001-server-http-fix-malformed-request-crash-paths.patch create mode 100644 meta-webserver/recipes-httpd/monkey/files/0002-server-scheduler-guard-protocol-close-callback.patch create mode 100644 meta-webserver/recipes-httpd/monkey/files/0003-server-parser-harden-boundary-checks.patch diff --git a/meta-webserver/recipes-httpd/monkey/files/0001-server-http-fix-malformed-request-crash-paths.patch b/meta-webserver/recipes-httpd/monkey/files/0001-server-http-fix-malformed-request-crash-paths.patch new file mode 100644 index 0000000000..b57d7ac219 --- /dev/null +++ b/meta-webserver/recipes-httpd/monkey/files/0001-server-http-fix-malformed-request-crash-paths.patch @@ -0,0 +1,160 @@ +From 839620179e2b4e5982c53d8956d92e690d82960c Mon Sep 17 00:00:00 2001 +From: Eduardo Silva +Date: Thu, 9 Apr 2026 12:11:52 -0600 +Subject: [PATCH] server: http: fix malformed request crash paths + +Fix the reproducible malformed-request crash paths in the HTTP +request lifecycle. + +Handle missing Host data in directory redirects, reject malformed +range delimiters before substring parsing, and avoid reusing invalid +request state while advancing pipelined requests. + +Verified by rebuilding with cmake --build build and replaying the +reported crash-inducing request fixtures against build/bin/monkey. + +Signed-off-by: Eduardo Silva + +This patch is part of https://github.com/monkey/monkey/pull/434, +containing assorted CVE fixes. + +Upstream-Status: Backport [https://github.com/monkey/monkey/commit/1570f41231888ae8c7fbd719704e2486a952e45d] +Signed-off-by: Gyorgy Sarvari +--- + mk_core/mk_memory.c | 10 ++++++++++ + mk_server/mk_http.c | 46 +++++++++++++++++++++++++++++++++++++++++---- + 2 files changed, 52 insertions(+), 4 deletions(-) + +diff --git a/mk_core/mk_memory.c b/mk_core/mk_memory.c +index c4073e23..008f7ac6 100644 +--- a/mk_core/mk_memory.c ++++ b/mk_core/mk_memory.c +@@ -52,6 +52,16 @@ char *mk_ptr_to_buf(mk_ptr_t p) + { + char *buf; + ++ if (!p.data || p.len == 0) { ++ buf = mk_mem_alloc(1); ++ if (!buf) { ++ return NULL; ++ } ++ ++ buf[0] = '\0'; ++ return buf; ++ } ++ + buf = mk_mem_alloc(p.len + 1); + if (!buf) return NULL; + +diff --git a/mk_server/mk_http.c b/mk_server/mk_http.c +index ad12a74a..f2f12554 100644 +--- a/mk_server/mk_http.c ++++ b/mk_server/mk_http.c +@@ -457,6 +457,10 @@ static int mk_http_range_parse(struct mk_http_request *sr) + if ((sep_pos = mk_string_char_search(sr->range.data, '-', sr->range.len)) < 0) + return -1; + ++ if (sep_pos < eq_pos) { ++ return -1; ++ } ++ + len = sr->range.len; + sh = &sr->headers; + +@@ -476,10 +480,16 @@ static int mk_http_range_parse(struct mk_http_request *sr) + /* =yyy-xxx */ + if ((eq_pos + 1 != sep_pos) && (len > sep_pos + 1)) { + buffer = mk_string_copy_substr(sr->range.data, eq_pos + 1, sep_pos); ++ if (!buffer) { ++ return -1; ++ } + sh->ranges[0] = (unsigned long) atol(buffer); + mk_mem_free(buffer); + + buffer = mk_string_copy_substr(sr->range.data, sep_pos + 1, len); ++ if (!buffer) { ++ return -1; ++ } + sh->ranges[1] = (unsigned long) atol(buffer); + mk_mem_free(buffer); + +@@ -493,6 +503,9 @@ static int mk_http_range_parse(struct mk_http_request *sr) + /* =yyy- */ + if ((eq_pos + 1 != sep_pos) && (len == sep_pos + 1)) { + buffer = mk_string_copy_substr(sr->range.data, eq_pos + 1, len); ++ if (!buffer) { ++ return -1; ++ } + sr->headers.ranges[0] = (unsigned long) atol(buffer); + mk_mem_free(buffer); + +@@ -522,7 +535,16 @@ static int mk_http_directory_redirect_check(struct mk_http_session *cs, + return 0; + } + ++ if (!sr->host.data || sr->host.len <= 0) { ++ mk_http_error(MK_CLIENT_BAD_REQUEST, cs, sr, server); ++ return -1; ++ } ++ + host = mk_ptr_to_buf(sr->host); ++ if (!host) { ++ mk_http_error(MK_CLIENT_BAD_REQUEST, cs, sr, server); ++ return -1; ++ } + + /* + * Add ending slash to the location string +@@ -588,6 +610,9 @@ static inline char *mk_http_index_lookup(mk_ptr_t *path_base, + } + + off = path_base->len; ++ if ((size_t) off >= buf_size) { ++ return NULL; ++ } + memcpy(buf, path_base->data, off); + + mk_list_foreach(head, server->index_files) { +@@ -1138,15 +1163,27 @@ int mk_http_request_end(struct mk_http_session *cs, struct mk_server *server) + ret = mk_http_parser_more(&cs->parser, cs->body_length); + if (ret == MK_TRUE) { + /* Our pipeline request limit is the same that our keepalive limit */ ++ if (cs->parser.i < 0 || ++ (unsigned int) (cs->parser.i + 1) >= cs->body_length) { ++ goto shutdown; ++ } ++ + cs->counter_connections++; + len = (cs->body_length - cs->parser.i) -1; ++ if (len <= 0) { ++ goto shutdown; ++ } + memmove(cs->body, + cs->body + cs->parser.i + 1, + len); + cs->body_length = len; + + /* Prepare for next one */ +- sr = mk_list_entry_first(&cs->request_list, struct mk_http_request, _head); ++ if (mk_list_is_empty(&cs->request_list) == 0) { ++ cs->close_now = MK_TRUE; ++ goto shutdown; ++ } ++ sr = &cs->sr_fixed; + mk_http_request_free(sr, server); + mk_http_request_init(cs, sr, server); + mk_http_parser_init(&cs->parser); +@@ -1626,9 +1663,10 @@ int mk_http_sched_done(struct mk_sched_conn *conn, + struct mk_http_request *sr; + + session = mk_http_session_get(conn); +- sr = mk_list_entry_first(&session->request_list, +- struct mk_http_request, _head); +- mk_plugin_stage_run_40(session, sr, server); ++ if (mk_list_is_empty(&session->request_list) != 0) { ++ sr = &session->sr_fixed; ++ mk_plugin_stage_run_40(session, sr, server); ++ } + + return mk_http_request_end(session, server); + } diff --git a/meta-webserver/recipes-httpd/monkey/files/0002-server-scheduler-guard-protocol-close-callback.patch b/meta-webserver/recipes-httpd/monkey/files/0002-server-scheduler-guard-protocol-close-callback.patch new file mode 100644 index 0000000000..c731db0919 --- /dev/null +++ b/meta-webserver/recipes-httpd/monkey/files/0002-server-scheduler-guard-protocol-close-callback.patch @@ -0,0 +1,51 @@ +From 82fb537e74e9b801d196b76efaf735ee50cd86c6 Mon Sep 17 00:00:00 2001 +From: Eduardo Silva +Date: Thu, 9 Apr 2026 12:43:31 -0600 +Subject: [PATCH] server: scheduler: guard protocol close callback + +Avoid calling a null cb_close handler from the scheduler close +and timeout paths. + +This fixes the HTTP/2 upgrade case where the protocol handler can be +switched to mk_http2_handler even though that handler does not +implement cb_close. + +Verified by rebuilding with cmake --build build. + +Signed-off-by: Eduardo Silva + +This patch is part of https://github.com/monkey/monkey/pull/434, +containing assorted CVE fixes. + +Upstream-Status: Backport [https://github.com/monkey/monkey/commit/fc1d68fb38044df08cb43c7d9af0f68714388efc] +Signed-off-by: Gyorgy Sarvari +--- + mk_server/mk_scheduler.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/mk_server/mk_scheduler.c b/mk_server/mk_scheduler.c +index a680d3cd..3cf0ba40 100644 +--- a/mk_server/mk_scheduler.c ++++ b/mk_server/mk_scheduler.c +@@ -598,8 +598,10 @@ int mk_sched_check_timeouts(struct mk_sched_worker *sched, + MK_TRACE("Scheduler, closing fd %i due TIMEOUT", + conn->event.fd); + MK_LT_SCHED(conn->event.fd, "TIMEOUT_CONN_PENDING"); +- conn->protocol->cb_close(conn, sched, MK_SCHED_CONN_TIMEOUT, +- server); ++ if (conn->protocol->cb_close) { ++ conn->protocol->cb_close(conn, sched, MK_SCHED_CONN_TIMEOUT, ++ server); ++ } + mk_sched_drop_connection(conn, sched, server); + } + } +@@ -749,7 +751,7 @@ int mk_sched_event_close(struct mk_sched_conn *conn, + MK_TRACE("[FD %i] Connection Handler, closed", conn->event.fd); + mk_event_del(sched->loop, &conn->event); + +- if (type != MK_EP_SOCKET_DONE) { ++ if (type != MK_EP_SOCKET_DONE && conn->protocol->cb_close) { + conn->protocol->cb_close(conn, sched, type, server); + } + /* diff --git a/meta-webserver/recipes-httpd/monkey/files/0003-server-parser-harden-boundary-checks.patch b/meta-webserver/recipes-httpd/monkey/files/0003-server-parser-harden-boundary-checks.patch new file mode 100644 index 0000000000..1e56893c65 --- /dev/null +++ b/meta-webserver/recipes-httpd/monkey/files/0003-server-parser-harden-boundary-checks.patch @@ -0,0 +1,108 @@ +From b9f24a2968fa62de4a6ecf070fa0389ce10e7729 Mon Sep 17 00:00:00 2001 +From: Eduardo Silva +Date: Thu, 9 Apr 2026 12:11:57 -0600 +Subject: [PATCH] server: parser: harden boundary checks + +Tighten parser and helper validation around explicit lengths and +buffer boundaries. + +Require exact header literal matches, validate chunk length tokens, +and guard helper routines that previously trusted inconsistent +pointer or length state. + +Verified by rebuilding with cmake --build build and replaying the +reported malformed request fixtures against build/bin/monkey. + +Signed-off-by: Eduardo Silva + +This patch is part of https://github.com/monkey/monkey/pull/434, +containing assorted CVE fixes. + +Upstream-Status: Backport [https://github.com/monkey/monkey/commit/ffe0d0ed1b074ea6f3965c37bb754e9f19130a82] +Signed-off-by: Gyorgy Sarvari +--- + include/monkey/mk_http_parser.h | 6 +++++- + mk_server/mk_http_parser.c | 13 +++++++++++++ + mk_server/mk_mimetype.c | 7 ++++++- + mk_server/mk_user.c | 2 +- + 4 files changed, 25 insertions(+), 3 deletions(-) + +diff --git a/include/monkey/mk_http_parser.h b/include/monkey/mk_http_parser.h +index 9e3b365e..465ea0e4 100644 +--- a/include/monkey/mk_http_parser.h ++++ b/include/monkey/mk_http_parser.h +@@ -389,7 +389,11 @@ int mk_http_parser_chunked_decode_buf(struct mk_http_parser *p, + + static inline int mk_http_parser_more(struct mk_http_parser *p, int len) + { +- if (abs(len - p->i) - 1 > 0) { ++ if (len <= 0 || p->i < 0) { ++ return MK_FALSE; ++ } ++ ++ if ((p->i + 1) < len) { + return MK_TRUE; + } + +diff --git a/mk_server/mk_http_parser.c b/mk_server/mk_http_parser.c +index 9413528a..3c831f29 100644 +--- a/mk_server/mk_http_parser.c ++++ b/mk_server/mk_http_parser.c +@@ -173,6 +173,16 @@ static inline void request_set(mk_ptr_t *ptr, struct mk_http_parser *p, char *bu + static inline int header_cmp(const char *expected, char *value, int len) + { + int i = 0; ++ size_t expected_len; ++ ++ if (len < 0) { ++ return -1; ++ } ++ ++ expected_len = strlen(expected); ++ if ((size_t) len != expected_len) { ++ return -1; ++ } + + if (len >= 8) { + if (expected[0] != tolower(value[0])) return -1; +@@ -535,6 +545,9 @@ parse_more: + (errno != 0)) { + return MK_HTTP_PARSER_ERROR; + } ++ if (ptr == tmp || *ptr != '\0') { ++ return MK_HTTP_PARSER_ERROR; ++ } + + if (chunk_len < 0) { + return MK_HTTP_PARSER_ERROR; +diff --git a/mk_server/mk_mimetype.c b/mk_server/mk_mimetype.c +index b86b4ef1..5462ea5c 100644 +--- a/mk_server/mk_mimetype.c ++++ b/mk_server/mk_mimetype.c +@@ -197,7 +197,12 @@ struct mk_mimetype *mk_mimetype_find(struct mk_server *server, mk_ptr_t *filenam + { + int j, len; + +- j = len = filename->len; ++ if (!filename->data || filename->len <= 0) { ++ return NULL; ++ } ++ ++ len = filename->len; ++ j = len - 1; + + /* looking for extension */ + while (j >= 0 && filename->data[j] != '.') { +diff --git a/mk_server/mk_user.c b/mk_server/mk_user.c +index 7200ff08..716331ac 100644 +--- a/mk_server/mk_user.c ++++ b/mk_server/mk_user.c +@@ -46,7 +46,7 @@ int mk_user_init(struct mk_http_session *cs, struct mk_http_request *sr, + } + + limit = mk_string_char_search(sr->uri_processed.data + offset, '/', +- sr->uri_processed.len); ++ sr->uri_processed.len - offset); + + if (limit == -1) { + limit = (sr->uri_processed.len) - offset; diff --git a/meta-webserver/recipes-httpd/monkey/monkey_1.8.4.bb b/meta-webserver/recipes-httpd/monkey/monkey_1.8.4.bb index 4e4b272897..0bf3d91602 100644 --- a/meta-webserver/recipes-httpd/monkey/monkey_1.8.4.bb +++ b/meta-webserver/recipes-httpd/monkey/monkey_1.8.4.bb @@ -11,7 +11,11 @@ SRC_URI = "git://github.com/monkey/monkey;branch=master;protocol=https \ file://0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch \ file://0001-include-Fix-location-of-mk_core.h-etal.patch \ file://monkey.service \ - file://monkey.init" + file://monkey.init \ + file://0001-server-http-fix-malformed-request-crash-paths.patch \ + file://0002-server-scheduler-guard-protocol-close-callback.patch \ + file://0003-server-parser-harden-boundary-checks.patch \ + " SRCREV = "94af273244369e1a8426d0d1f6376475aff90db9" From patchwork Thu Apr 30 11:46:31 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87263 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8A82FF8875 for ; Thu, 30 Apr 2026 11:47:23 +0000 (UTC) Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.18178.1777549642563571445 for ; Thu, 30 Apr 2026 04:47:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=Kbbxg/jr; spf=pass (domain: gmail.com, ip: 209.85.216.41, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f41.google.com with SMTP id 98e67ed59e1d1-35fb0bb27e7so486133a91.1 for ; Thu, 30 Apr 2026 04:47:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549642; x=1778154442; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/c0aEXx4ITvfCty1Q5yemW22TS7gvadZP39P5o69IH8=; b=Kbbxg/jrl9pCeEbiJPnfNCIU+G7kWRVAA2NR6SRzzU6RSRvnyS5z/iHLdUaYLKqBUK G4dqWujOkOtrBEnQmNuVeyhVeEi/Kk8I+vlpzypTelIUdtoFizRUAyKRg3bBKjXCk2bN DmPOmjkIaiw/a9hQh6jmQK/abY5o9WPcs26zY9oaJfSia+5lz5ScMMhAfCwrf1KZz+GK ATpxraB16iYtSNN/FwdgbArHLrcNLM/z4BoJ4hRTpO4b07ssm8nyzu9GnvLCvpgKkwvu yXWsONQvos4xsZWmnJBXyiyohNP8nMQ558+R8PGqcCKiAsIgfZ3ry62LU39S55zbRew9 /9Bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549642; x=1778154442; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=/c0aEXx4ITvfCty1Q5yemW22TS7gvadZP39P5o69IH8=; b=gDXG5LNCEn/K6c/9Rj4SAWXC/LJXX/YUMIO8fZBtt+4JEVfGBo5/m1HWAT7kRPDLEz Aw0sd0qmHbyDdblFoR0ZQaNmcJMCHSgjOcpUPFMwCRURNfO4YdI5NpDE4X8nOfPXNj2C srnaODkStfBZ2Wg1hmANOCkCcgg7fHTf7eH1Laug2bG0hxuXPzVyEY6kIVMbdINOLwMj 9krwoR5El5C3jjeUAKIUXXctYU2CSQCYeANHonQ1inHeKWt+6mhRA0njDlr7KoiNlhQH Jv+lrAkc1o3paa0f+7piahEuQlJpYW/JJq5NAaWj2aI3iXb9IzhqHe2JGJkbj2u3m/C3 Q+qg== X-Gm-Message-State: AOJu0Yy1uWj/FomZ6lV2UA6UDrjN9zKsGxLAY7jheicCaJf6nKzICgxd iHP/nUUkjMLtDSHkz1U3EujkecdHzcEXSKZarRJzDHzESNsVES6hP4qSSvvH2ZLN X-Gm-Gg: AeBDievn3Nx7KX/2iJkgbnfVkllY7xjO7TkaiLZOTVXaaiDwfX9X8kxc/9xDpBsBb1E xQUve/MukUGJ7Dmg8A9A4oZkzkOSdIqf4XVRo12p1QeEF4u0YiqSC0YWgZ5E0hS2mFpjgiXOCtV Y+s1v4VvGyDwmpGSfP/X+Gs5CAEEo1ajoaC+xLEa7OVsdq4NKHV/vgt0n5ZlC2opL2aAelRfzTJ tO+FEoDJ7v+HOiPCbkJ7l2Vr9RjGBjNaMWYeLR96oUfl1nxILDFtNQzmrGdL8qSa5ASslPiKJ3e z1GesUrny1s9jFQCyAuug48qD61gKea/HOjJMeJRmxsAw+KFlPk7bpWEMR0pEgfwkAmsIFs0n5j mzhOafrT5zmCI0GR4n0j3K8fxPKegO1aeoIfrYzPQkV3pb21m5z3tuV+azygxPgL4xJklP63LiM jhuPjYGJ4LW2m7CBt73JTTJNp69ZglbXjdDep8vLWxbTsJT2U= X-Received: by 2002:a17:90b:4b0b:b0:362:f860:f9ba with SMTP id 98e67ed59e1d1-364c2f2300fmr2405440a91.1.1777549641700; Thu, 30 Apr 2026 04:47:21 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:21 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Mingli Yu , Khem Raj , Ankur Tyagi Subject: [oe][meta-python][whinlatter][PATCH 8/24] python3-ecdsa: Upgrade 0.19.1 -> 0.19.2 Date: Thu, 30 Apr 2026 23:46:31 +1200 Message-ID: <20260430114649.4184890-8-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126742 From: Mingli Yu Changlog: https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.19.2 Signed-off-by: Mingli Yu Signed-off-by: Khem Raj (cherry picked from commit 27d096d984b1a5b567ba1b217c3fee8581284575) Signed-off-by: Ankur Tyagi --- .../python/{python3-ecdsa_0.19.1.bb => python3-ecdsa_0.19.2.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-ecdsa_0.19.1.bb => python3-ecdsa_0.19.2.bb} (87%) diff --git a/meta-python/recipes-devtools/python/python3-ecdsa_0.19.1.bb b/meta-python/recipes-devtools/python/python3-ecdsa_0.19.2.bb similarity index 87% rename from meta-python/recipes-devtools/python/python3-ecdsa_0.19.1.bb rename to meta-python/recipes-devtools/python/python3-ecdsa_0.19.2.bb index 4e884b2d74..93673fb51d 100644 --- a/meta-python/recipes-devtools/python/python3-ecdsa_0.19.1.bb +++ b/meta-python/recipes-devtools/python/python3-ecdsa_0.19.2.bb @@ -4,7 +4,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=66ffc5e30f76cbb5358fe54b645e5a1d" PYPI_PACKAGE = "ecdsa" -SRC_URI[sha256sum] = "478cba7b62555866fcb3bb3fe985e06decbdb68ef55713c4e5ab98c57d508e61" +SRC_URI[sha256sum] = "62635b0ac1ca2e027f82122b5b81cb706edc38cd91c63dda28e4f3455a2bf930" inherit pypi setuptools3 python3native ptest-python-pytest From patchwork Thu Apr 30 11:46:32 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87268 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1393ACCFA13 for ; Thu, 30 Apr 2026 11:47:34 +0000 (UTC) Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18375.1777549645367788634 for ; Thu, 30 Apr 2026 04:47:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=KURmu/fU; spf=pass (domain: gmail.com, ip: 209.85.216.53, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-35f9ab079bdso521204a91.2 for ; Thu, 30 Apr 2026 04:47:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549644; x=1778154444; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TvUVqa4XN35fomXswiRDHtp6FY7sTMTtsbhEc3ccGdg=; b=KURmu/fUmMg4zL0grzIesvHh743bfDhXuWKFi0mJ+u2wen+TrcsuHscCBXsTpj5Bnh RP67OKZS2jDu2Z4MThF9Qpqe3QpnuhGpyiAQ/7sQ3SH/R40HBcLCwBxUc24V2rrCx55a 1tCZ1r4rmf56s25qgNzK/Y3+KRqsBftX97jZZLY3RYne4ZSF918u6JSltFMIXjSTwKdB aUV44DuHyox8O7JymmKYJE6pFgOWXELmneAzftpR9F8L/c7NYPcYFcp00U4E3D8cr2Vh SbbU6iPRz7/v0dxLPVN7huLdTpF0qyUkfFudE3dp+4m/tNnwC/YAnpLDdharCeBBcxFU c53w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549644; x=1778154444; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=TvUVqa4XN35fomXswiRDHtp6FY7sTMTtsbhEc3ccGdg=; b=B2igVWUcORSX5s352HqdvywLeJX8ELNj8zKKg06flWRkM3p3eJBbwa8dKQbuIp6W3I R67gX05J+n+WtLrg2Rnxz5hbOURxjpHi6DW9dcxEjn8EvCC6h9ll8a3VR2ace9qyM5nj bGmanrIWO4LFv9VSuhgf4oGH6NpsVbGH8yWNWnIl2fm54Tu2tc369BP+0R/wL7ddTLO+ R9amf4hjdPEj4+s5bYQl8HmAvAEgHLoFq6gKMfLsLEeploqqosHhaKg8Q90wYnK4/zcf NJTeH6UUxuzOT+DA92EQ1RYfgwMdWbXAXkJOpXASqIHIglOjxXg/JeJE5ED4+1MzSJiV TH1A== X-Gm-Message-State: AOJu0YwEtmYXw//FiInprwWOWJNl5SNZibetoZly/TGI0rgKKmbz8LkQ hw/NnoN/F+HxD0Gw911abWCtdcp/VqQVYxDOZBDdMOvs32ZLaburZk48b9gmzAZp X-Gm-Gg: AeBDietY8PDQAb0igIZUUIjuXabcfJDFo+ohiztyz4NUP9x0cNDtpeJVNz5FGEwMVCB E9H3pG7AxnA9VQOf0L2/JFPcziebR7GlQUT2WTgkMNvQ5hJVC8a0RdYFVqUI1hFBxrU8s9NS7nz QmDmr+pR3CWfafe+2lI6ADlVPoTVtBPqwRBQEVJWpkhNGbgEPoZo8V3pdNuke1G/C7TKv884f0v REYveKQanBWc2HY74+H3XNhiPWGvwKXwL8cHX7YJj5u+yX7mGWxA4bgi87imEkNfh7ZmtpJnG2J iR+w6aXQx/5qF0BaJdlQ1A4YHq8QEkJkvQz8j1RDYH61+WWemd8oRkAQ7KP9SPi4brglf1kjwIE ictBuPBrAgYKElYJiNTxkWt4sUHXArXfg5BwsYm+RL29Iw4pZIrX+UXnKMY/6YdRLovDFMLO0x0 Qd4crvnerx120ltQNlEc5llkXiMaAhn/GY3mta7QLKBinp1no= X-Received: by 2002:a17:90b:3e4f:b0:35f:bca7:5d22 with SMTP id 98e67ed59e1d1-364c2f8aecamr2531881a91.10.1777549644532; Thu, 30 Apr 2026 04:47:24 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:24 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Wang Mingyu , Khem Raj , Ankur Tyagi Subject: [oe][meta-python][whinlatter][PATCH 9/24] python3-werkzeug: upgrade 3.1.6 -> 3.1.7 Date: Thu, 30 Apr 2026 23:46:32 +1200 Message-ID: <20260430114649.4184890-9-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126743 From: Wang Mingyu Changelog: ========== - parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. - WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. - Transfer-Encoding is parsed as a set. - Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. - Fix multipart form parser handling of newline at boundary. - Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. - merge_slashes merges any number of consecutive slashes. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit db8bd24b0db925cdbd4b9d444981846871c354f2) Signed-off-by: Ankur Tyagi --- .../{python3-werkzeug_3.1.6.bb => python3-werkzeug_3.1.7.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-werkzeug_3.1.6.bb => python3-werkzeug_3.1.7.bb} (90%) diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.6.bb b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.7.bb similarity index 90% rename from meta-python/recipes-devtools/python/python3-werkzeug_3.1.6.bb rename to meta-python/recipes-devtools/python/python3-werkzeug_3.1.7.bb index e0caea2d3a..3dae69f7ca 100644 --- a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.6.bb +++ b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.7.bb @@ -10,7 +10,7 @@ HOMEPAGE = "https://werkzeug.palletsprojects.com" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5dc88300786f1c214c1e9827a5229462" -SRC_URI[sha256sum] = "210c6bede5a420a913956b4791a7f4d6843a43b6fcee4dfa08a65e93007d0d25" +SRC_URI[sha256sum] = "fb8c01fe6ab13b9b7cdb46892b99b1d66754e1d7ab8e542e865ec13f526b5351" inherit pypi python_flit_core From patchwork Thu Apr 30 11:46:33 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87267 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8A9CFF8875 for ; Thu, 30 Apr 2026 11:47:33 +0000 (UTC) Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.18180.1777549648202619935 for ; Thu, 30 Apr 2026 04:47:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=bVxsGT0e; spf=pass (domain: gmail.com, ip: 209.85.216.44, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f44.google.com with SMTP id 98e67ed59e1d1-35d95017a68so553612a91.3 for ; Thu, 30 Apr 2026 04:47:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549647; x=1778154447; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nBFNffO31XLa+3brdudI9PQdbBOcD3HR0QLCWdeNmO0=; b=bVxsGT0eQ2JBKe+yZyUU91QNspY1mTiCf9LiHXzTXicUnKBN1KWo/N/aJWo3Lpu1H8 kjKlXyP+x+nPgrZPMwQb99+3tYJZXEIaxxx+VtfoSYm2MDgOeuwnkdEUrOUJMIcfGYXb RZFxUTHkrygK4S6P/DzxYWRAeRlOZtIffCoc9iHmb5UGlG6qzFPG9l8XFuosih9EkWzX 1OQjJSOHbdSEwBQI7h9L6d27ADkYKv91iUveuAIIwa3Y/bRy2CzDxII2QFrgXKYeMODv 60KVwymZDiwfOCSXJ9mfik8cR8+s4XQMhY8sLDgZAuz6PSvsg51cseYhhGNl98TN/J5m MfUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549647; x=1778154447; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=nBFNffO31XLa+3brdudI9PQdbBOcD3HR0QLCWdeNmO0=; b=Ov7Ga0JqHRrKwUsP4uAvpsPOZYiMUdMmaQI+IUW99UdJtFICnTeeud0zCwsJftSdYl 8KfzE8Ei9WlBx4oQxgL6LMM2QthqR57lrUTwZw42r0tpCvmJo4LTwYdpNgjkD2DL5xVD hB4tJZgLBpoAN7QGBa2zrrABrpBWCA7yE9g2YO8kpQ3OaKTvWVSaChYwfqw3sAaIKBmv C9UrkBa8uT4VCGotGxQrncyOklQc6ZY653dMfQspUPUpTyKkQW5livB6vDy/A4pNpVKt g3WSa3G92aNiJv+MOe/7sv164kpAW33S7LpmuirvfNVuScGM5mFSDyn4WNSdOQRR0+aR 7aag== X-Gm-Message-State: AOJu0YwXTQlyml/Y9BqtNoZpac4+BYbpO+XiC4YOYEcIX0/AE5fOKUpc S+N/ulJwWJbe4V1MXu+/EGeFL2iwwhO6Wldtrl8g1y7To42J5HVC9xE562EEJbgS X-Gm-Gg: AeBDiev+ombHNHQ4vd3WmFkAVCoBlWfgO5e/7fHon+omOvVxl7olp/JmNyTQOqLPeDv kB43Sr7TrvpJ0YMHfzDtVLtJBjD7kWab2GwoQDmYoXbX50Z+QDzbM96sSxQcBIpeEpkQpPNCpyW jdxvUInXQ5VoQeJFR2E3YjJBy99WsvsLTDT5yUjwdXprLqjEsRNnJHcrmJncNfZaDjYPQ7FDk7E TVmEJkhxtgM5WvW30OXHb6POTiY3mmt53vcToNBuyJU+kNryArrLFxfIAUxp6NsDEtOiFZOvvWp o3lUbt9iDXh6876I1/3eemPUxWHkmYmtULn5Jv2nUVLB9J6rYR4xi4cT+wcmHBrUJWhVLrU/iaH Rleti1kyMZMvihZ4RC1VbX5/TahMWhb23ecCrdP9pmq3U3kGqMgaFMJtI/sziRd01PF1ohTzLAu gnvpDn5GVZL7paALH/0aNDiZE0YmX9Drq/xgkOl2A9DTKi5Zc0vfvfouVXGw== X-Received: by 2002:a17:90a:d2c8:b0:362:ef2c:65f9 with SMTP id 98e67ed59e1d1-364c311dd18mr2887442a91.27.1777549647325; Thu, 30 Apr 2026 04:47:27 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:26 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Wang Mingyu , Khem Raj , Ankur Tyagi Subject: [oe][meta-python][whinlatter][PATCH 10/24] python3-werkzeug: upgrade 3.1.7 -> 3.1.8 Date: Thu, 30 Apr 2026 23:46:33 +1200 Message-ID: <20260430114649.4184890-10-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126744 From: Wang Mingyu Request.host and get_host return the empty string if the header is missing or has invalid characters. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit d8c310aa52e669ca894d4b343bd83a97cb6eb8d4) Signed-off-by: Ankur Tyagi --- .../{python3-werkzeug_3.1.7.bb => python3-werkzeug_3.1.8.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-werkzeug_3.1.7.bb => python3-werkzeug_3.1.8.bb} (90%) diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.7.bb b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.8.bb similarity index 90% rename from meta-python/recipes-devtools/python/python3-werkzeug_3.1.7.bb rename to meta-python/recipes-devtools/python/python3-werkzeug_3.1.8.bb index 3dae69f7ca..0657c7c3e9 100644 --- a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.7.bb +++ b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.8.bb @@ -10,7 +10,7 @@ HOMEPAGE = "https://werkzeug.palletsprojects.com" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5dc88300786f1c214c1e9827a5229462" -SRC_URI[sha256sum] = "fb8c01fe6ab13b9b7cdb46892b99b1d66754e1d7ab8e542e865ec13f526b5351" +SRC_URI[sha256sum] = "9bad61a4268dac112f1c5cd4630a56ede601b6ed420300677a869083d70a4c44" inherit pypi python_flit_core From patchwork Thu Apr 30 11:46:34 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87266 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0F25CD13D2 for ; Thu, 30 Apr 2026 11:47:33 +0000 (UTC) Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com [209.85.216.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.18184.1777549651317023164 for ; Thu, 30 Apr 2026 04:47:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=mwKa2dOH; spf=pass (domain: gmail.com, ip: 209.85.216.46, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f46.google.com with SMTP id 98e67ed59e1d1-364d72f2986so227250a91.3 for ; Thu, 30 Apr 2026 04:47:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549650; x=1778154450; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=AAtGjFQJa2Fz13KX2ujH+6PhSJBIero6HzHUT2NPwW0=; b=mwKa2dOHVXd0lKHSsWEXa8+kcJHpEw2MSCV5whrX8j4H0wx6FCemToe5R0vOMvDYcr +RE7PJxz+vVT9Y1B7F+3frm1uEkSfy8CB4vFkv6MLg05WMnyYU2POo9vu73DofXweu26 /W02kBth3mbaeFJGnc20A98R6EYJjwSYcPLUEQN1iBAqdD7G1ePWk7pU5CMwiyfdLIz4 +CKHA7PYtcAYgJ/SmjEsfkxGtH59dNkxKZl1FbEQ1mfqwCVzLdVgIqXmWRNunWoIJUd8 wjm0sPigO3n6HccDfMBuIJtmQ3zk4ZxLJkNs86xCWEB6pzZJ1Z/9j2P+Oe7qdorxhHEg TEcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549650; x=1778154450; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=AAtGjFQJa2Fz13KX2ujH+6PhSJBIero6HzHUT2NPwW0=; b=E21L31qhAcmvy6WjCHNfpDxTJSYFeHwI1FLhJFSEfWgze3da6sk896bdhC34R8HFJx k0nVt25+NvlpRX1WO6G6Uc/wPCxbQPcyVpJPULdCENb6cfU3fY4yM0H1yFgvZKZnre6Z rZ1FfA4yIGaSSO6FDn1udWQC8EC8+Z31jhp/ukZy62yBuWCQ3AyiBRoSfvw6aqCGRdRB v35w5T71ICt0rVainbD7ngCClMJDt7T8Ou5Rwu1sAfQifesu13BRvP9FqMGDyBNg0sco jw1dwXh6gwZ8tz+CdY5//FpMYzfFQg98rp6z10JnN+bxAlakgs6qg0tmabKUCelzIMaw qsPg== X-Gm-Message-State: AOJu0YyV3f/wpHIx21khtzxaD7dR7WGJwUA5rDUv2HYd9hSzPhzvOQEb /hqm2tld2m0kqIll6+JlsGpxQjpY4qLofOBoSdZg77dhX0ezQKX9efVXlXPn1us0 X-Gm-Gg: AeBDiev3s8QzVLeb5A6KPwbw+9+bJxxjYAvTyIa5Uq7ZvjtBj0AMF6ce0U6aYd1W0hm Ca/MllpxjzQCK5DhC3ZGlSMxT7r1r1COkH9qMdIVVlZAj7AK7bJkELVmfjLWJh4KiOXDpGnpZ1+ 91xxCeaX/EzPGWihvSRHfxG1/Pn3QsBbT8cu1KS9CfGG7fkGD4vat2lee0CYiUGQjNSXH6BBceI BRc/kwQ1YkNYtpKUz4OF7o8NezaO5izUs2I5893I0mV/ggPwElNgTPdi6yidXDwuBai5F6yu+ER C8lH3DGtckdlvQBuTAZ0Gl29Muxw2+lJUBfg7dPPCQsN5ATL/j7ur6LDoHKNfIEaIUescZqSQgU oQo94L6fkkM5AYgKMDwbZa5Pd7RmkwVwAdQKdPzLXOW7Mv9dXbfekdcYhNpkIqHM5YRqq0v4KGG wg2masLKR+7NF62kjasRUnIY7RbbMhUTDSEZZuO0HPO62fHTo= X-Received: by 2002:a17:90b:2f0f:b0:361:45df:102 with SMTP id 98e67ed59e1d1-364c308d224mr2501760a91.17.1777549650461; Thu, 30 Apr 2026 04:47:30 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:30 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Wang Mingyu , Khem Raj , Ankur Tyagi Subject: [oe][meta-python][whinlatter][PATCH 11/24] python3-tzdata: upgrade 2025.2 -> 2025.3 Date: Thu, 30 Apr 2026 23:46:34 +1200 Message-ID: <20260430114649.4184890-11-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126745 From: Wang Mingyu Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 2c0a4edb58da813ca3d9709baed7b5c67ae85e2e) Signed-off-by: Ankur Tyagi --- .../{python3-tzdata_2025.2.bb => python3-tzdata_2025.3.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-tzdata_2025.2.bb => python3-tzdata_2025.3.bb} (85%) diff --git a/meta-python/recipes-devtools/python/python3-tzdata_2025.2.bb b/meta-python/recipes-devtools/python/python3-tzdata_2025.3.bb similarity index 85% rename from meta-python/recipes-devtools/python/python3-tzdata_2025.2.bb rename to meta-python/recipes-devtools/python/python3-tzdata_2025.3.bb index d7bcb11364..1c313ea223 100644 --- a/meta-python/recipes-devtools/python/python3-tzdata_2025.2.bb +++ b/meta-python/recipes-devtools/python/python3-tzdata_2025.3.bb @@ -4,7 +4,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=fca9fd5c15a28eb874ba38577a585d48 \ file://licenses/LICENSE_APACHE;md5=86d3f3a95c324c9479bd8986968f4327" -SRC_URI[sha256sum] = "b60a638fcc0daffadf82fe0f57e53d06bdec2f36c4df66280ae79bce6bd6f2b9" +SRC_URI[sha256sum] = "de39c2ca5dc7b0344f2eba86f49d614019d29f060fc4ebc8a417896a620b56a7" inherit pypi python_setuptools_build_meta ptest-python-pytest From patchwork Thu Apr 30 11:46:35 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87271 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 27FB5CD13DA for ; Thu, 30 Apr 2026 11:47:44 +0000 (UTC) Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18379.1777549653982192246 for ; Thu, 30 Apr 2026 04:47:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=TeRB/aUm; spf=pass (domain: gmail.com, ip: 209.85.216.49, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f49.google.com with SMTP id 98e67ed59e1d1-35fc258aaa4so514211a91.2 for ; Thu, 30 Apr 2026 04:47:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549653; x=1778154453; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Nsnh34/O8iXsO7jx+gu6xmuQ/i6KN095JvJSmE1b7no=; b=TeRB/aUmJ0E13eZsq9qFluE92FKYDuBzf0djEDyBzJ8E3olaCJKjEEEKBCoZEV1TMa exG/d26DDn4TJEoGqzSlrbzqjdT0mIpEujl9oBfoVkBU5LMGgEJ3hBLr7rgUK0PCC1K6 nvo+w+cJHokIPnyTNjLs+LRzkyrandkOwra3GTRFSKQJ586FL6HSfpyMH+HofN1udWws y2xM8o10fmJF1Yay8kHCARndEMuSoXFgjOfUPvfKNQgxRFw2/UoFAJYJuCD+xfWE+ty2 nf1aIYLYtQBCe7LXbwBXq8vbEh3yh58rcWcborpM1i6IVU5eyLDFivmqDgBUWY4Vgrab 48Iw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549653; x=1778154453; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Nsnh34/O8iXsO7jx+gu6xmuQ/i6KN095JvJSmE1b7no=; b=qPA9MpqmYHc8DiZToPO5dopaA3noe1XHbrl0KHXCvSSGQzm4Uv3zC1xlvrQcksIWgd N/uVrQoUv+AvRqqZQXCnOPNBT0bBVZEmkyRvdDlL62ZSHNiHEQEc628gpQLCuLJUg47D Mos8XspqKQ+JwXq5Gt72NH+7S8UrF+XzqE4HnolxeVqQlPy+NhlFLfBD30/KTKIyjIec 1wJkNqMtH/veYCArHDHWmScl5P5GgQRDL8rOVMiD1qsZVlx3wSesAlzJqJQb9O8lVnPQ 5Yi7mT6l+Hp8H5oT0z9eTVbSuIFKubR3Uv5fplUJmeJ6gGU1AorgbKMiQhFAOWmqk7ay sdyw== X-Gm-Message-State: AOJu0YwEuIXXXwraccWiCjmk1a2RPPseK0JZm7uqlWB2cWrocrBjWCjT SRCT39hGifLyi0YB+F0gRI37/JIczXcWBDwgflsp+OWr9nybYAjchSbWkulstU9/ X-Gm-Gg: AeBDiev12qaXUtoZRggX5fooUBohoH2sEyxCPK99hnA4v+/kHUKEmU/yZi5izR1mSVj OtIvF2FdtGivQ+22+Gq78kwpoiXdEsczdNq3herBnh+tFR37BmJRYCyjJ6Lx8/K2g+qZbMJlQiJ K0Fnfq8JJOHc1JxNme7t1faUv38Gi7saZCYf61wROacCb3VHKklxqJ+P9rg16cIxdxopbXkBZm6 4Ql7/B4CyRBZXNcDY5gMGfV/csmWTU8Gb5n/tZdAaiTyN1eNsx/RuVX48CrxjlyU2giUNQhZt2r /p1FBg3KRf5xXOMIox+ulw00a3r9PinkLXmfOQM3E0k6Fq+KKlvM3ifeapftKAs1Awu/PiZtlax Bv8+Zfv+1oR0KquUPDPHEM8SW9lrybJZ75CC3P5W/bta0PQBgc3IVEmkKl7sogH2Z5z3YsfNjSM DQpmvnjgXSdjtSEDnvtEBmWAGIYvM0IDQrhMvOICvMjLr/DAQ= X-Received: by 2002:a17:90a:e7d0:b0:35e:30bc:804d with SMTP id 98e67ed59e1d1-364c30f0a98mr2637490a91.15.1777549653237; Thu, 30 Apr 2026 04:47:33 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:32 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Wang Mingyu , Khem Raj , Ankur Tyagi Subject: [oe][meta-python][whinlatter][PATCH 12/24] python3-tzdata: upgrade 2025.3 -> 2026.1 Date: Thu, 30 Apr 2026 23:46:35 +1200 Message-ID: <20260430114649.4184890-12-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126746 From: Wang Mingyu Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 36111dde1a7cd9f9df139d8dded91ea771336a69) Signed-off-by: Ankur Tyagi --- .../{python3-tzdata_2025.3.bb => python3-tzdata_2026.1.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-tzdata_2025.3.bb => python3-tzdata_2026.1.bb} (85%) diff --git a/meta-python/recipes-devtools/python/python3-tzdata_2025.3.bb b/meta-python/recipes-devtools/python/python3-tzdata_2026.1.bb similarity index 85% rename from meta-python/recipes-devtools/python/python3-tzdata_2025.3.bb rename to meta-python/recipes-devtools/python/python3-tzdata_2026.1.bb index 1c313ea223..9a66460e76 100644 --- a/meta-python/recipes-devtools/python/python3-tzdata_2025.3.bb +++ b/meta-python/recipes-devtools/python/python3-tzdata_2026.1.bb @@ -4,7 +4,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=fca9fd5c15a28eb874ba38577a585d48 \ file://licenses/LICENSE_APACHE;md5=86d3f3a95c324c9479bd8986968f4327" -SRC_URI[sha256sum] = "de39c2ca5dc7b0344f2eba86f49d614019d29f060fc4ebc8a417896a620b56a7" +SRC_URI[sha256sum] = "67658a1903c75917309e753fdc349ac0efd8c27db7a0cb406a25be4840f87f98" inherit pypi python_setuptools_build_meta ptest-python-pytest From patchwork Thu Apr 30 11:46:36 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87269 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1079DCD13D2 for ; Thu, 30 Apr 2026 11:47:44 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18380.1777549657132973577 for ; Thu, 30 Apr 2026 04:47:37 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=sjEbw0JP; spf=pass (domain: gmail.com, ip: 209.85.216.43, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-35fc2b18363so834579a91.0 for ; Thu, 30 Apr 2026 04:47:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549656; x=1778154456; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=EXVMyCEzejOzINv4/X3Sy/7zPCVH/OXZhdNTHsTnIeo=; b=sjEbw0JPDQJJ1SYcuecWuzlMgKSm4kFvN7ViOwWmOE84cEDXxaTiFpZzgRlW6VYzdJ m/IHivwMI4+jtpcAfZsXNatdL3euRhOnpgunLdyaXBpydj81uTBOB8sSiQZrnQLCF0ny 98hYUaT7OvevD5Wm6a3L5LZbH2GCX8AbpV03GGx0f6tbR32FJnsWVsliE+/ZLJ2L2W72 +pfzXU/AGJfJQMSvVNT9B8YHyiZy0NU4djHQBxYbvsvXimI78s7vbKUWreIUpEdOPRau 0ytK55dQzBL5Ys70GaYzKY93Ea8UL/9Uw8C42mTRJa1/XumzWpd7gpfRMKDLA5wA4//q rkUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549656; x=1778154456; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=EXVMyCEzejOzINv4/X3Sy/7zPCVH/OXZhdNTHsTnIeo=; b=r5ziymhRfcqXAs6dMm8RHrPmcce/NNAZBTEJxJa3LfWqLFz1zDPjk9o7O9SFtIEuFE sastRkTpeTNyJBnb1FYhcl9L722EIlYB3Ml4uut2UiGNXmvjXHSmGNGmxxX9UCFnlxVQ 0XoqB8gDnL1puaXw2C/SzNHLKj6z50SaCJ9x9oAst3ohwfqRvUgxgeuKLR9+avciiIYm BjkuAlJYrPaH9q5Lxbn6QRpz5mviFqSxIP8dLHagYvk9s9C4QrWNBoXoqUejaXPToWnJ iyvGQ21jQUXLNZZx6SDR4BHmCr1onhC6R1PstbqnMmH7lbPUTYOJuq4edh+yET3ZpKXP mASw== X-Gm-Message-State: AOJu0YzvfdDZmwvy6vjOc9BxehSuf4hPFSlIFK9gz2E8aOl6P87CHiAC 9C+Ya0V18PiupHcMa1Toy1jvjDgo7SUlVn+CDPlnpdgVLuM/UCUA0eH2LtVgI9NM X-Gm-Gg: AeBDiet40jQOd6iO+rAjkqj3IzLYnZO49RxnpknylOfkTUT1utLpTA/G4iJ0zjUea2G N5qr615sXs3lZxv/bzZQCi2kuKrK+3BdxrciExoNUU4DZsic5uqff4yAnupDqZfkEBDnXlBcKBn Am4a4GATCW04dPHT/+YpKTE1RG5NPV1hMacoDpcaoKw8Nffxmq5EHiSPeP0TeeOiAebNrfmcTp1 aI9SMJiPuUPdL5Xiv5YrRfPp/3wwe8oaB28EP+do06OAanN/rceoRHpjnUH3g9rx3+l72XJXcyl pRsF5LVSgChmmRCqzyL6zV0GQBnQ8P/n3lTLO5huGTjb5heq0MngijuwaNCnSe64wG5HHmsy17Q eVsn9RtL8VnNwKVPelzEIrgN0W2jjyNBUYjvXFU/GXiVh05qjtdO83oGfgL0GbBUHui/lesfMfH DAsa8p4U9lSXAr5LKt4clikvuMuckgl++9yed/MXwsKm2sXmEYn7TsGCi38Q== X-Received: by 2002:a17:90b:6c5:b0:364:ae19:f2eb with SMTP id 98e67ed59e1d1-364c2d9bc90mr2774438a91.0.1777549656290; Thu, 30 Apr 2026 04:47:36 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:35 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Wang Mingyu , Khem Raj , Ankur Tyagi Subject: [oe][meta-python][whinlatter][PATCH 13/24] python3-bitarray: upgrade 3.8.0 -> 3.8.1 Date: Thu, 30 Apr 2026 23:46:36 +1200 Message-ID: <20260430114649.4184890-13-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126747 From: Wang Mingyu Changelog: ========== * fixed critial findings in C Extension Analysis Report * add tests, in particular 'devel/test_capi.py' Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 041704b01cc0c039390b42ee72a28bdc13a630b2) Signed-off-by: Ankur Tyagi --- .../{python3-bitarray_3.8.0.bb => python3-bitarray_3.8.1.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-bitarray_3.8.0.bb => python3-bitarray_3.8.1.bb} (81%) diff --git a/meta-python/recipes-devtools/python/python3-bitarray_3.8.0.bb b/meta-python/recipes-devtools/python/python3-bitarray_3.8.1.bb similarity index 81% rename from meta-python/recipes-devtools/python/python3-bitarray_3.8.0.bb rename to meta-python/recipes-devtools/python/python3-bitarray_3.8.1.bb index 4cacd79522..6ef0f4202a 100644 --- a/meta-python/recipes-devtools/python/python3-bitarray_3.8.0.bb +++ b/meta-python/recipes-devtools/python/python3-bitarray_3.8.1.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/ilanschnell/bitarray" LICENSE = "PSF-2.0" LIC_FILES_CHKSUM = "file://PKG-INFO;beginline=8;endline=8;md5=6abe80c028e4ee53045a33ae807c64fd" -SRC_URI[sha256sum] = "3eae38daffd77c9621ae80c16932eea3fb3a4af141fb7cc724d4ad93eff9210d" +SRC_URI[sha256sum] = "f90bb3c680804ec9630bcf8c0965e54b4de84d33b17d7da57c87c30f0c64c6f5" inherit python_setuptools_build_meta pypi From patchwork Thu Apr 30 11:46:37 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87272 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C5BBCCFA13 for ; Thu, 30 Apr 2026 11:47:44 +0000 (UTC) Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18382.1777549660142071936 for ; Thu, 30 Apr 2026 04:47:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=roLe+uIH; spf=pass (domain: gmail.com, ip: 209.85.216.51, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f51.google.com with SMTP id 98e67ed59e1d1-35fc0d7c310so521576a91.1 for ; Thu, 30 Apr 2026 04:47:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549659; x=1778154459; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RirVBGxJMepnDD5f7o237pgyxWrhNjsDewY2anqD898=; b=roLe+uIHp1XpLrCRFuaj2Jk0hOdYfQ/ky4XtRbrJi1Q9dj3dGzEb7joImjnKPA9utN fimHdoFLvdR/T03DaJkGwE6EFrzDf79SI1ldpn2O/3iVH2pUWYhym9l3lISTETDKfiOV aBFUg8RdsmHb5np3zRpJKhNInzlo4zOzG189PCo2YJVoD6x5LIGs6N3nXaTZaX0puYPp BUjsv9JGDaCoJsBec7xa0mDeMjRZhw0W8yzUBFDWcX1v7YxniJ9Ww82L6UgN1Ku8iVip 90Qwlg14Vrz/kc2Nmydxvqk2NVe1TK3TPfKU4QYrWL8WHdhBm2MP+UmtcSUhSHPAzpwQ yBmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549659; x=1778154459; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=RirVBGxJMepnDD5f7o237pgyxWrhNjsDewY2anqD898=; b=ClQZdTIrQIa4N4HIcm3pmmbTNbWIl8IfpRrQBKc8ae9ze3IAAkbI+67AES6PmZPFp9 1w5EJCOYmb4tilN6twNlSWfl6XtVcsEOXHvYO9Gd1DMrUsRg6wFIt7si/edTzmX5qDz7 Xa9nRVRVD7WifaaDHvQgfejbihEbWdkCUbIkAPmbW4rnik45kkz1S+uTHz8XcELh0hnx J0ribx8tpoeTvy5g6yRxi8QnVh1YhB61D1o0xVoqSxZiV5kW8k2nJ/ZxkcUxBiJ/minb lBWX5qrzV4hiX3jz4J6y4gW77MN1stpRSgnZ8829U6gYvpcVwDeImmvjWPlJpUfniepm 0Fbw== X-Gm-Message-State: AOJu0YwIPv180cuDgf7wLwvxOzz+QqjDlxntEfEr3EmP1cHTpWSFhDNN 03Q4ys3eCJlBfzppGMG33Q/nod/EtR4+VNFIFR/pZki9082vSD2D4kNzGSpNHQ3v X-Gm-Gg: AeBDieuUsy488Y4AQKBwY+hvXqGP72S/PSuboX27/dsUq9wtDQmoivDN6paJ/sR1B0j P8NLGzdvZwllej57R/KxPbGzhrm42xk1sqK/NCTXcLw6LvJ7dW95iEGsidJZCeBzLFyWh+HBPnM MuOv0xB3q78X/0KKXMkLhMq6Q8tR+yrngMIZFzg67XzIH7WI2o8UK8M16Ny7L7via1Usk4Rexuh wZ8MjdU/XhnonHnWaUVes2O+0XIN1AWyJw0y2bplb/+8lIFk3VcwacFHwTK1EUR6cFfsHHTumFN wv1Xxw8bdtgn5xzPsORhxnZUl8p92IdgYroYj4BD4ioy59gXLaID3VA9a5C5nqEbvicHtM0WPEj m1sO4R0CNErLgAxWo1l9MuFF5qphRauKA0zer6zMurlRa7SljQNy4Lmm/wp+lxUXewueyIYIp2H HTkJDpxRk8jEHuk6lRjEMqcbxgx8DBlxJ7u47B2uocsm5g0E4= X-Received: by 2002:a17:90b:1643:b0:364:87dd:b2c5 with SMTP id 98e67ed59e1d1-364c2f230d2mr2446958a91.3.1777549659172; Thu, 30 Apr 2026 04:47:39 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:38 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Bartosz Golaszewski , Khem Raj , Ankur Tyagi Subject: [oe][meta-python][whinlatter][PATCH 14/24] python3-gpiod: update to v2.4.2 Date: Thu, 30 Apr 2026 23:46:37 +1200 Message-ID: <20260430114649.4184890-14-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126748 From: Bartosz Golaszewski Bug-fix release addressing a buffer overflow bug discovered during an AI-augmented security audit as well as another minor issue with unnecessarily duplicated code. Signed-off-by: Bartosz Golaszewski Signed-off-by: Khem Raj (cherry picked from commit 7e24f2b5a868989719a1afde14258b323c7a3a56) Signed-off-by: Ankur Tyagi --- .../python/{python3-gpiod_2.4.1.bb => python3-gpiod_2.4.2.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-gpiod_2.4.1.bb => python3-gpiod_2.4.2.bb} (92%) diff --git a/meta-python/recipes-devtools/python/python3-gpiod_2.4.1.bb b/meta-python/recipes-devtools/python/python3-gpiod_2.4.2.bb similarity index 92% rename from meta-python/recipes-devtools/python/python3-gpiod_2.4.1.bb rename to meta-python/recipes-devtools/python/python3-gpiod_2.4.2.bb index 61a3fb929e..87765c2482 100644 --- a/meta-python/recipes-devtools/python/python3-gpiod_2.4.1.bb +++ b/meta-python/recipes-devtools/python/python3-gpiod_2.4.2.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=4b54a1fd55a448865a0b32d41598759d" SRC_URI += "file://run-ptest" -SRC_URI[sha256sum] = "d29a1e8b2a065f7ed82f00a96009bc1486fc705bb2ad25820a8ae962ec6d7688" +SRC_URI[sha256sum] = "602aae17ff365bb8e2a30ce65c6bbf2d8e7a7e64bf016e82e4fd4c730ef69ab7" inherit python_setuptools_build_meta python_pep517 ptest pypi From patchwork Thu Apr 30 11:46:38 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87270 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 03B3FFF8875 for ; Thu, 30 Apr 2026 11:47:44 +0000 (UTC) Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.18188.1777549662915759553 for ; Thu, 30 Apr 2026 04:47:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=hS5Cqq9e; spf=pass (domain: gmail.com, ip: 209.85.216.41, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f41.google.com with SMTP id 98e67ed59e1d1-35d9f68d011so466357a91.2 for ; Thu, 30 Apr 2026 04:47:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549662; x=1778154462; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dY0yUNopjYJ8npE8zQ2TtkfzG5wP1G+ogfM1RjBt7TI=; b=hS5Cqq9eOFjIvwQnTFkh/ZEB0HSQ3UaQApdzugbCGJASnCAhRNmDPGmA4XdWvHqgiu gKV58XYbI3GIMn3IEiZJjGasJeiDPnD72ZAM8kyml805OsVVN69glUbQc9Mn62tyqlSm LOjp4ZFVicqwGuqI533ci4+OPhSvAs/wbYdj+eDbefgWDQ9tY7Y+i4G5Yqnq39j7fe6p dHpFPi3J9HIiFbZspiyBphf3HXDwkDVPxOTx+Og1DJS43ZaTuxUkYMYWKvtUR31FZVKi 9ysiYdCsIrnMx+KllxdXGBpv/H0y9hfoZH53YK+bVYuFPfidR8wCYNTgS18dlA6EY09A GcPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549662; x=1778154462; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=dY0yUNopjYJ8npE8zQ2TtkfzG5wP1G+ogfM1RjBt7TI=; b=fnHwbtu8yeCahs92fUboWSzGAblcTMfalc7NgAsY/DobtF/hyS2VbGJXlW3IDGyUFN ALNil4Qov+UWxEEOkSxb/lMokGWNt+sTOC4+Po+DK129Bb6S7a0wuEW/1dQP+AaJnIeu nL1EItPCQTBM3u6VHNfz7Eg8BkeGWUc99fRczus/looIZr3B1eyj+NIYx/Mdi8hpHThL p0VxECQLDf+9Amz1DvvFa+UPxMnSxMzzlGr2rIHh1/EWfpD+vitqCXDensqcpo6Cs0Uo zeg8MixKfJCRPDmwLIXI3qzhMpBiPdWl5WYhych2Hn0uWI29hPlyXsEPJnLnqjSfU/LR TWFQ== X-Gm-Message-State: AOJu0YwPhCCDahFGgPaLswc/OinRyPHW0Ccd0+p8ZNqWdjBr3dcGPv1J jANwB1nZ60cKo7WFrXq+zL853drs0XALzwk0erVYe/qrfWJUDGrgH6FLwBCaY10f X-Gm-Gg: AeBDievdsjJC82spr2cKcDY/3jfsXOzN18XK7G7s/Z6fb9JCXphtk+A15H4jxqxChLR 8w44r+iMBt2CmKGzVntq3z3CTwql+/vSK7w+hMOKBgc6xSmFSYN3bPyzwenz5JbmBSBGzYm7s8O wugHcL2QWIfPQgC3PjCgcD1vb657K6Io2h0ejbz2BUtd8bZR12TFpH0ylop5L9iF8K+7FmsSy6+ /YwU+MCV/myfw9wK3NgL7gnRPptu7X/vBept8sYBpu2VfZqz24+y/0xjT04SrF5dtG+fIGD3fe/ HgvQW1Wgv1KzaevrL7tzdAE3eWwWUudKcuNl0Sc9t5IP7PLT1b+iFgziGOtvwBEwGVSdiv6nrAf 5gSgkB8FUZlwhBZ/LUQiQaCL3OJYL4hp2/oKM7w5cTuWh/5tk9AmjOLthre8pg70ozOcvtEgboL K/B/Q7QGKd11zWjs6/Ei00IMrx+B5H5uDhyTfoebh6TJT6C/4= X-Received: by 2002:a17:90b:3f8b:b0:35f:bb33:d727 with SMTP id 98e67ed59e1d1-364c316618emr2552217a91.20.1777549662072; Thu, 30 Apr 2026 04:47:42 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:41 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Gyorgy Sarvari , Khem Raj , Ankur Tyagi Subject: [oe][meta-python][whinlatter][PATCH 15/24] python3-django: upgrade 5.2.12 -> 5.2.13 Date: Thu, 30 Apr 2026 23:46:38 +1200 Message-ID: <20260430114649.4184890-15-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126749 From: Gyorgy Sarvari Contains fixes for CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033 and CVE-2026-33034. Changelog: https://docs.djangoproject.com/en/6.0/releases/5.2.13/ Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj Signed-off-by: Ankur Tyagi --- .../{python3-django_5.2.12.bb => python3-django_5.2.13.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-django_5.2.12.bb => python3-django_5.2.13.bb} (60%) diff --git a/meta-python/recipes-devtools/python/python3-django_5.2.12.bb b/meta-python/recipes-devtools/python/python3-django_5.2.13.bb similarity index 60% rename from meta-python/recipes-devtools/python/python3-django_5.2.12.bb rename to meta-python/recipes-devtools/python/python3-django_5.2.13.bb index a7567265b5..5b4dc02d87 100644 --- a/meta-python/recipes-devtools/python/python3-django_5.2.12.bb +++ b/meta-python/recipes-devtools/python/python3-django_5.2.13.bb @@ -1,7 +1,7 @@ require python3-django.inc inherit python_setuptools_build_meta -SRC_URI[sha256sum] = "6b809af7165c73eff5ce1c87fdae75d4da6520d6667f86401ecf55b681eb1eeb" +SRC_URI[sha256sum] = "a31589db5188d074c63f0945c3888fad104627dfcc236fb2b97f71f89da33bc4" RDEPENDS:${PN} += "\ python3-sqlparse \ From patchwork Thu Apr 30 11:46:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87275 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57E8ACD13DA for ; Thu, 30 Apr 2026 11:47:54 +0000 (UTC) Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.18192.1777549665042781215 for ; Thu, 30 Apr 2026 04:47:45 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=fYpU7jow; spf=pass (domain: gmail.com, ip: 209.85.216.50, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f50.google.com with SMTP id 98e67ed59e1d1-358e3cc5e7eso488952a91.0 for ; Thu, 30 Apr 2026 04:47:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549664; x=1778154464; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1LLOFduqJgNUyf2kd0oNUGXRSn+7ENNpNfbekG4+Dus=; b=fYpU7jowgZWnxjXsNtO5KuKCNBqHMQcg02wPybfKyfdMlm5Qf9S3ZOoeK7MrECOtvF r/iqSu8MxtACRU/jVn0E9jUDwITHNA5isBfkLAfHcPRx6zMQS6zSiXGnqKkUUwAzsqfz wQvMfx+/byJRIdaqs9bCmKrUDgW9lemsUIoQgVBRuR9WDtz63T/jSjuiO+WBX5vP/8Bj JLi2+7+fCiWOC4Eqin/UxnLJgP02LkorjnDmtlVnfwMk3RwIQF023V0yXUWr/lhpLG9R rfDwsVT60juCREC3kq1T9XYHpOrj6UkcofzAV+Tk09RgRoQfglbXJuRoCglJ93idI0aW 9EEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549664; x=1778154464; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=1LLOFduqJgNUyf2kd0oNUGXRSn+7ENNpNfbekG4+Dus=; b=TMQpdV7gWjw7ZH5rnE5ycsa2RQ/EFlVLXgff4PfDboClr7VrET3bKNQImUxOBbMdv4 Pb/5+iy12db8P2Kociov0I+Imp6ikN/GemKityIZl2kEh6UZyKOMeRQWf5j6yU7J5vfi 3MKXiHVjcHb+m1qguvxzAUu/zR4nBzir6ihNHjdVfvbzoSQ1oE03rOxF98ZHwxwzCWEa SnPI71uSLA0UimGeXxq+Q/WSfufnlcS1yuTUv2Z4wXFbBvbyOFT8YFvEGix9d4DvBgv2 RCwGNEd/cyRwR/qW26csLqw1zKONCZI9b1Nm2eLJGVnX94aOIqy5eBKq/SKkwir4kIIg BMow== X-Gm-Message-State: AOJu0YzkMdr6qGcmXJsIqAHN5M9c8UDH45/ULKkwhZB50i1avXvjesz5 o6RmPtB4kCtJc9E9OSSNBVcQv2lbTfG+cfpwYPiLM4L7St2LQStJzSnp3XkitB7O X-Gm-Gg: AeBDieu6Bk4RmtwvfE/fEQ7YZxjQi9X68HFE0UP17IR204NLeyZ6GGW3JkPPOEGjo1U 51TwEqxJEvKfGtDyNz7yuGU93MyFQeojWP0jdnG2QAg0Hce0KAV/14Nrh7/J0DiIHAsQxevx/tV svjMVDaWaCyFIJDLAFtmOGr2SdgmR+SZeaIguRQdcCr2HkenwnENHq1vqaCpWRnNxpVD+5ICvzd HkMEU3L+T9h5goGAIANc14c/6kBuTGs7h12me54UUiJYXnPv0tzHM7YE8Mw30YSSd/R3XWnZls9 iWwBaeusIIcR1+YUwJXYlISBwvRwflJm0hsM1ny1UA63h/MxII4BB65VhTUhgmnl53nzbG4c6mf M/iTvyWdncg8U8YzJQxsyHMsOmwOdE5fyXMNcFlTJZbLAp3d1d5FiWa5tZ0ED+d1sQ2d6KpOgrc k+UTU8ead/JRZNIKkaH7RtB5AaSpZGU88OXAkxVrtcMJE4+BM= X-Received: by 2002:a17:90b:264b:b0:35f:bbc0:e570 with SMTP id 98e67ed59e1d1-364c2de2c5bmr2643425a91.0.1777549664222; Thu, 30 Apr 2026 04:47:44 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:43 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-python][whinlatter][PATCH 16/24] python3-django: upgrade 4.2.29 -> 4.2.30 Date: Thu, 30 Apr 2026 23:46:39 +1200 Message-ID: <20260430114649.4184890-16-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126750 From: Ankur Tyagi Release Notes: https://docs.djangoproject.com/en/dev/releases/4.2.30/ Signed-off-by: Ankur Tyagi --- .../{python3-django_4.2.29.bb => python3-django_4.2.30.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-django_4.2.29.bb => python3-django_4.2.30.bb} (79%) diff --git a/meta-python/recipes-devtools/python/python3-django_4.2.29.bb b/meta-python/recipes-devtools/python/python3-django_4.2.30.bb similarity index 79% rename from meta-python/recipes-devtools/python/python3-django_4.2.29.bb rename to meta-python/recipes-devtools/python/python3-django_4.2.30.bb index ded9e6fc1f..c71c8a7db9 100644 --- a/meta-python/recipes-devtools/python/python3-django_4.2.29.bb +++ b/meta-python/recipes-devtools/python/python3-django_4.2.30.bb @@ -1,7 +1,7 @@ require python3-django.inc inherit python_setuptools_build_meta -SRC_URI[sha256sum] = "86d91bc8086569c8d08f9c55888b583a921ac1f95ed3bdc7d5659d4709542014" +SRC_URI[sha256sum] = "4ebc7a434e3819db6cf4b399fb5b3f536310a30e8486f08b66886840be84b37c" RDEPENDS:${PN} += "\ python3-sqlparse \ From patchwork Thu Apr 30 11:46:40 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87274 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3C22ECCFA13 for ; Thu, 30 Apr 2026 11:47:54 +0000 (UTC) Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com [209.85.216.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18384.1777549667267236503 for ; Thu, 30 Apr 2026 04:47:47 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=nszrL9em; spf=pass (domain: gmail.com, ip: 209.85.216.46, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f46.google.com with SMTP id 98e67ed59e1d1-35d971fb6f1so860135a91.0 for ; Thu, 30 Apr 2026 04:47:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549666; x=1778154466; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=lT5Wg1TY9e3zHFr0tQwhss5ZRS11XHn/JgHG1j3H+Y4=; b=nszrL9emy982ZMSVYBWpPT3niIN8e6HIo5edIjrm0EpLiFvyj6b7mqV0feCIfP7HSp 7JMbHw0zsLNEP4l8j3E+rFRxe2iuD0Z2pX25RiYZyXpMEF5w6LD45zkZUixcBfl2aa+c 8WkWFdtNXb3G8qtdtyYavbqehdc0IFsScuP3eYkwG+ePDFU82bA+AALlilkPwGTw1cU5 eMMLAnYx8XhNZPZ70Vp99Q/K/ODoHjE/eDpedTjNtEseYhj6509RCmp7/OmJqBF8KZzr 1ZoIqjjTIzWMj2wBCbJOyGIyC4z1jW/bZQzFrTgnQu75Bmh2C77X39jN8DFls0AGWI6P r6kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549666; x=1778154466; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=lT5Wg1TY9e3zHFr0tQwhss5ZRS11XHn/JgHG1j3H+Y4=; b=T3Zo7+dBBIm7heIVK9MWAUhRH8stRUGMUFrUMVQIaYSj2KW7K46iv3RbXVsHhOxkcf cf9WjQdYe2Paqa4G+IDCc7lnAZng7HhQc/9Cys9H4kkasdYME//II88Y89E1RmCGb2O4 I4/ktuqIh7AySgO81JYb2fB6uJN9yONuvCRRMU62MwKJ6OoCMX1+9vQKOq/AstgEZg/Y jItCuHKjj84ZC5H2v7WYA6AtQU7qb25IWwumHXH6rpZBjpuBWXNlwB0SHyt9cmscSuDL v1I/xxxyiMZuBC6kVj1dHkJiS3nTP4gBu0uAlhm1qZyKEgWb/e9qYOdEtE9+87pQY1lU DxzA== X-Gm-Message-State: AOJu0Yz7l1pbXWscVqbmSNiQoEleJkWdJAhdZmGm/yDudtJbN1CQLpCl 24XXjx6XrimtAYQygMmgaZmMSX6hYp9gvd0eXwxSZ2zbX7oVYLtja2Ewxdla/slk X-Gm-Gg: AeBDietJtSvYpSOnIkCi4rhU63ZRTcRtsaF+DXqSElQgkYCwxiZNX2aI8Tj28B/2zDc 7XM6am3cvGpndjHLcl59htxqXh5AK5TJ4orDD+N+nllSldZ+FxZRVTGTmtlYEKQAFqidMreikj9 fSYkWSapqfkTPoQv4i+LuA4wIIdNdv9lk+xR/TV3bY1nWMAwe5gdZGtcQjyKBMoIWW0K6Y6HsY3 rdTkuOBKZaRqngZqWoS6HUVwlMHNZ7rArKSft/BUqRkRAPurHrrM/kEiX7NOFN3lyjJ8zqJKQPd QS+Dx3fj+9xkJzFAeOmi9rRqaoHEcbMDOMGhRUFWD+cslDu1/CXXtpfO70UiS1ZpixtjT3UqjFF mgDlOdSb25OYNjcZQXLEBPgPfdpwn/v9eM4dCc91eIbergJ2+V3VWUKP6V8euW23TVFwsWT0hgo LoY3EZ8a/vgBXvWNTO/KmIS46TUqCb/WH52pSaPkFefeKolAQ= X-Received: by 2002:a17:90b:554b:b0:364:a497:dc4d with SMTP id 98e67ed59e1d1-364c33f27femr2447892a91.24.1777549666420; Thu, 30 Apr 2026 04:47:46 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:46 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 17/24] wolfssl: patch CVE-2026-1005 Date: Thu, 30 Apr 2026 23:46:40 +1200 Message-ID: <20260430114649.4184890-17-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126751 From: Ankur Tyagi Backport commit from the PR[1] mentioned in the nvd[2] [1]https://github.com/wolfSSL/wolfssl/pull/9571 [2]https://nvd.nist.gov/vuln/detail/CVE-2026-1005 Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2026-1005.patch | 83 +++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 1 + 2 files changed, 84 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-1005.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-1005.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-1005.patch new file mode 100644 index 0000000000..10f2092b26 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-1005.patch @@ -0,0 +1,83 @@ +From dfd0c1c7e151e8995b037cd3a56c9ee6e5e44b1c Mon Sep 17 00:00:00 2001 +From: Mattia Moffa +Date: Mon, 22 Dec 2025 16:13:27 +0100 +Subject: [PATCH] Add missing length check in sniffer for + AES-GCM/AES-CCM/ARIA-GCM + +(cherry picked from commit ca7899429844e8bd3824fe92a709978b51f750c4) + +CVE: CVE-2026-1005 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/ca7899429844e8bd3824fe92a709978b51f750c4] +Signed-off-by: Ankur Tyagi +--- + src/sniffer.c | 49 +++++++++++++++++++++++++++++++------------------ + 1 file changed, 31 insertions(+), 18 deletions(-) + +diff --git a/src/sniffer.c b/src/sniffer.c +index 4d0c8e1ca..a9bf12035 100644 +--- a/src/sniffer.c ++++ b/src/sniffer.c +@@ -4810,18 +4810,25 @@ static int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, + XMEMCPY(ssl->decrypt.nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ); + XMEMCPY(ssl->decrypt.nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ); + +- if ((ret = aes_auth_fn(ssl->decrypt.aes, +- plain, +- input + AESGCM_EXP_IV_SZ, +- sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, +- ssl->decrypt.nonce, AESGCM_NONCE_SZ, +- ssl->decrypt.additional, AEAD_AUTH_DATA_SZ, +- NULL, 0)) < 0) { +- #ifdef WOLFSSL_ASYNC_CRYPT +- if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { +- ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev); ++ if (sz < AESGCM_EXP_IV_SZ + ssl->specs.aead_mac_size) { ++ ret = BUFFER_ERROR; ++ } ++ ++ if (ret == 0) { ++ ret = aes_auth_fn(ssl->decrypt.aes, ++ plain, ++ input + AESGCM_EXP_IV_SZ, ++ sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, ++ ssl->decrypt.nonce, AESGCM_NONCE_SZ, ++ ssl->decrypt.additional, AEAD_AUTH_DATA_SZ, ++ NULL, 0); ++ if (ret < 0) { ++ #ifdef WOLFSSL_ASYNC_CRYPT ++ if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ++ ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev); ++ } ++ #endif + } +- #endif + } + } + break; +@@ -4829,13 +4836,19 @@ static int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, + + #ifdef HAVE_ARIA + case wolfssl_aria_gcm: +- ret = wc_AriaDecrypt(ssl->decrypt.aria, +- plain, +- (byte *)input + AESGCM_EXP_IV_SZ, +- sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, +- ssl->decrypt.nonce, AESGCM_NONCE_SZ, +- ssl->decrypt.additional, ssl->specs.aead_mac_size, +- NULL, 0); ++ if (sz < AESGCM_EXP_IV_SZ + ssl->specs.aead_mac_size) { ++ ret = BUFFER_ERROR; ++ } ++ ++ if (ret == 0) { ++ ret = wc_AriaDecrypt(ssl->decrypt.aria, ++ plain, ++ (byte *)input + AESGCM_EXP_IV_SZ, ++ sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, ++ ssl->decrypt.nonce, AESGCM_NONCE_SZ, ++ ssl->decrypt.additional, ssl->specs.aead_mac_size, ++ NULL, 0); ++ } + break; + #endif + diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 78d17630c7..cb3184a40e 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -27,6 +27,7 @@ SRC_URI = " \ file://CVE-2025-7394-4.patch \ file://CVE-2025-7394-5.patch \ file://CVE-2025-7394-6.patch \ + file://CVE-2026-1005.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Thu Apr 30 11:46:41 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87277 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4BE0DFF8875 for ; Thu, 30 Apr 2026 11:47:54 +0000 (UTC) Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.18193.1777549669677338742 for ; Thu, 30 Apr 2026 04:47:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=l7PBmawe; spf=pass (domain: gmail.com, ip: 209.85.216.50, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f50.google.com with SMTP id 98e67ed59e1d1-358e3cc5e7eso488985a91.0 for ; Thu, 30 Apr 2026 04:47:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549669; x=1778154469; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=txROMBHekSeupWW0CDSQa0XfoIwy8tg3Ew1wy847cHQ=; b=l7PBmaweofrDcTEB17o1r/IYahht76kSYRppIafGJ3aYKqg4tgMC5wFMoVGbI1grcf EWK60K05Q+Cs6AsC3vig15cut4s/ny2MKf6aCw8Vc4RMF2i/iRNY04gBGY6a6ijNkHB6 uyLG4JdDW85JfcNd7RI6jgdtiBxTsCPKAwhfGYMcXrHgrefRvsWspp86DdPAadT6J1An Lp0CYwFCxt/xYRsib8Fg8lNo+KmzOmGpQqK0mUpAV9YlUtoPAAFp0sXu1eHRORV4bj07 erDLdzgfespsFuWCLzfmgJTobWJfjww3NeXSEJW7SWe/bf3EfnIK686jy4B4ebDudlxg Iokg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549669; x=1778154469; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=txROMBHekSeupWW0CDSQa0XfoIwy8tg3Ew1wy847cHQ=; b=oxxWmQFejciyGnYIh9MkeUtOPWc8NhWwxU700DGET4gR1qhfPTSWNYCbkplFeRpMnN o7aBHMQcslrnCwbel3HtF7GBpxPoooxL9B2NU6B98SSwEtZE7RvBPQuORCwy1cBoA0/6 q/A8PfowqhkhgDk5cMdg0Z98de0Hdq+wy+jDeg690Cq63Iz+j26FUtTCRhhwOTpYp3FS Yr30uy8HTbFiO5162vhdzT2G4+fNaWID54iV+ZkH4bIvXZx66ETrxE3vE3dEygTd+MYD P6ijZ/VxnfNMkPukBgrUDOjRoD9x8axsqWJgsNlOrn4seJUcKX5Rejh3PxQMtXXiCtYC FgWg== X-Gm-Message-State: AOJu0Yz2CK2Q3XIKr6nw7ldlxZERQEdujVRvNR8RA6dH1Pk1qxnT/vV6 Q4S3ByAC6o5jCyNEQtFIgbRjJR/2G1GPTlhKTXpaa7YdXv2omIGQP0PsWDf9uvZv X-Gm-Gg: AeBDiesTVfhi0idbMA0dr+WzOnM86ou67KxgirKG6eUBs43YkegyoJIDdvUKRF79LJf wipF2WYnayCaDnfqmnwRCFcewrI+ktqz/jEK7z7C5KS6bs8b602+rjts50d99UnTboc/S3Us1Aj wnqECvDHNtChqjqz57OttwWcVmykLrPjoJGeIoGceYtWlOYEHZtqKHDnapm4Py731q3VB/R8eMO hYZ5KwI+BJq7CyAO4r4krYf2w5oiElnbevI7Uh0Jrw4RiwGvWvdVXB7en1UtV62Te2jH9p+SF8o YrzzBWR89ZUlA7Ses65i9EJrTmBx3e2tkAfwyHYTiT12NWnu7OcNTuOfKX9gQQyQhhF+rW/1pGM r2LNmCLYNHiJvGqRNLmGlhGpJamJhafflIGsYj5+4xWHT/nBUAEr7pdP6Jsy5+BoL473VrlOndq ZKwEV1VwZaUdSlwnTdOhv4Pxu0+cwhfxuH+mny+7SO8ylc5kU= X-Received: by 2002:a17:90b:3f8b:b0:35b:96bb:47ba with SMTP id 98e67ed59e1d1-364c32cbcbdmr2697971a91.26.1777549668705; Thu, 30 Apr 2026 04:47:48 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:48 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 18/24] wolfssl: patch CVE-2026-3580 Date: Thu, 30 Apr 2026 23:46:41 +1200 Message-ID: <20260430114649.4184890-18-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126752 From: Ankur Tyagi Backport commit from the PR[1] mentioned in the nvd[2] [1]https://github.com/wolfSSL/wolfssl/pull/9855 [2]https://nvd.nist.gov/vuln/detail/CVE-2026-3580 Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2026-3580.patch | 425 ++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 1 + 2 files changed, 426 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3580.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3580.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3580.patch new file mode 100644 index 0000000000..245ed606d2 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-3580.patch @@ -0,0 +1,425 @@ +From 2741f67d1cd56887991fc09d6dccc9b25b3ed79b Mon Sep 17 00:00:00 2001 +From: Sean Parkinson +Date: Tue, 3 Mar 2026 23:18:52 +1000 +Subject: [PATCH] RISC-V 32 no mul SP C: implement multiplication + +No multiplication instructions when M extension not included. +Standard implementation of __muldi3 is not constant time. +Include a constant time implementation when SP_NO_MUL_INSTRUCTION is +defined +Define it when compiling for RISC-V 32 and no multiplication extension. + +Also fix get_entry in SP C implementation to do constant time +comparison. + +(cherry picked from commit 71226b68b69404206c74694715f11bb6630750dc) + +CVE: CVE-2026-3580 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/71226b68b69404206c74694715f11bb6630750dc] +Signed-off-by: Ankur Tyagi +--- + .wolfssl_known_macro_extras | 1 + + wolfcrypt/src/sp_arm32.c | 24 +++++++--- + wolfcrypt/src/sp_armthumb.c | 24 +++++++--- + wolfcrypt/src/sp_c32.c | 77 +++++++++++++++++++++++++++++++-- + wolfcrypt/src/sp_c64.c | 12 +++-- + wolfcrypt/src/sp_cortexm.c | 24 +++++++--- + wolfcrypt/src/sp_x86_64_asm.asm | 2 +- + wolfssl/wolfcrypt/sp.h | 4 ++ + 8 files changed, 143 insertions(+), 25 deletions(-) + +diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras +index 3e728fa5f..301b1a211 100644 +--- a/.wolfssl_known_macro_extras ++++ b/.wolfssl_known_macro_extras +@@ -1000,6 +1000,7 @@ __must_check + __ppc64__ + __ppc__ + __riscv ++__riscv_mul + __riscv_xlen + __s390x__ + __sparc +diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c +index a70eb35eb..ed8cd0296 100644 +--- a/wolfcrypt/src/sp_arm32.c ++++ b/wolfcrypt/src/sp_arm32.c +@@ -75850,7 +75850,9 @@ static void sp_256_get_entry_16_8(sp_point_256* r, + r->y[6] = 0; + r->y[7] = 0; + for (i = 1; i < 16; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -76271,7 +76273,9 @@ static void sp_256_get_entry_256_8(sp_point_256* r, + r->y[6] = 0; + r->y[7] = 0; + for (i = 1; i < 256; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -93989,7 +93993,9 @@ static void sp_384_get_entry_16_12(sp_point_384* r, + r->y[10] = 0; + r->y[11] = 0; + for (i = 1; i < 16; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -94426,7 +94432,9 @@ static void sp_384_get_entry_256_12(sp_point_384* r, + r->y[10] = 0; + r->y[11] = 0; + for (i = 1; i < 256; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -121504,7 +121512,9 @@ static void sp_521_get_entry_16_17(sp_point_521* r, + r->y[15] = 0; + r->y[16] = 0; + for (i = 1; i < 16; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -121961,7 +121971,9 @@ static void sp_521_get_entry_256_17(sp_point_521* r, + r->y[15] = 0; + r->y[16] = 0; + for (i = 1; i < 256; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c +index 4868f7f93..0f112aaef 100644 +--- a/wolfcrypt/src/sp_armthumb.c ++++ b/wolfcrypt/src/sp_armthumb.c +@@ -101420,7 +101420,9 @@ static void sp_256_get_entry_16_8(sp_point_256* r, + r->y[6] = 0; + r->y[7] = 0; + for (i = 1; i < 16; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -101841,7 +101843,9 @@ static void sp_256_get_entry_256_8(sp_point_256* r, + r->y[6] = 0; + r->y[7] = 0; + for (i = 1; i < 256; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -112269,7 +112273,9 @@ static void sp_384_get_entry_16_12(sp_point_384* r, + r->y[10] = 0; + r->y[11] = 0; + for (i = 1; i < 16; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -112706,7 +112712,9 @@ static void sp_384_get_entry_256_12(sp_point_384* r, + r->y[10] = 0; + r->y[11] = 0; + for (i = 1; i < 256; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -125892,7 +125900,9 @@ static void sp_521_get_entry_16_17(sp_point_521* r, + r->y[15] = 0; + r->y[16] = 0; + for (i = 1; i < 16; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -126349,7 +126359,9 @@ static void sp_521_get_entry_256_17(sp_point_521* r, + r->y[15] = 0; + r->y[16] = 0; + for (i = 1; i < 256; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c +index 10d646a81..13e3abe00 100644 +--- a/wolfcrypt/src/sp_c32.c ++++ b/wolfcrypt/src/sp_c32.c +@@ -63,6 +63,71 @@ + + #ifndef WOLFSSL_SP_ASM + #if SP_WORD_SIZE == 32 ++#ifdef SP_NO_MUL_INSTRUCTION ++sp_uint64 __muldi3(sp_uint64 a, sp_uint64 b); ++sp_uint64 __muldi3(sp_uint64 a, sp_uint64 b) ++{ ++ sp_uint64 r; ++ sp_uint64 am[16]; ++ ++ /* if b is negative, convert it to positive and negate a. */ ++ r = 0 - (b >> 63); ++ a = a ^ r; ++ b = b ^ r; ++ a -= r; ++ b -= r; ++ ++#if defined(WOLFSSL_SP_SMALL) ++ int i; ++ ++ am[0] = 0; ++ for (i = 1; i < 16; i++) { ++ am[i] = am[i-1] + a; ++ } ++ ++ r = am[(b >> 28) & 0xf]; ++ for (i = 24; i >= 0; i -= 4) { ++ r <<= 4; ++ r += am[(b >> i) & 0xf]; ++ } ++#else ++ am[ 0] = 0; ++ am[ 1] = a; ++ am[ 2] = a << 1; ++ am[ 3] = am[ 2] + a; ++ am[ 4] = a << 2; ++ am[ 5] = am[ 4] + a; ++ am[ 6] = am[ 5] + a; ++ am[ 7] = am[ 6] + a; ++ am[ 8] = a << 3; ++ am[ 9] = am[ 8] + a; ++ am[10] = am[ 9] + a; ++ am[11] = am[10] + a; ++ am[12] = am[11] + a; ++ am[13] = am[12] + a; ++ am[14] = am[13] + a; ++ am[15] = am[14] + a; ++ ++ r = am[(b >> 28) & 0xf]; ++ r <<= 4; ++ r += am[(b >> 24) & 0xf]; ++ r <<= 4; ++ r += am[(b >> 20) & 0xf]; ++ r <<= 4; ++ r += am[(b >> 16) & 0xf]; ++ r <<= 4; ++ r += am[(b >> 12) & 0xf]; ++ r <<= 4; ++ r += am[(b >> 8) & 0xf]; ++ r <<= 4; ++ r += am[(b >> 4) & 0xf]; ++ r <<= 4; ++ r += am[(b >> 0) & 0xf]; ++#endif ++ ++ return r; ++} ++#endif /* SP_NO_MUL_INSTRUCTION */ + #define SP_PRINT_NUM(var, name, total, words, bits) \ + do { \ + int ii; \ +@@ -22891,7 +22956,9 @@ static void sp_256_get_entry_256_9(sp_point_256* r, + r->y[7] = 0; + r->y[8] = 0; + for (i = 1; i < 256; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -30408,7 +30475,9 @@ static void sp_384_get_entry_256_15(sp_point_384* r, + r->y[13] = 0; + r->y[14] = 0; + for (i = 1; i < 256; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -37975,7 +38044,9 @@ static void sp_521_get_entry_256_21(sp_point_521* r, + r->y[19] = 0; + r->y[20] = 0; + for (i = 1; i < 256; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c +index 06dc0bd69..66397f64f 100644 +--- a/wolfcrypt/src/sp_c64.c ++++ b/wolfcrypt/src/sp_c64.c +@@ -23795,7 +23795,9 @@ static void sp_256_get_entry_256_5(sp_point_256* r, + r->y[3] = 0; + r->y[4] = 0; + for (i = 1; i < 256; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint64)i - (sp_uint64)idx) >> 63) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint64)idx - (sp_uint64)i) >> 63) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -30747,7 +30749,9 @@ static void sp_384_get_entry_256_7(sp_point_384* r, + r->y[5] = 0; + r->y[6] = 0; + for (i = 1; i < 256; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint64)i - (sp_uint64)idx) >> 63) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint64)idx - (sp_uint64)i) >> 63) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -38160,7 +38164,9 @@ static void sp_521_get_entry_256_9(sp_point_521* r, + r->y[7] = 0; + r->y[8] = 0; + for (i = 1; i < 256; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint64)i - (sp_uint64)idx) >> 63) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint64)idx - (sp_uint64)i) >> 63) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c +index fc756ffbe..d4af12332 100644 +--- a/wolfcrypt/src/sp_cortexm.c ++++ b/wolfcrypt/src/sp_cortexm.c +@@ -37267,7 +37267,9 @@ static void sp_256_get_entry_16_8(sp_point_256* r, + r->y[6] = 0; + r->y[7] = 0; + for (i = 1; i < 16; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -37688,7 +37690,9 @@ static void sp_256_get_entry_256_8(sp_point_256* r, + r->y[6] = 0; + r->y[7] = 0; + for (i = 1; i < 256; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -47354,7 +47358,9 @@ static void sp_384_get_entry_16_12(sp_point_384* r, + r->y[10] = 0; + r->y[11] = 0; + for (i = 1; i < 16; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -47791,7 +47797,9 @@ static void sp_384_get_entry_256_12(sp_point_384* r, + r->y[10] = 0; + r->y[11] = 0; + for (i = 1; i < 256; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -59584,7 +59592,9 @@ static void sp_521_get_entry_16_17(sp_point_521* r, + r->y[15] = 0; + r->y[16] = 0; + for (i = 1; i < 16; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +@@ -60041,7 +60051,9 @@ static void sp_521_get_entry_256_17(sp_point_521* r, + r->y[15] = 0; + r->y[16] = 0; + for (i = 1; i < 256; i++) { +- mask = (sp_digit)0 - (i == idx); ++ sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); ++ sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); ++ mask = gte & lte; + r->x[0] |= mask & table[i].x[0]; + r->x[1] |= mask & table[i].x[1]; + r->x[2] |= mask & table[i].x[2]; +diff --git a/wolfcrypt/src/sp_x86_64_asm.asm b/wolfcrypt/src/sp_x86_64_asm.asm +index 4df93a976..30bdc8add 100644 +--- a/wolfcrypt/src/sp_x86_64_asm.asm ++++ b/wolfcrypt/src/sp_x86_64_asm.asm +@@ -1,6 +1,6 @@ + ; /* sp_x86_64_asm.asm */ + ; /* +-; * Copyright (C) 2006-2025 wolfSSL Inc. ++; * Copyright (C) 2006-2026 wolfSSL Inc. + ; * + ; * This file is part of wolfSSL. + ; * +diff --git a/wolfssl/wolfcrypt/sp.h b/wolfssl/wolfcrypt/sp.h +index 9e7a9c945..fcfd2dd8e 100644 +--- a/wolfssl/wolfcrypt/sp.h ++++ b/wolfssl/wolfcrypt/sp.h +@@ -26,6 +26,10 @@ + #include + #include + ++#if defined(__riscv) && (__riscv_xlen == 32) && !defined(__riscv_mul) ++ #define SP_NO_MUL_INSTRUCTION ++#endif ++ + #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \ + defined(WOLFSSL_HAVE_SP_ECC) + #ifdef _WIN32_WCE diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index cb3184a40e..671bae1e59 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -28,6 +28,7 @@ SRC_URI = " \ file://CVE-2025-7394-5.patch \ file://CVE-2025-7394-6.patch \ file://CVE-2026-1005.patch \ + file://CVE-2026-3580.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Thu Apr 30 11:46:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87273 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3F915CD13D2 for ; Thu, 30 Apr 2026 11:47:54 +0000 (UTC) Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com [209.85.216.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.18194.1777549671760805787 for ; Thu, 30 Apr 2026 04:47:51 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=QQYO9qpE; spf=pass (domain: gmail.com, ip: 209.85.216.46, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f46.google.com with SMTP id 98e67ed59e1d1-35da8d037a5so348627a91.0 for ; Thu, 30 Apr 2026 04:47:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549671; x=1778154471; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2ZNRNiWw43az27w3U/5l1+sG/tsO59mSRCNeov8iIqc=; b=QQYO9qpET96Udx5pshep40AinIZ6sb3ZN9NO+9oXCC2HxBez7SnYDck9SIwV2vQ/P4 5q1Y8k8UTgMaueC+A4WUrirmSiFelp3+NQTmaD7ixDGcDK+j5tQwGGGCCtTNNO7bIc3j az6uWwwB2kfUzSRQG+t81rsnEyfTpS7KdJyzQR74CKb7GUlkTDdGT7BoMkfUkR3wDMGi dQNvxXN2LuG850oCDgm7ARBirDrjlj/Ta6VB37MgrrlOpsz7aN/xz3X7RRSRHqAeCwfK Nc/EiIbUQbtcsiehbzXWNIfG7ibooTHRWCDz5pZAjTqW9FXbImlcWcjZsnzQmL9rufM6 Chew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549671; x=1778154471; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=2ZNRNiWw43az27w3U/5l1+sG/tsO59mSRCNeov8iIqc=; b=GLSF0Ikan3ke4EI6j/8x/WVJbIpxVvdAZhqDCZpYBnEfEBfhd9KyfdJGGfRV+uZjNF SB/SStxtWRI/qpbRSAL8A2OqZgVbaN4OAa2aSPt96OOdRBAse19H0zOpNembiHmOacAp e4mpNtgh0IcVWuGGiGLKTm5DcNJgXy4EQBMLyZ3e6LmP33O6RFUVjQdB1ApLzqcC0K/d qgVcd40X/GNv1d1dF0keKqbOl2+Ek0wQ7JtVpc5YFHHDFZ0CR3RgxcYHr7JntwxT8pmN HxBShQtD2ty92vB61eApiAzO4vngRPtc4LjjbxAtX5KO7OIvaSE7+WjdZA8ltgv56POw QBzw== X-Gm-Message-State: AOJu0YyBVfgf4fePpkeJpPzIZDIgButJ8Xg3D1BOq7WwQKkef6LiaELq 4lU43mSMzwzNuMJBZl2zFfeAiut68s1L4wTWj02aqAKKHHRwlra4guuWwvA4KMoB X-Gm-Gg: AeBDiet8lsthPCY9QsHC48md3aecUpswDyfZv9r49YZ+ofwLBIcQxk0TPWh44iEWZ/q hlg3Hop8B0vcG1hZZccwqw5iCmECcnenupml/Z8DRLHKXLpbnZKkeWqApsVYzn1VjAPaUDY0dgE GILOhKRrSqByTPQjf5PIV8N/L2F+pWcb25oJaFdh1zVTBsdfRjNjeHqwr01m5tBVHjFMwyyN2Lh G0+dI9WJB8Qn2bzZ2GrGg/ELsX7dAQraXlbWVUB/dugK0Z+2SAQFkiMWbhv8YDVwB+uuFgJDpIR Oiy/0mbqgUUqWrC6YECeGLPt2mKf+i1QzPjgfFCJNFikXRJNAHHpLHai6TwbDcdeL1tsTwRXsQl jUhp2JwXvnFD4AsBc7HdxNhnN6wE6l2Cop3zFRs23zuKLj881excYnEkj8CaTI+XuXd6TafzNJJ b1o7118NhQFlwlOacWqZTbPcmFfvySwCkIr5Fcp0BnVIls4cw= X-Received: by 2002:a17:90a:da90:b0:35f:c5cd:cc5 with SMTP id 98e67ed59e1d1-364c314aedemr2599460a91.24.1777549670956; Thu, 30 Apr 2026 04:47:50 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:50 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 19/24] wolfssl: patch CVE-2026-5188 Date: Thu, 30 Apr 2026 23:46:42 +1200 Message-ID: <20260430114649.4184890-19-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126753 From: Ankur Tyagi Backport commit from the PR[1] mentioned in the nvd[2] [1]https://github.com/wolfSSL/wolfssl/pull/10024 [2]https://nvd.nist.gov/vuln/detail/CVE-2026-5188 Dropped unit test changes during the backport. --- .../wolfssl/files/CVE-2026-5188.patch | 101 ++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 1 + 2 files changed, 102 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5188.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5188.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5188.patch new file mode 100644 index 0000000000..3c4de09188 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5188.patch @@ -0,0 +1,101 @@ +From 928e64ee08438203cc966d122bb9736361bd6fc7 Mon Sep 17 00:00:00 2001 +From: Eric Blankenhorn +Date: Fri, 20 Mar 2026 08:16:47 -0500 +Subject: [PATCH] Fix DecodeAltNames length check + +(cherry picked from commit 6446bb21155e80a41538d1f815a6cf5a5a0cc0f8) + +CVE: CVE-2026-5188 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/6446bb21155e80a41538d1f815a6cf5a5a0cc0f8] + +Dropped unit test changes during the backport. + +Signed-off-by: Ankur Tyagi +--- + wolfcrypt/src/asn.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c +index af74678c5..b00568534 100644 +--- a/wolfcrypt/src/asn.c ++++ b/wolfcrypt/src/asn.c +@@ -19769,6 +19769,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) + + AddAltName(cert, dnsEntry); + ++ if (strLen > length) { ++ return ASN_PARSE_E; ++ } + length -= strLen; + idx += (word32)strLen; + } +@@ -19810,6 +19813,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) + dirEntry->next = cert->altDirNames; + cert->altDirNames = dirEntry; + ++ if (strLen > length) { ++ return ASN_PARSE_E; ++ } + length -= strLen; + idx += (word32)strLen; + } +@@ -19845,6 +19851,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) + emailEntry->next = cert->altEmailNames; + cert->altEmailNames = emailEntry; + ++ if (strLen > length) { ++ return ASN_PARSE_E; ++ } + length -= strLen; + idx += (word32)strLen; + } +@@ -19924,6 +19933,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) + + AddAltName(cert, uriEntry); + ++ if (strLen > length) { ++ return ASN_PARSE_E; ++ } + length -= strLen; + idx += (word32)strLen; + } +@@ -19970,6 +19982,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) + } + AddAltName(cert, ipAddr); + ++ if (strLen > length) { ++ return ASN_PARSE_E; ++ } + length -= strLen; + idx += (word32)strLen; + } +@@ -20018,6 +20033,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) + + AddAltName(cert, rid); + ++ if (strLen > length) { ++ return ASN_PARSE_E; ++ } + length -= strLen; + idx += (word32)strLen; + } +@@ -20035,6 +20053,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) + return ASN_PARSE_E; + } + /* Consume the rest of this sequence. */ ++ if ((int)((word32)strLen + idx - lenStartIdx) > length) { ++ return ASN_PARSE_E; ++ } + length -= (int)(((word32)strLen + idx - lenStartIdx)); + + if (GetObjectId(input, &idx, &oid, oidCertAltNameType, sz) < 0) { +@@ -20087,6 +20108,9 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) + WOLFSSL_MSG("\tfail: unsupported name length"); + return ASN_PARSE_E; + } ++ if ((int)((word32)strLen + idx - lenStartIdx) > length) { ++ return ASN_PARSE_E; ++ } + length -= (int)((word32)strLen + idx - lenStartIdx); + idx += (word32)strLen; + } diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 671bae1e59..0567105cab 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -29,6 +29,7 @@ SRC_URI = " \ file://CVE-2025-7394-6.patch \ file://CVE-2026-1005.patch \ file://CVE-2026-3580.patch \ + file://CVE-2026-5188.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Thu Apr 30 11:46:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87276 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 657E1CD13DF for ; Thu, 30 Apr 2026 11:47:54 +0000 (UTC) Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.18195.1777549673902744723 for ; Thu, 30 Apr 2026 04:47:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=fr19DAMq; spf=pass (domain: gmail.com, ip: 209.85.216.50, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f50.google.com with SMTP id 98e67ed59e1d1-35fb7c1a455so270472a91.3 for ; Thu, 30 Apr 2026 04:47:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549673; x=1778154473; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=E+0Bn+RWyUa476aGbla3asixkIFsbYQO20lniCp+Lh0=; b=fr19DAMqweKM3svz1IwwcAwOn3EG74xH6+rh8bjy2G1khDE0KPKgIhceKyHA1+zLlK XT4cN+Fzstm1+YyCiXKNCKkEftOLbwMIn73AukC1ZSwBsYd0aHkwXw3HPksdX7Iycbv2 itDjm3ekieALygXYnUGTCfg6qtpSRASR2Q1c52ViufE9aMQuVBrfAOOyAKKi9wqkUP4V xeFYbhOjqwshknq4yiQxuL4i7jvgoebIQAk5wYG7tO9MWGP9mk5W94sersrzv5pe4cAY dtFvnAQRj4rL1ACK0dMbu41cjGdRMnpNAZiDZMrwZIHQvDMCNvM5dhzU3fWvEU0dcCje qNZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549673; x=1778154473; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=E+0Bn+RWyUa476aGbla3asixkIFsbYQO20lniCp+Lh0=; b=Wo3BkSKkuf0a9dX+1B4onAi3dOpGnpTR7ig6dEe6UWMj86ggx1tVqZw/TYqmq+aX80 zJwEvC62nCxXMObkxUAjHUy7YMEUZKYSx8lD8J9+zmzzv40K3/NhE6SD5HeuPSXVGSr0 06kokr5E6n5xQr51YjnwDRsgyI3HVRUK976RQBeO5zWoI1arqKiQJXzH/KHQVehRMacB lmDrLxrGAiMAEL7w53d1qlHkpuSOYfYO1UwFnp2IFHkqSHfyCL0jj1kM6XipgnEO5rK1 oTn77n2q0wPf2O2raeJwUdHhnlnw01kMTuiU/C2Ko/hG/gk4oUVuVg1gQen/eUtXs2Uz 0jNQ== X-Gm-Message-State: AOJu0YysSgmmLECkZVw9kSaAe/J4eyA6njGgufUqpRy3SAaUsN06n/r6 XYwW1Wl5AbTByl+GVsBe+Fh+wOy1OoK0OLFSWw/V77Mp5WJNQS/Ka8js4k2/I2jS X-Gm-Gg: AeBDieue3e4em1TrouQoRQ1A8Ad7l0F6TJYi1HcfmvCMtWwxTZXsG/as6fygHhz+o7P 2V7PCOpJ8eZxfI+qNu/1sM0juvBT623LnI0tNPPTdWxvM03btvxDD3KNX/G0DXzde22zzMcLdWb 0GraUl14lr4NQ2Jj+eCgUTYPYiaOUIz4pTq1RIt2m+jLzwZx+prUZl3PN4GV3XfaQNmeRhTsNcB 3VfOFOvDUCB1H/Ni2BcUfGQR/x60DjWcyHbuMnAjK5vLbz7EHsY2QrtStOh7x7licMfYv6/gLxz 01ot89/5I+NCqxWHvdy23gjAok+H7qJ83h9ZEBOkUooynLSHyA/az3hLniW26k2haTn/XfFamZ1 4UWHV0vnCGV7Og/Cz0W9U5hIl2ejCmFNb1Ue+pFNNzlkAvOvBlJTlaTbeDM7jQRC8cuUuMY9+nT TCD6cMGBgGdTh2kAStkPEslQ3HR4N6vkPg1a31OgDGpiVuhEM= X-Received: by 2002:a17:90b:2d04:b0:364:7a37:4066 with SMTP id 98e67ed59e1d1-364c30f0b62mr2813077a91.14.1777549673053; Thu, 30 Apr 2026 04:47:53 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:52 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 20/24] wolfssl: patch CVE-2026-5392 Date: Thu, 30 Apr 2026 23:46:43 +1200 Message-ID: <20260430114649.4184890-20-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:47:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126754 From: Ankur Tyagi Backport commit from the PR[1] mentioned in the nvd[2] [1]https://github.com/wolfSSL/wolfssl/pull/10039 [2]https://nvd.nist.gov/vuln/detail/CVE-2026-5392 Dropped unit test changes during the backport. Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2026-5392.patch | 33 +++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5392.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5392.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5392.patch new file mode 100644 index 0000000000..a442ea326b --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5392.patch @@ -0,0 +1,33 @@ +From 02c53b7cb22ba520d1b9a061476a1066eef45a42 Mon Sep 17 00:00:00 2001 +From: Anthony Hu +Date: Fri, 20 Mar 2026 21:32:14 -0400 +Subject: [PATCH] Add bounds check in PKCS7 streaming indefinite-length + end-of-content parsing + +(cherry picked from commit 6721bde8e0f4074b76c1ea5e8987b8c2a746b3fa) + +CVE: CVE-2026-5392 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/6721bde8e0f4074b76c1ea5e8987b8c2a746b3fa] + +Dropped unit test changes during the backport. + +Signed-off-by: Ankur Tyagi +--- + wolfcrypt/src/pkcs7.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c +index a8545ba0a..92dab5080 100644 +--- a/wolfcrypt/src/pkcs7.c ++++ b/wolfcrypt/src/pkcs7.c +@@ -6485,6 +6485,10 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf, + word32 sz = (word32)pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ; + localIdx = idx; + for (i = 0; i < sz; i++) { ++ if (localIdx + i >= pkiMsg2Sz) { ++ ret = ASN_PARSE_E; ++ break; ++ } + if (pkiMsg2[localIdx + i] == 0) + continue; + else { diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 0567105cab..7597c8390d 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -30,6 +30,7 @@ SRC_URI = " \ file://CVE-2026-1005.patch \ file://CVE-2026-3580.patch \ file://CVE-2026-5188.patch \ + file://CVE-2026-5392.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Thu Apr 30 11:46:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87281 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 885C3CD13DE for ; Thu, 30 Apr 2026 11:48:04 +0000 (UTC) Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18386.1777549676081442516 for ; Thu, 30 Apr 2026 04:47:56 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=Sx45F81p; spf=pass (domain: gmail.com, ip: 209.85.216.50, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f50.google.com with SMTP id 98e67ed59e1d1-35d9f68d011so466446a91.2 for ; Thu, 30 Apr 2026 04:47:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549675; x=1778154475; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=c7pHaZ7dlrpJmFLIX3ky1+teR+hE4/1H9nxdNDElQiA=; b=Sx45F81pAnbB4GOmAkk/05x4MYJU76EH0nvinp1uZ+Dlk+VJRwlziivHDSFRvNvOzJ hQ+jZLuRJsmDK+l6tY3UijeHNGBNx/lj7h9C77uX0YZWBS2zl5AjkocSX/LOhbPBiy8M tSovwsJgfMk9So7t3rfrVO1utTykrj76jYHvbHFspVI8Lktr2V2Lp1tdWfnAZBvLLZjQ UXAfcqPffa0ge5ZXtcT03rWHw7BoJS6FogiJaoWeGxF/od6+fS1LWs1UxAwEcIjxkUnO STNhIPAMGR7LNZLDLMXTB9lmI62FicC64gc6hG4k9FihkpQFauPng2EHpDgb9+dogkBr vP0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549675; x=1778154475; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=c7pHaZ7dlrpJmFLIX3ky1+teR+hE4/1H9nxdNDElQiA=; b=IaBMqIaYeBlP2xMn6IBwmfxj/kjc2IJejjZO2NLDxpE0YPYMh+v7MzJ5G9OZsELJ1F JntnrlfAuzzgGhvafU94rF8AyJ7QzZuTuFjeo9lEcLDR3KG1V8refmgQAnFxuuX8w5oK cpOGoYRt3H1FNtuQVwooMCU5sGKlHvHrHncdHV/6kHqtiXpUXn38xYKC8fYR8M9odBO7 IRZj7R2Ze2zlEN6OMoscvCKRfSjcQImLgm/8iTcWxsma+WoFscCoE3Goj1suRb0A1Bou tKopwyekftl8B5SGc/nasQzpwVNt/S2u0ny5tLCExAYKnwPd2cl2yOTXP7G30c6B8Zd0 +oJw== X-Gm-Message-State: AOJu0Yybk/SOaUd72xgDQKK14I5ZTbnLUeMMe6qtjGLS9SjosHx1kJAb k2CzqmNbWE1u1p5AtBdAQ3LTRX215yA1BpBuyem+WZjt5VBs6wSE0xsF+mVVyll/ X-Gm-Gg: AeBDiev99M6QIdVZhEd46VVjXCvYF2hZPqmz/XvTlXNtl35S5yW6ruNXk+36Q8IaQ9V Z0kfS13jyGT2cA5pS5PKAMbN7GGAKiRySEQ9I6QztoiD1iEewXI0WEE4iAyqm/HjYs79s6OOHRY 6qDV0NVdexgPcDh2FaGBllN/uphyrTsIde+EYRKKkYcqUNsv4K7Hyr3AhLqdEk9NadpXtfVnIZj +P1QZrVdKrqKEXdFjRaUV0XudciX2uihjhMMKA3dKnYxTuqOi7KPkROiE1+KU9M4uM5ZEfPOzf4 JnAVEvUofQKLoteirXl5DQKXZnmDXVzuDTJ8m4rX+LfI8R0XYT0lfRNkCH3Vd+lkxdhrplahOwW mlIyfoq7BGxCcskXmwoTRZPBJYiYsacPEzsdcUtDwUky6dpNsBZuxS6VT/j/1b0eFIWeu2iZCdi OrwskBzUyGutqhleFWDNiTsTrowpr7KiC2bD0Tuctf3yInpXc= X-Received: by 2002:a17:90b:6cd:b0:35f:b313:84ca with SMTP id 98e67ed59e1d1-364c31a1cffmr2694954a91.27.1777549675188; Thu, 30 Apr 2026 04:47:55 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:54 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 21/24] wolfssl: patch CVE-2026-5446 Date: Thu, 30 Apr 2026 23:46:44 +1200 Message-ID: <20260430114649.4184890-21-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:48:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126755 From: Ankur Tyagi Backport commits from the PR[1] mentioned in the nvd[2] [1]https://github.com/wolfSSL/wolfssl/pull/10111 [2]https://nvd.nist.gov/vuln/detail/CVE-2026-5446 Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2026-5446-1.patch | 62 +++++++++++++++++++ .../wolfssl/files/CVE-2026-5446-2.patch | 27 ++++++++ .../wolfssl/wolfssl_5.8.0.bb | 2 + 3 files changed, 91 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5446-1.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5446-2.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5446-1.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5446-1.patch new file mode 100644 index 0000000000..33823c2b9f --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5446-1.patch @@ -0,0 +1,62 @@ +From 6d6d06c05f84b190c43c9b75c6fa11375d2be424 Mon Sep 17 00:00:00 2001 +From: Eric Blankenhorn +Date: Tue, 31 Mar 2026 08:31:14 -0500 +Subject: [PATCH] Fix ARIA build issue and FIPS guard + +(cherry picked from commit 6495e8e94115f7f6beb67497e07bac5cba8dca9c) + +CVE: CVE-2026-5446 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/6495e8e94115f7f6beb67497e07bac5cba8dca9c] + +Signed-off-by: Ankur Tyagi +--- + src/internal.c | 21 ++++++++++++++++----- + 1 file changed, 16 insertions(+), 5 deletions(-) + +diff --git a/src/internal.c b/src/internal.c +index 992c10d2c..fbf227a93 100644 +--- a/src/internal.c ++++ b/src/internal.c +@@ -19023,7 +19023,9 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, + #if (!defined(NO_PUBLIC_GCM_SET_IV) && \ + ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))) || \ +- (defined(HAVE_POLY1305) && defined(HAVE_CHACHA)) ++ (defined(HAVE_POLY1305) && defined(HAVE_CHACHA)) || \ ++ defined(HAVE_ARIA) || \ ++ defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) + static WC_INLINE void AeadIncrementExpIV(WOLFSSL* ssl) + { + int i; +@@ -20006,10 +20008,9 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, + sizeof(ssl->encrypt.sanityCheck)); + #endif + +- #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) ++ #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) + if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm || +- ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm || +- ssl->specs.bulk_cipher_algorithm == wolfssl_aria_gcm) ++ ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) + { + /* finalize authentication cipher */ + #if !defined(NO_PUBLIC_GCM_SET_IV) && \ +@@ -20020,7 +20021,17 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, + if (ssl->encrypt.nonce) + ForceZero(ssl->encrypt.nonce, AESGCM_NONCE_SZ); + } +- #endif /* BUILD_AESGCM || HAVE_AESCCM || HAVE_ARIA */ ++ #endif /* BUILD_AESGCM || HAVE_AESCCM */ ++ #ifdef HAVE_ARIA ++ if (ssl->specs.bulk_cipher_algorithm == wolfssl_aria_gcm) ++ { ++ /* finalize authentication cipher — wc_AriaEncrypt is ++ * stateless, so the explicit IV must always advance */ ++ AeadIncrementExpIV(ssl); ++ if (ssl->encrypt.nonce) ++ ForceZero(ssl->encrypt.nonce, AESGCM_NONCE_SZ); ++ } ++ #endif /* HAVE_ARIA */ + #if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) + if (ssl->specs.bulk_cipher_algorithm == wolfssl_sm4_ccm || + ssl->specs.bulk_cipher_algorithm == wolfssl_sm4_gcm) diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5446-2.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5446-2.patch new file mode 100644 index 0000000000..9368ff3d0b --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5446-2.patch @@ -0,0 +1,27 @@ +From 88fc52b8e3bca58389a4a107a77f9dc52e3baa12 Mon Sep 17 00:00:00 2001 +From: Eric Blankenhorn +Date: Tue, 31 Mar 2026 09:35:43 -0500 +Subject: [PATCH] Fix feedback from review + +(cherry picked from commit a3fad2af91da39e2a4bdaf528bcfb2a94c4dd67c) + +CVE: CVE-2026-5446 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/a3fad2af91da39e2a4bdaf528bcfb2a94c4dd67c] +Signed-off-by: Ankur Tyagi +--- + src/internal.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/internal.c b/src/internal.c +index fbf227a93..ccfecc235 100644 +--- a/src/internal.c ++++ b/src/internal.c +@@ -20025,7 +20025,7 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, + #ifdef HAVE_ARIA + if (ssl->specs.bulk_cipher_algorithm == wolfssl_aria_gcm) + { +- /* finalize authentication cipher — wc_AriaEncrypt is ++ /* finalize authentication cipher -- wc_AriaEncrypt is + * stateless, so the explicit IV must always advance */ + AeadIncrementExpIV(ssl); + if (ssl->encrypt.nonce) diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 7597c8390d..bad03c5f2a 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -31,6 +31,8 @@ SRC_URI = " \ file://CVE-2026-3580.patch \ file://CVE-2026-5188.patch \ file://CVE-2026-5392.patch \ + file://CVE-2026-5446-1.patch \ + file://CVE-2026-5446-2.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Thu Apr 30 11:46:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87278 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D92FFF8875 for ; Thu, 30 Apr 2026 11:48:04 +0000 (UTC) Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18387.1777549678224792790 for ; Thu, 30 Apr 2026 04:47:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=EQdQf5OB; spf=pass (domain: gmail.com, ip: 209.85.216.45, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f45.google.com with SMTP id 98e67ed59e1d1-364c5317d67so536276a91.2 for ; Thu, 30 Apr 2026 04:47:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549677; x=1778154477; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4I3PPpN2v5bXwtF9YaY6OieSq8UYivgJC+qazygldv4=; b=EQdQf5OBUupw+3fW1wvFZJa6n++hsk9G6+NLOc2kcR+/pTgFjvmM1saQkBtEfBALJm QmNppQo9JjrA3NH3G7sxagmn0UdcJiAv3AwpALnZGB3spLgoxMc9ZLD6ZdThN0mvweeW d+l87Bt7ZH6a0ncpGFdGxK/kvazBaeVmPpbVZVYWkkqNpSsMuWeJfc+EIQHd1PaGDLCf oU5Z2Ug0+FqnCuAwd0jigcwY9+1tUmQw3iFkwprghW6OVaPSHI1wnkQrwbW20/Lohrqx pwg5XlB0lMyDHIJuc2pz7SGBKAM6UK9gs5Uy+wZf5FP1BClP8kek9d8pS1hp0uJwtq6J USSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549677; x=1778154477; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=4I3PPpN2v5bXwtF9YaY6OieSq8UYivgJC+qazygldv4=; b=IPZatzeb4B3EHFnZkh5bSyhHZJXFMn7Ht2pfDrzrEG8QEq+mXqUIO00zAW3HU2OVRh 3oN+FjYrLZklo/IDKhkhKNypC6yjYkYVysSO2amxwZgsMb40DNYxAaTsVkyZ5q/ktQ6M 9R0dFBfX+MRkzLqSkPZNAAINeDPVeDpvvTXMRcOg2uxzucn0O0Mmx7zag5FqkPdP1AVd ah4KPxL2WJsfonT7sJmRizJw6bUucu1UzJwlOpK6jtN684q7Kda9wmAdEEqQ3L0FJPn6 RvxNgnm5BnQhZFMGzlb3E+NvNYOnOulsvlRJy5VfkSVzYrTh2pfioXZqvdBsKQR6qMQl l+1Q== X-Gm-Message-State: AOJu0Yx4bWzlUC64UYpunIwUfA2HOtYjnSUabgKRyNRrthE8V6CZPhfJ AKnz79G9mmBr4n3e98Xe/alR/ouUR5Yj67xvYl475lSt388oWsCKl/7Wol7wsAZA X-Gm-Gg: AeBDietYG3FLOqpRPJbfN0awUg1z2xS14S/LjQ3aZMF7A0xgk9r7ZlDrTp1vQYY3ieQ CGAeVnbRcsw8c0gXCkSkA0STgmO5rVyILCEqPk6Aa7hRGQxToEJ2VMb0nscJcXQctlwU5jli0Tt h8/mLW3Yi200V42ptg+fKXgrwddzM1STJkljUDu3czV5MeSn+oIODytKflpdRBcdLGZjOmUNv3w CDCNGsdTVynl57TI7Be/ahtbd/D+v+YU6gzu3ld5lAAWMs6ia/VSU/NUjXc8WkU2Xg4i69nvJLp cFMLgLf353RQbR1BSqoQyRKRhEQz1xABYGFbvq1V8E0KwkrpAfU9QhN/EiTfPXESPA1tldZWjqL q5YT0PVaRnaAqQUImQhUglDjwK50eui0iBX1htQZEo0+L3v9AYJnNO9kzYvIUlfpCU8MMicOPS+ Lm+XNNsFMR/PFL2/ERJ2Wl+QC6VGgHoQHQi4DWaouLNYSVU1o= X-Received: by 2002:a17:90b:384c:b0:35f:b987:4dac with SMTP id 98e67ed59e1d1-364c3065ee5mr2846996a91.12.1777549677351; Thu, 30 Apr 2026 04:47:57 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:56 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 22/24] wolfssl: patch CVE-2026-5447 Date: Thu, 30 Apr 2026 23:46:45 +1200 Message-ID: <20260430114649.4184890-22-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:48:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126756 From: Ankur Tyagi Backport commit from the PR[1] mentioned in the nvd[2] [1]https://github.com/wolfSSL/wolfssl/pull/10112 [2]https://nvd.nist.gov/vuln/detail/CVE-2026-5447 Dropped unit test changes during the backport. Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2026-5447.patch | 65 +++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 1 + 2 files changed, 66 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5447.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5447.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5447.patch new file mode 100644 index 0000000000..b296603816 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5447.patch @@ -0,0 +1,65 @@ +From 4d7eccf50dab080185d3a8763491e3febbcc257a Mon Sep 17 00:00:00 2001 +From: Eric Blankenhorn +Date: Tue, 31 Mar 2026 08:56:23 -0500 +Subject: [PATCH] Fix CertFromX509 copy length check + +(cherry picked from commit 772cda3d489d867935202d59393a2ac85a5e6ef0) + +CVE: CVE-2026-5447 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/772cda3d489d867935202d59393a2ac85a5e6ef0] + +Dropped unit test changes during the backport. + +Signed-off-by: Ankur Tyagi +--- + src/x509.c | 33 ++++++++++++++++++--------------- + 1 file changed, 18 insertions(+), 15 deletions(-) + +diff --git a/src/x509.c b/src/x509.c +index 62e3774f4..cf44c7146 100644 +--- a/src/x509.c ++++ b/src/x509.c +@@ -10622,25 +10622,28 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509) + return WOLFSSL_FAILURE; + } + +- if (x509->authKeyIdSz < sizeof(cert->akid)) { + #ifdef WOLFSSL_AKID_NAME +- cert->rawAkid = 0; +- if (x509->authKeyIdSrc) { +- XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz); +- cert->akidSz = (int)x509->authKeyIdSrcSz; +- cert->rawAkid = 1; ++ cert->rawAkid = 0; ++ if (x509->authKeyIdSrc) { ++ if (x509->authKeyIdSrcSz > sizeof(cert->akid)) { ++ WOLFSSL_MSG("Auth Key ID too large"); ++ WOLFSSL_ERROR_VERBOSE(BUFFER_E); ++ return WOLFSSL_FAILURE; + } +- else ++ XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz); ++ cert->akidSz = (int)x509->authKeyIdSrcSz; ++ cert->rawAkid = 1; ++ } ++ else + #endif +- if (x509->authKeyId) { +- XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz); +- cert->akidSz = (int)x509->authKeyIdSz; ++ if (x509->authKeyId) { ++ if (x509->authKeyIdSz > sizeof(cert->akid)) { ++ WOLFSSL_MSG("Auth Key ID too large"); ++ WOLFSSL_ERROR_VERBOSE(BUFFER_E); ++ return WOLFSSL_FAILURE; + } +- } +- else { +- WOLFSSL_MSG("Auth Key ID too large"); +- WOLFSSL_ERROR_VERBOSE(BUFFER_E); +- return WOLFSSL_FAILURE; ++ XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz); ++ cert->akidSz = (int)x509->authKeyIdSz; + } + + for (i = 0; i < x509->certPoliciesNb; i++) { diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index bad03c5f2a..17b0960c47 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -33,6 +33,7 @@ SRC_URI = " \ file://CVE-2026-5392.patch \ file://CVE-2026-5446-1.patch \ file://CVE-2026-5446-2.patch \ + file://CVE-2026-5447.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Thu Apr 30 11:46:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87280 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 77F50CD13D2 for ; Thu, 30 Apr 2026 11:48:04 +0000 (UTC) Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18389.1777549680340199007 for ; Thu, 30 Apr 2026 04:48:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=WwvUPrzr; spf=pass (domain: gmail.com, ip: 209.85.216.53, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-35fc0d7c310so521791a91.1 for ; Thu, 30 Apr 2026 04:48:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549679; x=1778154479; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rqIzDI9Lja5uLbVCae/bz6pQlo4KteeX5dUW+7c7hfI=; b=WwvUPrzr+BAl+54JsQpvnZr908EtF7JA3XbgWOtpyRF45J6dJW4ZvBPwml0VPhmqiy DIvwRqLLpwgq7nBGjL4CSxlB0uGZ7DHBeDrAqxRi7O+o1aX8f7cXbVrmblDatHfd5tm+ MMpDNyelbvYLsuP2xLgCi9J9nPljSAWvRuI3fqQBO25muQFqeVJjFkRPK9TIVVSUnHMK 1M/IKaGiDNq79fwTGqGEFYVXOyV9cz2oAaF58jX7w8R1Hiskfd8ah4IWHEa3BG3qbkhw C1Iklu34dqc2wk9YTzsjo4axhyboeSIEsiIDL5oOMCdHOuxitkaN1vO6KMFRNgrMQePi gzkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549679; x=1778154479; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=rqIzDI9Lja5uLbVCae/bz6pQlo4KteeX5dUW+7c7hfI=; b=GJQ1vLv8YvziR0N1p1Ci+UNhwcLIlDTiOZJCQDQJfZZJz4mmOHqBkHxlQZW0OJpgRR 6V41+6M4gify0TmIA8+Mj6BOyrdBGqdqH0eELh9g/rWV6fohI3aqtyWgHjv3f1rXNTyc 6gnFjQJI7v00vqJ3s4pgFelrMovMAqPgRdSiSxVZjecuRTOgxAVPUVnhuTDlHH5nShCH ItbmiW84lGq6gnXIWikZBcD+mU0nyeKPPNxGINiAG1qaCbNEqiHLj40D2KeRgdF9ZE3g Af7etyBzT/4qxZD8umJljAvN5BomvJf/NdrJ474qwXrpTyRtnOo2H5qrKlpUjrCZZj4o yPWw== X-Gm-Message-State: AOJu0Yz2JvfzTWih/y2lPaS1ZVu711TvhgTy7IrUYUHcT7eOd1RQ8oPK 7iY9Ya5q9baSuCMy8J6TSW6REk/jH4u4k/Nyjq3J1OhzqveXN5igv/ICHNAbjXee X-Gm-Gg: AeBDiesC+rCTumTqeI3Nk0LO18lWF//Gu35VnyddJ9z9LdZDQuBMpMkQORimVZU0gQ6 TJ2qdCsJAOa7voIE92b2Lkj+1WONJaLN9F2CyqgA0XAE5CJEZlmxAG8eYOAW3dXgA7lAvM1whL4 rL968vdMrU7IwR19Jq3ApsPQiAI3eIsx7roh7LgiAoznqACh0/E0nAOXWg+gnuJYZ/rR+d0GqZU IXhHOOPgn6U0MaWcUOi7cuIorg0uaLAdD1gLhGQ18OrpwO6hxp3/sjfqkiFUa14Z7n9IFlj0TvR mI5gkEXspKL//+spOnsu/i8TUTwgNPTy24p0z3Ti2mcPSV3CQe6YqQpdOuQYUek8BdJaZeDdtVB zJIYDLUS8CYLdVOAnRur9zkhlqIThjjqQSzlec5H/UxoMsrmaBBs8G/eDuelLQgwNcy1eY61txW MSuQZMuiC/QSyPusSW8HP+dMjr5E3VXNk4ieub93qj1RV5fio= X-Received: by 2002:a17:90b:3cc3:b0:35f:bd51:cf60 with SMTP id 98e67ed59e1d1-364c2f23fd8mr2409049a91.1.1777549679480; Thu, 30 Apr 2026 04:47:59 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:47:59 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 23/24] wolfssl: patch CVE-2026-5772 Date: Thu, 30 Apr 2026 23:46:46 +1200 Message-ID: <20260430114649.4184890-23-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:48:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126757 From: Ankur Tyagi Backport commits from the PR[1] mentioned in the nvd[2] [1]https://github.com/wolfSSL/wolfssl/pull/10119 [2]https://nvd.nist.gov/vuln/detail/CVE-2026-5772 Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2026-5772-1.patch | 25 +++++++++++++ .../wolfssl/files/CVE-2026-5772-2.patch | 35 +++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 2 ++ 3 files changed, 62 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5772-1.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5772-2.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5772-1.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5772-1.patch new file mode 100644 index 0000000000..cc285ed58b --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5772-1.patch @@ -0,0 +1,25 @@ +From 9fe2213ba1fd8a05f7fa9b95fa940530b445bae9 Mon Sep 17 00:00:00 2001 +From: Kareem +Date: Wed, 1 Apr 2026 11:28:45 -0700 +Subject: [PATCH] Exit MatchDomainName if pattern or string length reach 0. + +CVE: CVE-2026-5772 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/1274c7b5e7e9e28d88caf60662f6f9624bf834b7] +Signed-off-by: Ankur Tyagi +--- + src/internal.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/internal.c b/src/internal.c +index ccfecc235..1c217b902 100644 +--- a/src/internal.c ++++ b/src/internal.c +@@ -12898,7 +12898,7 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, + if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0) + return 0; + +- while (patternLen > 0) { ++ while (patternLen > 0 && strLen > 0) { + /* Get the next pattern char to evaluate */ + char p = (char)XTOLOWER((unsigned char)*pattern); + if (p == '\0') diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5772-2.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5772-2.patch new file mode 100644 index 0000000000..3ca26a8d9e --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5772-2.patch @@ -0,0 +1,35 @@ +From 89938195b946f709f40f653d90ce215f868c7d79 Mon Sep 17 00:00:00 2001 +From: Kareem +Date: Wed, 1 Apr 2026 11:50:17 -0700 +Subject: [PATCH] Rework check to avoid changing existing logic. + +CVE: CVE-2026-5772 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/90d631232308a59a03f6f6f455f9ac373db7af3d] +Signed-off-by: Ankur Tyagi +--- + src/internal.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/internal.c b/src/internal.c +index 1c217b902..6af03cbf0 100644 +--- a/src/internal.c ++++ b/src/internal.c +@@ -12898,7 +12898,7 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, + if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0) + return 0; + +- while (patternLen > 0 && strLen > 0) { ++ while (patternLen > 0) { + /* Get the next pattern char to evaluate */ + char p = (char)XTOLOWER((unsigned char)*pattern); + if (p == '\0') +@@ -12964,6 +12964,9 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, + wildcardEligible = 0; + } + ++ if (strLen == 0) ++ return 0; ++ + /* Simple case, pattern match exactly */ + if (p != (char)XTOLOWER((unsigned char) *str)) + return 0; diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 17b0960c47..3b3db9ad6f 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -34,6 +34,8 @@ SRC_URI = " \ file://CVE-2026-5446-1.patch \ file://CVE-2026-5446-2.patch \ file://CVE-2026-5447.patch \ + file://CVE-2026-5772-1.patch \ + file://CVE-2026-5772-2.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" From patchwork Thu Apr 30 11:46:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 87279 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61376CCFA13 for ; Thu, 30 Apr 2026 11:48:04 +0000 (UTC) Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.18391.1777549682588657334 for ; Thu, 30 Apr 2026 04:48:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=VuMy+uFk; spf=pass (domain: gmail.com, ip: 209.85.216.54, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pj1-f54.google.com with SMTP id 98e67ed59e1d1-35d90833cacso626610a91.2 for ; Thu, 30 Apr 2026 04:48:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777549682; x=1778154482; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+6e6lM8AdlccnAQ5SBrO/rPuV4th3EepaXoX9eHEHEA=; b=VuMy+uFkoYh9PA6rnodQU+2sV61F/9eyGoemGIe52bBaD1+eInJyQ9lbSoSW85vtwq Cb6ebzUUq8sCf5ogHD8OSE3fLCaP0WOmEqx8pi9PkAxlYBnegm59ofQ1bj4V5r3ZYXw0 6Mo7dTZiHrZFON3/yPsRwEAz4dBKIGBl5lnS5LPE+8GFsofB/ItflDEWSd4txmceaySP ccTa1BsHJkDZmyeFgc2Z3bfzVRBt9dbsoS54J9Uv7w+OMrgKl2OFeg0hhsZYD2Xe+abU VvWZ/innJK9mDFZUIdvmSHvcfTgP5FM4wLQsApU+oybSigL1LOkAwr4l2mVpsgaeT/Pm s0DA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777549682; x=1778154482; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=+6e6lM8AdlccnAQ5SBrO/rPuV4th3EepaXoX9eHEHEA=; b=cCCLepVBgKTa+2tbY1ppYbiJn+1sxdsMamRCgoPJejcsH7JvW97eD/TrNI79CJWLfm Vz/4bhCacYP9h9GmX9SHjALdsDD22W5XCwZCPCaN5oM24dkQofbcNiyLCvhtEdMpEDfP YquNoGW04GwGQdSlQUM6bzCnpaXBw/q9jhTrGUSji0bDMWq7qccka7eHAxYBxGmKXlpz XrjJL9XCrkxjCuqMR/XxBhXy7dkGUhhRzbtmEcciihHb+yreNWWKJqG5eTXUByYkvUcX Ot8jK/JsECzvx63LX8ZoZhCvbdw1OZkLm/wAjYFbX2gP1+cUz92EV5YhIpkbzzk2USX1 uHjw== X-Gm-Message-State: AOJu0YxMURFETdtk484XVXhcV6ZmCpZkNBWL1b1bUtKZdw5Jp8hvQTJb F+HyP3ywS1LC/4o0l7fhPRGpo5IK9IovDpcQ/pJDZTfetUTWoFtJtx/rlUoLO+6K X-Gm-Gg: AeBDietAEBqK8kPk+BGKObosDGHrLuAa0czD3BzH39e5m7l4j1Cz32kIKILdsqe2Mk5 1WhehbvBN8qFnohYejUGojsAZRS+gcZGc68wA/2EuvB8+DxcQbCH7crzGaC+P9uZqWn6CzGSa/S 4JdiRlZyyyY254DmqiFz/DPjqy8XJvOI05xan92irPPa+tqMAH9ZgarW3xRnAhtfN/dmUbpfpOV 8uAAk/QkwNCDY+3j5gbJ0ZJCmHsDcbjRPEX5EpUCiyYxI4r9EP6aEUn9Pw31TutMFpqjtxAHTsp l/9s01WMRMy17PccOx5VEDD2M35WdKfvudQhl8sU6XJEZ6j/fLX9VY8eSctheIOdFyKaXdUf4c3 GqGbHhLec+6MLS2ipy5XM8kdBlOTu3T/1h1o1tq0AJwerRT3WVUvnfH+V9cGagIxA9618pzt81n UbPRju7v7u8b/hqDEN2Z2fu3FuYRNgakXDx+yDNiGXtrlEwWI= X-Received: by 2002:a17:90b:3cc3:b0:35b:e52a:6fe5 with SMTP id 98e67ed59e1d1-364c2f35bd5mr2403492a91.5.1777549681669; Thu, 30 Apr 2026 04:48:01 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([203.211.108.128]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-364c3fa0240sm769953a91.5.2026.04.30.04.47.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Apr 2026 04:48:01 -0700 (PDT) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][whinlatter][PATCH 24/24] wolfssl: patch CVE-2026-5778 Date: Thu, 30 Apr 2026 23:46:47 +1200 Message-ID: <20260430114649.4184890-24-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> References: <20260430114649.4184890-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 30 Apr 2026 11:48:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126758 From: Ankur Tyagi Backport commit from the PR[1] mentioned in the nvd[2] [1]https://github.com/wolfSSL/wolfssl/pull/10125 [2]https://nvd.nist.gov/vuln/detail/CVE-2026-5778 Signed-off-by: Ankur Tyagi --- .../wolfssl/files/CVE-2026-5778.patch | 38 +++++++++++++++++++ .../wolfssl/wolfssl_5.8.0.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5778.patch diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5778.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5778.patch new file mode 100644 index 0000000000..b640b41bd0 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5778.patch @@ -0,0 +1,38 @@ +From 0eee2c2d172a28dc9159211d0d22323c980a48f4 Mon Sep 17 00:00:00 2001 +From: Kareem +Date: Thu, 2 Apr 2026 16:41:55 -0700 +Subject: [PATCH] Add sz check to ChachaAEADDecrypt to prevent potential + underflow. + +Thanks to Zou Dikai for the report. + +(cherry picked from commit 5b6b138964058ab8d30474bc9fdfb5ffcb3a4726) + +CVE: CVE-2026-5778 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/5b6b138964058ab8d30474bc9fdfb5ffcb3a4726] +Signed-off-by: Ankur Tyagi +--- + src/internal.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/internal.c b/src/internal.c +index 6af03cbf0..40d1dd7cc 100644 +--- a/src/internal.c ++++ b/src/internal.c +@@ -19310,10 +19310,15 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, + byte tag[POLY1305_AUTH_SZ]; + byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */ + int ret = 0; +- int msgLen = (sz - ssl->specs.aead_mac_size); ++ int msgLen = 0; + Keys* keys = &ssl->keys; + byte* seq = NULL; + ++ if (sz < ssl->specs.aead_mac_size) { ++ return BAD_FUNC_ARG; ++ } ++ msgLen = (sz - ssl->specs.aead_mac_size); ++ + #ifdef CHACHA_AEAD_TEST + int i; + printf("input before decrypt :\n"); diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 3b3db9ad6f..0f1fe43d79 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -36,6 +36,7 @@ SRC_URI = " \ file://CVE-2026-5447.patch \ file://CVE-2026-5772-1.patch \ file://CVE-2026-5772-2.patch \ + file://CVE-2026-5778.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"