From patchwork Wed Jun 17 07:47:52 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 90345 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA1A7CD98F4 for ; Wed, 17 Jun 2026 07:48:13 +0000 (UTC) Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.10438.1781682488030188937 for ; Wed, 17 Jun 2026 00:48:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=EHjMv7/+; spf=pass (domain: smile.fr, ip: 209.85.221.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-4602e2a0372so4249151f8f.3 for ; Wed, 17 Jun 2026 00:48:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1781682486; x=1782287286; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=PfPgrIfQZmbbJWP79h1om46Wcs87FIo+4i4+JhkhXYw=; b=EHjMv7/+N3q6lA2XnAZhjJhLfHq/G395AH60Bsh8ncrXJYqMrZF/B+2Tst9AeqchPv xfqFCT7i8PJQ4WDIKv1ZW7GhCEzxzMOVQ0LJzS2cfzTC+ObnprykzMnMboDrPsQmHPQi kUDO6VWr3RLj0AsXybAEt+z+7c8DjKsrx3WZs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781682486; x=1782287286; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=PfPgrIfQZmbbJWP79h1om46Wcs87FIo+4i4+JhkhXYw=; b=tRkcuvkeUl6WTC+czJhiwcNVkgV5DoUgDz8fAvZUTAzWtkqA0xri2+9IgCmjdL1txY kC3WfUsUa/Xt3JQhNEpPIgrahe9cMCqe+lyJvG6Rm1+q5S5XQAV3z34ATmaV+8YOwlHD Ff108YrJe5TMYuMyQmMSHVCvkoZsZnaQlUlaSGemjbXZizA1s2ZvQgxrXcaxH9GXwyYA 12HTyDRgDdve9kjF+3hVLdaF6vBo1omrfmnm4TFi/LJQU61adB2j0ZSNsqYcu3TSBxTT 9BX8e1gbSLp45WzMQR806HLgerUSq9di6FLtpin3mxJJxKed0NXHnaY/ahjSD+/UE5UX DOag== X-Gm-Message-State: AOJu0YxhVM/jTyKWhDkcM/bcK5BQGWu8Oqd7we3LWBMGPdOUw4BxC6xT HAsLJhy90ZYsxM4gHbuELNFSkasDJubVCL7zIh2uBZ/hBcWWVZO+5XfhV/PH2//zKQnkTHfyZ6S tyiiJ X-Gm-Gg: AfdE7cmObjT1bnMA2whEkvBNc6y2dCxOkIF/pAkOiGWRdeLNPkZRitU99+MBKgWssk4 VyglMy/K0AtAL5RX8holDbVJL4X2rvFf/Y6Yft4kwoZ2mWrtyUM+uQzg7qsQWDi3g2AFRp8LzgE /xoeKxudl5VrAdLB+6z2BUj3mh/FsPNGQUXpnyn42lvAiZg8x5/rjJSV5HKIZZ6ZQBToJ8aF1r2 XZWZFw0m1Kj8PgArBdCHedSK8Y0gfs2Kk2XUEQLH1rqZYxejHHMAOd6Dz9xaou88xrpkIttvDQj hB/KUrujrJgHcFtPtbgeAguRNYwY6WYaF6cWq4jrn2nOD/rMR9cqb2ShR/7pnUPABGtCBmf5RMh KR+ak8CDCimMtcQGrpRLA2J7oU+ywqJBQCPNzQWZmQVnlROrfKh6CJ0KI29I42aFsifQicK8uoV 7XxKW17Fk1FD66nZXAsVAfMwXzUI4NxcF8HWPiP2OL+FuvxJNmwFTtEKL3BJEKkKrBfTkcFz2l/ jeqsUQvGylhSej2lqBZakMP+WCZ X-Received: by 2002:a5d:6843:0:b0:462:943:7ad8 with SMTP id ffacd0b85a97d-462412c7546mr3107763f8f.31.1781682485970; Wed, 17 Jun 2026 00:48:05 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00bc19bde07170effe.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:bc19:bde0:7170:effe]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4606f2dbfb1sm54721732f8f.35.2026.06.17.00.48.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jun 2026 00:48:05 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][wrynose 1/8] curl: fix CVE-2026-6276 Date: Wed, 17 Jun 2026 09:47:52 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 17 Jun 2026 07:48:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239016 From: Adarsh Jagadish Kamini Backport patch to fix CVE-2026-6276. https://nvd.nist.gov/vuln/detail/CVE-2026-6276 Upstream fix: https://github.com/curl/curl/commit/3a19987a87f393d9394fe5acc7643f6c263c92db Adapted for curl 8.19.0: - Use Curl_safefree (upstream uses curlx_safefree, renamed in later versions) - Drop req->userpwd/req->proxyuserpwd context (not yet moved to SingleRequest in this version) Signed-off-by: Adarsh Jagadish Kamini [YC: fixed indent in curl_8.19.0.bb] Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2026-6276.patch | 315 ++++++++++++++++++ meta/recipes-support/curl/curl_8.19.0.bb | 1 + 2 files changed, 316 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2026-6276.patch diff --git a/meta/recipes-support/curl/curl/CVE-2026-6276.patch b/meta/recipes-support/curl/curl/CVE-2026-6276.patch new file mode 100644 index 00000000000..68bec24e946 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-6276.patch @@ -0,0 +1,315 @@ +From 48d71bc976572aaf09c63ab86b5165762450a507 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 14 Apr 2026 08:51:44 +0200 +Subject: [PATCH] urldata: move cookiehost to struct SingleRequest + +To make it scoped for the single request appropriately. + +Reported-by: Muhamad Arga Reksapati + +Verify with libtest 2504: a custom Host *disabled* on reused handle + +Closes #21312 + +CVE: CVE-2026-6276 +Upstream-Status: Backport [https://github.com/curl/curl/commit/3a19987a87f393d9394fe5acc7643f6c263c92db] + +Signed-off-by: Adarsh Jagadish Kamini +--- + lib/http.c | 14 +++--- + lib/request.c | 3 ++ + lib/request.h | 3 ++ + lib/url.c | 2 +- + lib/urldata.h | 3 -- + tests/data/Makefile.am | 2 +- + tests/data/test2504 | 52 +++++++++++++++++++++ + tests/libtest/Makefile.inc | 2 +- + tests/libtest/lib2504.c | 93 ++++++++++++++++++++++++++++++++++++++ + 9 files changed, 162 insertions(+), 12 deletions(-) + create mode 100644 tests/data/test2504 + create mode 100644 tests/libtest/lib2504.c + +diff --git a/lib/http.c b/lib/http.c +index 188da5fd83..7ebbdfa551 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -2002,6 +2002,9 @@ static CURLcode http_set_aptr_host(struct Curl_easy *data) + data->state.first_remote_protocol = conn->scheme->protocol; + } + Curl_safefree(aptr->host); ++#ifndef CURL_DISABLE_COOKIES ++ Curl_safefree(data->req.cookiehost); ++#endif + + ptr = Curl_checkheaders(data, STRCONST("Host")); + if(ptr && (!data->state.this_is_a_follow || +@@ -2037,8 +2040,7 @@ static CURLcode http_set_aptr_host(struct Curl_easy *data) + if(colon) + *colon = 0; /* The host must not include an embedded port number */ + } +- curlx_free(aptr->cookiehost); +- aptr->cookiehost = cookiehost; ++ data->req.cookiehost = cookiehost; + } + #endif + +@@ -2538,8 +2540,8 @@ static CURLcode http_cookies(struct Curl_easy *data, + + if(data->cookies && data->state.cookie_engine) { + bool okay; +- const char *host = data->state.aptr.cookiehost ? +- data->state.aptr.cookiehost : data->conn->host.name; ++ const char *host = data->req.cookiehost ? ++ data->req.cookiehost : data->conn->host.name; + Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); + result = Curl_cookie_getlist(data, data->conn, &okay, host, &list); + if(!result && okay) { +@@ -3545,8 +3547,8 @@ static CURLcode http_header_s(struct Curl_easy *data, + if(v) { + /* If there is a custom-set Host: name, use it here, or else use + * real peer hostname. */ +- const char *host = data->state.aptr.cookiehost ? +- data->state.aptr.cookiehost : conn->host.name; ++ const char *host = data->req.cookiehost ? ++ data->req.cookiehost : conn->host.name; + const bool secure_context = Curl_secure_context(conn, host); + CURLcode result; + Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); +diff --git a/lib/request.c b/lib/request.c +index 66077530d7..765dbac058 100644 +--- a/lib/request.c ++++ b/lib/request.c +@@ -113,6 +113,9 @@ void Curl_req_hard_reset(struct SingleRequest *req, struct Curl_easy *data) + struct curltime t0 = { 0, 0 }; + + Curl_safefree(req->newurl); ++#ifndef CURL_DISABLE_COOKIES ++ Curl_safefree(req->cookiehost); ++#endif + Curl_client_reset(data); + if(req->sendbuf_init) + Curl_bufq_reset(&req->sendbuf); +diff --git a/lib/request.h b/lib/request.h +index 5332d48538..6e4bd0fb6e 100644 +--- a/lib/request.h ++++ b/lib/request.h +@@ -95,6 +95,9 @@ struct SingleRequest { + char *newurl; /* Set to the new URL to use when a redirect or a retry is + wanted */ + ++#ifndef CURL_DISABLE_COOKIES ++ char *cookiehost; ++#endif + #ifndef CURL_DISABLE_COOKIES + unsigned char setcookies; + #endif +diff --git a/lib/url.c b/lib/url.c +index ec0457bcdd..b9e308add2 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -304,7 +304,7 @@ CURLcode Curl_close(struct Curl_easy **datap) + Curl_safefree(data->state.aptr.ref); + Curl_safefree(data->state.aptr.host); + #ifndef CURL_DISABLE_COOKIES +- Curl_safefree(data->state.aptr.cookiehost); ++ Curl_safefree(data->req.cookiehost); + #endif + #ifndef CURL_DISABLE_RTSP + Curl_safefree(data->state.aptr.rtsp_transport); +diff --git a/lib/urldata.h b/lib/urldata.h +index 5ae148054b..d71337c8f6 100644 +--- a/lib/urldata.h ++++ b/lib/urldata.h +@@ -1052,9 +1052,6 @@ struct UrlState { + char *rangeline; + char *ref; + char *host; +-#ifndef CURL_DISABLE_COOKIES +- char *cookiehost; +-#endif + #ifndef CURL_DISABLE_RTSP + char *rtsp_transport; + #endif +diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am +index 53abf60901..da0f8f55d4 100644 +--- a/tests/data/Makefile.am ++++ b/tests/data/Makefile.am +@@ -264,7 +264,7 @@ test2309 \ + \ + test2400 test2401 test2402 test2403 test2404 test2405 test2406 test2407 \ + \ +-test2500 test2501 test2502 test2503 \ ++test2500 test2501 test2502 test2503 test2504 \ + \ + test2600 test2601 test2602 test2603 test2604 test2605 \ + \ +diff --git a/tests/data/test2504 b/tests/data/test2504 +new file mode 100644 +index 0000000000..8cec1c8210 +--- /dev/null ++++ b/tests/data/test2504 +@@ -0,0 +1,52 @@ ++ ++ ++ ++ ++HTTP ++cookies ++ ++ ++ ++# Server-side ++ ++ ++HTTP/1.1 200 OK ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: server.example.com ++Content-Length: 47 ++Set-Cookie: sid=SECRET123; Path=/ ++ ++file contents should appear once for each file ++ ++ ++ ++# Client-side ++ ++ ++http ++ ++ ++lib%TESTNUMBER ++ ++ ++custom Host with cookie, handle reuse, no custom Host: ++ ++ ++http://%HOSTIP:%HTTPPORT ++ ++ ++ ++# Verify data after the test has been "shot" ++ ++ ++GET / HTTP/1.1 ++Host: victim.internal ++Accept: */* ++ ++GET / HTTP/1.1 ++Host: %HOSTIP:%HTTPPORT ++Accept: */* ++ ++ ++ ++ +diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc +index e3202804a9..2319bafe72 100644 +--- a/tests/libtest/Makefile.inc ++++ b/tests/libtest/Makefile.inc +@@ -113,7 +113,7 @@ TESTS_C = \ + lib2023.c lib2032.c lib2082.c \ + lib2301.c lib2302.c lib2304.c lib2306.c lib2308.c lib2309.c \ + lib2402.c lib2404.c lib2405.c \ +- lib2502.c \ ++ lib2502.c lib2504.c \ + lib2700.c \ + lib3010.c lib3025.c lib3026.c lib3027.c lib3033.c lib3034.c \ + lib3100.c lib3101.c lib3102.c lib3103.c lib3104.c lib3105.c \ +diff --git a/tests/libtest/lib2504.c b/tests/libtest/lib2504.c +new file mode 100644 +index 0000000000..72b965d6e6 +--- /dev/null ++++ b/tests/libtest/lib2504.c +@@ -0,0 +1,93 @@ ++/*************************************************************************** ++ * _ _ ____ _ ++ * Project ___| | | | _ \| | ++ * / __| | | | |_) | | ++ * | (__| |_| | _ <| |___ ++ * \___|\___/|_| \_\_____| ++ * ++ * Copyright (C) Linus Nielsen Feltzing ++ * ++ * This software is licensed as described in the file COPYING, which ++ * you should have received as part of this distribution. The terms ++ * are also available at https://curl.se/docs/copyright.html. ++ * ++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell ++ * copies of the Software, and permit persons to whom the Software is ++ * furnished to do so, under the terms of the COPYING file. ++ * ++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY ++ * KIND, either express or implied. ++ * ++ * SPDX-License-Identifier: curl ++ * ++ ***************************************************************************/ ++#include "first.h" ++ ++#include "testtrace.h" ++ ++static size_t sink2504(char *ptr, size_t size, size_t nmemb, void *ud) ++{ ++ (void)ptr; ++ (void)ud; ++ return size * nmemb; ++} ++ ++static void dump_cookies2504(CURL *h, const char *tag) ++{ ++ struct curl_slist *cookies = NULL; ++ struct curl_slist *nc; ++ CURLcode rc = curl_easy_getinfo(h, CURLINFO_COOKIELIST, &cookies); ++ ++ curl_mprintf("== %s ==\n", tag); ++ if(rc) { ++ curl_mprintf("getinfo error: %d\n", (int)rc); ++ return; ++ } ++ for(nc = cookies; nc; nc = nc->next) ++ puts(nc->data); ++ curl_slist_free_all(cookies); ++} ++ ++static CURLcode test_lib2504(const char *URL) ++{ ++ CURL *curl; ++ CURLcode result = CURLE_OUT_OF_MEMORY; ++ struct curl_slist *hdrs = NULL; ++ ++ if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) { ++ curl_mfprintf(stderr, "curl_global_init() failed\n"); ++ return TEST_ERR_MAJOR_BAD; ++ } ++ ++ curl = curl_easy_init(); ++ if(!curl) { ++ curl_mfprintf(stderr, "curl_easy_init() failed\n"); ++ curl_global_cleanup(); ++ return TEST_ERR_MAJOR_BAD; ++ } ++ ++ hdrs = curl_slist_append(hdrs, "Host: victim.internal"); ++ if(hdrs) { ++ test_setopt(curl, CURLOPT_WRITEFUNCTION, sink2504); ++ test_setopt(curl, CURLOPT_COOKIEFILE, ""); ++ test_setopt(curl, CURLOPT_HTTPHEADER, hdrs); ++ test_setopt(curl, CURLOPT_URL, URL); ++ ++ result = curl_easy_perform(curl); ++ curl_mprintf("req1=%d\n", (int)result); ++ dump_cookies2504(curl, "after request 1"); ++ ++ test_setopt(curl, CURLOPT_HTTPHEADER, NULL); ++ test_setopt(curl, CURLOPT_URL, URL); ++ ++ result = curl_easy_perform(curl); ++ curl_mprintf("req2=%d\n", (int)result); ++ dump_cookies2504(curl, "after request 2"); ++ } ++test_cleanup: ++ curl_slist_free_all(hdrs); ++ curl_easy_cleanup(curl); ++ curl_global_cleanup(); ++ ++ return result; ++} diff --git a/meta/recipes-support/curl/curl_8.19.0.bb b/meta/recipes-support/curl/curl_8.19.0.bb index b9251336b8b..9aa2ccb7870 100644 --- a/meta/recipes-support/curl/curl_8.19.0.bb +++ b/meta/recipes-support/curl/curl_8.19.0.bb @@ -14,6 +14,7 @@ SRC_URI = " \ file://run-ptest \ file://disable-tests \ file://no-test-timeout.patch \ + file://CVE-2026-6276.patch \ " SRC_URI:append:class-nativesdk = " \ From patchwork Wed Jun 17 07:47:53 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 90342 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 109FFCD98F5 for ; Wed, 17 Jun 2026 07:48:14 +0000 (UTC) Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.10439.1781682488333451997 for ; Wed, 17 Jun 2026 00:48:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=uQKvKGEU; spf=pass (domain: smile.fr, ip: 209.85.221.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f42.google.com with SMTP id ffacd0b85a97d-4619990ca5fso1952281f8f.1 for ; Wed, 17 Jun 2026 00:48:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1781682486; x=1782287286; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=syP5TuopevqJ8BRYp06FKgLnD30WQWd0veHkA6coQrk=; b=uQKvKGEU8R3NFPLfofFxfzcDarzHJGb68PAib5irEJWAdcQsOXVTfv8D4R3eLIIU8H /v8zXVSxFJrhKyNfj+tawPwfzLGXcStuFeD8cDBJiQJTLklh+4RiBxejy2gzY8AcnWLf lWjqZwvucYS8AM+WseAMpSJz1ZSQLkNKb8xR4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781682486; x=1782287286; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=syP5TuopevqJ8BRYp06FKgLnD30WQWd0veHkA6coQrk=; b=Fu7BxuUn1QcDO/HnIVE7OU1Abc7FWUV7yzNB/aqvfUV6MkiyEjfJLMk3bqIoFD2Jlc JqfzF82jDxyjs/l5Phml5VS8Lt4iumhg0h1rRHxPQMI2fdWg+zeQqY8C6Dwu00E1xL8x +NgPwz+1Fwz65DU/JvTJM4dX5AG0+zKjU9NVtBbFJj35bU9hpraWRgG97UToGxexM/kf 9lFN2LJuGzzZLXQ+9hpILFyuE0VXSogf91K3Trf8bpZj/oVIdH75/0Dyzqdx04QtYOHh 95Sqf3h8TW2wNJiXJxGpN5hItFD2aFClDvmMyMf6baAgovo2VCI2/uFp61hZaJQFuXYA F4yw== X-Gm-Message-State: AOJu0YwYwKgPN2O4OSiZ6Jmd/UTl820ZRVPdZ9wi2HczSij7MUEnjH52 HWxl00SzZ4j7MGcNpgWapEU+dyxYEwntGk8fToYYo4STBVLhLB2ElBNMPE67bsHZaKAnVkcTd70 xAoqa X-Gm-Gg: Acq92OFrq1SOLhAy+res5TTIqVgpZXr6t5FWvW9p611MGJ01vss0t4sAPisUgcTYnSV RuLMH+3GEzWaMV2iDK4lblhyhuMYcfDGZXWlzaqko3vrdzm1+NuCB1VDW+HOudnkYP/3GTJlw37 K9vifX2YtSGTSgrq/GkBtRXqTeqeGzpbBHi00M7/vVJ/KqarrAJAw2TDK6LN/444dtB1mA0AGfS lej2JX2yjAeKOln2UhPI2UePWSGSJcsfzPMKhQ3J1ENN6rVXZWue/1o9/c+saKTV+sIg2Y9td+4 uwVVQJMaxDZ1OvvswSO9NMlTospVOgBcgfcIBCFJvnpekW4qLMzzwH0yXJknT6SAVJQKxJZZPwh ysDtwcxSH0v5ZDx3S1ZEa6HfvSyQME5n/XEIieZbOAodgftKL2XeFP6ymmzBCLs0ferHYdoRFJw oA4L9BasoO37cwIwIo0H9pLOQdwvx1Z6YiSwbLZl16FwGRZBNM0sw7n10MIIqULvIztLdQbV+IM ARKnCepsrGaYg3oAw== X-Received: by 2002:a05:600d:84ca:20b0:490:c2a2:b1d4 with SMTP id 5b1f17b1804b1-492333f7f68mr32446025e9.35.1781682486475; Wed, 17 Jun 2026 00:48:06 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00bc19bde07170effe.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:bc19:bde0:7170:effe]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4606f2dbfb1sm54721732f8f.35.2026.06.17.00.48.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jun 2026 00:48:06 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][wrynose 2/8] conf/machine: fix typos in ARM and x86 README files Date: Wed, 17 Jun 2026 09:47:53 +0200 Message-ID: <9ec47b2706c28fe9a92303ddd150c5dadb38f713.1781682367.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 17 Jun 2026 07:48:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239017 From: Prabhudasu Vatala Correct spelling errors in the machine include README documentation for both ARM and x86 architectures to improve clarity. ARM changes: - Fix TUNE_PKGACH -> TUNE_PKGARCH. - Fix "definiton" -> "definition". - Fix "curently" -> "Currently". - Fix "specificed" -> "specified". x86 changes: - Fix "define" -> "defined". - Fix "to to" duplication. Signed-off-by: Prabhudasu Vatala (cherry picked from commit a77dd221c31e44a17784c15f5402ef785fb9c1b7) Signed-off-by: Yoann Congal --- meta/conf/machine/include/arm/README | 6 +++--- meta/conf/machine/include/x86/README | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/meta/conf/machine/include/arm/README b/meta/conf/machine/include/arm/README index c5637798e6f..bccbb1bdee9 100644 --- a/meta/conf/machine/include/arm/README +++ b/meta/conf/machine/include/arm/README @@ -10,7 +10,7 @@ of the existence of the "bigendian" feature in a given tune. A small set of ARM specific variables have been defined to allow TUNE_PKGARCH to be automatically defined. Optimized tunings must NOT -change the definiton of TUNE_PKGARCH. TUNE_PKGACH:tune- will be +change the definition of TUNE_PKGARCH. TUNE_PKGARCH:tune- will be ignored. The format of the package arch is enforced by the TUNE_PKGARCH default. The format must be of the form: [t][e][hf][b][-vfp][-neon] @@ -22,14 +22,14 @@ ARMPKGARCH - This is the core package arch component specified by each tuning. This is the primary identifier of a tuning. Usual values are: arm, armv4, armv5, armv6, armv7a, etc. -ARMPKGSFX_THUMB - This is the thumb specific suffix. Curently it is +ARMPKGSFX_THUMB - This is the thumb specific suffix. Currently it is defined in feature-arm-thumb.inc. ARMPKGSFX_DSP - This is the DSP specific suffix. Currently this is set to 'e' when on armv5 and the dsp feature is enabled. ARMPKGSFX_EABI - This is the eabi specific suffix. There are currently -two defined ABIs specificed, standard EABI and Hard Float (VFP) EABI. +two defined ABIs specified, standard EABI and Hard Float (VFP) EABI. When the callconvention-hard is enabled, "hf" is specified, otherwise it is blank. diff --git a/meta/conf/machine/include/x86/README b/meta/conf/machine/include/x86/README index 05aee533a71..f0a1882d818 100644 --- a/meta/conf/machine/include/x86/README +++ b/meta/conf/machine/include/x86/README @@ -4,7 +4,7 @@ Most of the items for the X86 architectures are defined in the single arch-x86 file. -Three ABIs are define, m32, mx32 and m64. +Three ABIs are defined, m32, mx32 and m64. The following is the list of X86 specific variables: @@ -17,7 +17,7 @@ The TUNE_PKGARCH is defined as follows: TUNE_PKGARCH = ${TUNE_PKGARCH:tune-${DEFAULTTUNE}} The package architecture for 32-bit targets is historical and generally -set to to match the core compatible processor type, i.e. i386. +set to match the core compatible processor type, i.e. i386. For 64-bit architectures, the architecture is expected to end in '_64'. From patchwork Wed Jun 17 07:47:54 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 90344 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34624CD98F6 for ; Wed, 17 Jun 2026 07:48:14 +0000 (UTC) Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.10441.1781682488805867694 for ; Wed, 17 Jun 2026 00:48:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=xh2gVqRb; spf=pass (domain: smile.fr, ip: 209.85.221.53, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-4629051c946so222610f8f.1 for ; Wed, 17 Jun 2026 00:48:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1781682487; x=1782287287; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=A71wNK+X40bMh1SpR6Xf0A23hvLl/NHbPtvyQMhVzw4=; b=xh2gVqRbOfQwgdD88Sk/5AusH3QLOlsh2m+LSUtdACgdbrQPtuu6Mz20N/q5L50XkC TTbUG3FE0Ol2EMf4n1bYg1j/C3MjjYrdyawLvyKwoTAhCcekyTkWdgzRIfZ7nZNBLryc OMc8pmJDGu1Kbf2kuTkhVTQoqlvi0qk1lGVrM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781682487; x=1782287287; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=A71wNK+X40bMh1SpR6Xf0A23hvLl/NHbPtvyQMhVzw4=; b=V1ETY0tabQA1IAF5NCyizhWNKOi/fCYzlcSEG1zTIX5Id7jyrb4ZnJz4ZcF2bH64lR Iiv+B4BgFvwe6TnQenhg7fTiM8uD+7zGyTbF+b/JnIbW5/xKcIRRsRLjzTQ5ecjJ8cF1 ftGI62aQzsH4IBdcIP5ld8QGK6UwKctCvO6teOqqdSj/8RhQ/qg1RBNulTAaZpeuiOC5 CzBbvWnAc7g7iqeg/zHaIPUBJ6G/HiUZJabbYQIsE/BeAEQSO3x+LV4k5M/Rgsd0mNDT yx32aMMKhR1fMy5tYworALFQ4lp2RrYMlmAN6zyDLu2NhVhTUVa70edFiPhK1P6Z20C3 TTYQ== X-Gm-Message-State: AOJu0YzSDRDa6shWqPWIWN9avY9OP0D47h/oLuvZkXqK4h151S0JmiGf r4blxPnbWqJf9rZ7BOZQ1plpNNgE6vQMzo4sK5tkH4SCynwk0W156jl2LjOYu4w+8pl+TlO4sYP 5c4Q9 X-Gm-Gg: AfdE7cliNa+MZAQZCwouygUh+IWl2CmN0qFcIk8wGE3Rov3ax9Ynv/rJ9koP+2fi2PU 8aOKYVoOMtyYS+6cdIcLk6h9Rr9zeyUashRXwQ2L6K768iO1msZKxgBZ0OoVGTdps79eR1YKFRB GpMpt+SJRT84oLzDc9ZBbqlwSMjdlGFatQLGieK5EjSGjB+0WnYNvNIU7PSBw7YBtq6eqJ/KROR cfvIh2oOXSmZ6UpVEsQJ5BgGdmj9UYdPVLrmum7aKfHkS/mBsG8ipzU/3fjl3D0+gk0Svt1Oqra RkubWrvcuKLw8XJLICMJ6di2Uit78a3359sEeLfqvEP+Z+9Sge3OYHCRyGc/Evt+1Z6hrytNRte bRNZOCrvV4cjo3+XEF/zxrclmxfGUoGSZjPEg+G5zUYN+inPiQqVXTeFc1TjAV5irdWBbmqHuy2 Zin1eRHsvoq0k6H0gn8aesNIHwnaUAN/j/BF+laNqNaltiXQZy71P7BubIMHTttzO1ln77tJLt7 j00YTkjQOOpTd/nVQ== X-Received: by 2002:a5d:6f08:0:b0:460:21e7:330e with SMTP id ffacd0b85a97d-462692f8afemr3034479f8f.10.1781682486975; Wed, 17 Jun 2026 00:48:06 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00bc19bde07170effe.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:bc19:bde0:7170:effe]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4606f2dbfb1sm54721732f8f.35.2026.06.17.00.48.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jun 2026 00:48:06 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][wrynose 3/8] curl: fix mbedtls detection Date: Wed, 17 Jun 2026 09:47:54 +0200 Message-ID: <903cae3bd478565c11fe913034fc5e3d7eef9286.1781682367.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 17 Jun 2026 07:48:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239018 From: Ross Burton The mbedtls detection logic in curl is broken and resulted in build paths leaking into curl-config and libcurl.pc. Backport a patch to fix the detection by looking for a symbol that wasn't removed in mbedtls 3.0 five years ago, and remove the explicit sysroot reference as it is no longer needed. Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit c6ba523565325571bf7e21d39a6839b7f42c7083) Signed-off-by: Yoann Congal --- meta/recipes-support/curl/curl/mbedtls.patch | 41 ++++++++++++++++++++ meta/recipes-support/curl/curl_8.19.0.bb | 3 +- 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/curl/curl/mbedtls.patch diff --git a/meta/recipes-support/curl/curl/mbedtls.patch b/meta/recipes-support/curl/curl/mbedtls.patch new file mode 100644 index 00000000000..f2f2c457aa5 --- /dev/null +++ b/meta/recipes-support/curl/curl/mbedtls.patch @@ -0,0 +1,41 @@ +From 50b1408f97d9e8fc585c5351cbf86bf60a30eb59 Mon Sep 17 00:00:00 2001 +From: Viktor Szakats +Date: Sat, 23 May 2026 01:05:10 +0200 +Subject: [PATCH] autotools: mbedtls detection fixes + +- fix symbol used for first-round detection. +- skip detecting mbedtls on custom path if custom path was not supplied. + +Reported-by: Ross Burton +Fixes #21727 + +Closes #21729 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/50b1408f97d9e8fc585c5351cbf86bf60a30eb59] +Signed-off-by: Ross Burton +--- + m4/curl-mbedtls.m4 | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/m4/curl-mbedtls.m4 b/m4/curl-mbedtls.m4 +index 7c5bccd22983..6887302592d6 100644 +--- a/m4/curl-mbedtls.m4 ++++ b/m4/curl-mbedtls.m4 +@@ -42,7 +42,7 @@ if test "x$OPT_MBEDTLS" != "xno"; then + if test -z "$OPT_MBEDTLS"; then + dnl check for lib first without setting any new path + +- AC_CHECK_LIB(mbedtls, mbedtls_havege_init, ++ AC_CHECK_LIB(mbedtls, mbedtls_ssl_init, + dnl libmbedtls found, set the variable + [ + AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled]) +@@ -58,7 +58,7 @@ if test "x$OPT_MBEDTLS" != "xno"; then + addcflags="" + mbedtlslib="" + +- if test "$USE_MBEDTLS" != "yes"; then ++ if test "$USE_MBEDTLS" != "yes" && test -n "$OPT_MBEDTLS"; then + dnl add the path and test again + addld=-L$OPT_MBEDTLS/lib$libsuff + addcflags=-I$OPT_MBEDTLS/include diff --git a/meta/recipes-support/curl/curl_8.19.0.bb b/meta/recipes-support/curl/curl_8.19.0.bb index 9aa2ccb7870..d58b7740112 100644 --- a/meta/recipes-support/curl/curl_8.19.0.bb +++ b/meta/recipes-support/curl/curl_8.19.0.bb @@ -15,6 +15,7 @@ SRC_URI = " \ file://disable-tests \ file://no-test-timeout.patch \ file://CVE-2026-6276.patch \ + file://mbedtls.patch \ " SRC_URI:append:class-nativesdk = " \ @@ -57,7 +58,7 @@ PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,openldap" PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl" PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" -PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls" +PACKAGECONFIG[mbedtls] = "--with-mbedtls,--without-mbedtls,mbedtls" PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt," PACKAGECONFIG[negotiate-auth] = "--enable-negotiate-auth,--disable-negotiate-auth" PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2" From patchwork Wed Jun 17 07:47:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 90343 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4CF04CD98F8 for ; Wed, 17 Jun 2026 07:48:14 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.10442.1781682489325921517 for ; Wed, 17 Jun 2026 00:48:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=qJbthms1; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-490b9318997so39735305e9.2 for ; Wed, 17 Jun 2026 00:48:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1781682487; x=1782287287; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OkrRUqhGrvnQyrk75T5lAdJZhMXyyEmb7w75MB6HB9k=; b=qJbthms1Y0u9UwuyIXAqQFBufzuVyNFnEeceVD95nERhILdRjH7SIuoVvIngdv8kz8 8Re2E2GmubijxF9GQUHJNh8RwDuiKJtxGaBzkUNq+x8/9h2xS/yaWHE4vjuI3/V+Zf8E 84ZZjP2CGZu3uuN1+N7XeBl8qF0NN5vm4799M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781682487; x=1782287287; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=OkrRUqhGrvnQyrk75T5lAdJZhMXyyEmb7w75MB6HB9k=; b=PaP2ic4T1K1ZLM4APu9ijMus6aPes3HTsLeUDuZz0GStohQpDyeXMBHkiTFi3Au844 jhyiubbSCd09U83fk+er4X0Vp8HuI6lgniUaEutl0t6b2frrJRIOemxPuyb1hTR0slmO OFwzbFmaYNWitA23mpezS5yRLyuyIeQJYtDQCsH+KQm+vGgpPzCgdrvtYa+1cc2Z4RBN QZCIOAdsjRnXl00Sol+dHGJT/vrCmCLym9kQc4Yy9Rrk4yT1mr2k0qdjWmi49iUsLTew xeigD3d+t0ARox+8s2LH3IHpA1H0ah2BQck8eGPYIj4XI2XIQGxt8lNVPL3sXZFq9ziG u5KQ== X-Gm-Message-State: AOJu0YxdP86WIuB/VuWhuI9gIhn/m3yS3wVmW0THeUbUP1Smuu/w9mTV dSMC5y+wRb9GU8fEyp5n6/He2/phOIB4NQp0yu2dJOkbU6QRZTDnF+WAJT57wXHmASVVhuwSWLo 2haBo X-Gm-Gg: Acq92OGbdvZ3d8+LYwWwKnv8+rk9AneN8iTKIdEVHYjJ5TXI6KO7kguw0S2vAB3OMF9 oxLwZMnPXiuIJnK+eAk896XjyBLqnhnTa0bFdPa7jeStdPpQWZcXmbxQHgCy9LyTQdNQxLYN4Ez a1G4wb2PWGQSKxBSRLDiDn4NWlNQuzlAyLr0AeJHTEdH9cIkeaZAIu000P6q4NIFO2HQl0MLvqL ZNTZjYeBwLgTF/gVXeCpJ5ELNZZYS2LmDpmcSMR87VsS7eq4g8mDns2trk8wrnMwqw1BHv7EAhu TGs74sqTHKlEKdwana77Q4286K4N8vuejiLk0JjZxkHqxNCGO5kDXGJ1GO0Eyo4ZtaCb21TWnPP 1zu7xoehizfQPbHCxJgDZc2yCsiUVfdhRif5lSYpS4wY1fo/gQcQ+2aebUuSfhTcEJQJXqQc3xe qMuwWCWfZhChTCsaqmc0eSFGrIJUxSVGnoyIfCC2g1ect/R5rBaq0+WIp/U7uoX8h80PnfhFTk8 yzhSwFzwVqQAyN/3w== X-Received: by 2002:a05:600d:103:b0:492:10e8:3f92 with SMTP id 5b1f17b1804b1-492333c94f6mr29357575e9.17.1781682487488; Wed, 17 Jun 2026 00:48:07 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00bc19bde07170effe.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:bc19:bde0:7170:effe]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4606f2dbfb1sm54721732f8f.35.2026.06.17.00.48.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jun 2026 00:48:07 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][wrynose 4/8] qemu: Fix CVE-2024-6519 Date: Wed, 17 Jun 2026 09:47:55 +0200 Message-ID: <4640175a9f2795d132572c8993c6fb98a96c8a21.1781682367.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 17 Jun 2026 07:48:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239019 From: Deepak Rathore This patch applies the upstream QEMU fix for CVE-2024-6519. The upstream fix commit is referenced in [1], the Debian tracker fix status is referenced in [2], and the public security advisory is referenced in [3]. [1] https://gitlab.com/qemu-project/qemu/-/commit/4862d2c95104d9fd0430cc003c205094f8ada1f9 [2] https://security-tracker.debian.org/tracker/CVE-2024-6519 [3] https://www.zerodayinitiative.com/advisories/ZDI-24-1382/ Signed-off-by: Deepak Rathore Signed-off-by: Yoann Congal --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2024-6519.patch | 53 +++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-6519.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 5f30416a483..4b6c2252b7f 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -36,6 +36,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0001-accel-tcg-Fix-iotlb_to_section-for-different-Address.patch \ file://qemu-guest-agent.init \ file://qemu-guest-agent.udev \ + file://CVE-2024-6519.patch \ " # file index at download.qemu.org isn't reliable: https://gitlab.com/qemu-project/qemu-web/-/issues/9 UPSTREAM_CHECK_URI = "https://www.qemu.org" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-6519.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-6519.patch new file mode 100644 index 00000000000..9bd36bed2c3 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-6519.patch @@ -0,0 +1,53 @@ +From 56cd5218a61d7365e501b57d8d79330ffa696031 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Fri, 27 Mar 2026 17:37:31 +0100 +Subject: [PATCH] lsi53c895a: keep a reference to the device while SCRIPTS + execute + +SCRIPTS execution can trigger PCI device unplug and consequently +a use-after-free after the unplug returns. Avoid this by keeping +the device alive. + +Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3090 + +CVE: CVE-2024-6519 +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/4862d2c95104d9fd0430cc003c205094f8ada1f9] + +Cc: qemu-stable@nongnu.org +Signed-off-by: Paolo Bonzini +(cherry picked from commit 4862d2c95104d9fd0430cc003c205094f8ada1f9) +Signed-off-by: Deepak Rathore +--- + hw/scsi/lsi53c895a.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c +index 9ea4aa0a853..2cc7e945e16 100644 +--- a/hw/scsi/lsi53c895a.c ++++ b/hw/scsi/lsi53c895a.c +@@ -1163,6 +1163,7 @@ static void lsi_execute_script(LSIState *s) + s->waiting = LSI_NOWAIT; + } + ++ object_ref(s); + reentrancy_level++; + + s->istat1 |= LSI_ISTAT1_SRUN; +@@ -1182,6 +1183,7 @@ again: + s->waiting = LSI_WAIT_SCRIPTS; + lsi_scripts_timer_start(s); + reentrancy_level--; ++ object_unref(s); + return; + } + insn = read_dword(s, s->dsp); +@@ -1630,6 +1632,7 @@ again: + trace_lsi_execute_script_stop(); + + reentrancy_level--; ++ object_unref(s); + } + + static uint8_t lsi_reg_readb(LSIState *s, int offset) +-- +2.35.6 From patchwork Wed Jun 17 07:47:56 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 90340 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8974CD98EE for ; Wed, 17 Jun 2026 07:48:13 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.10267.1781682489712408931 for ; Wed, 17 Jun 2026 00:48:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=WNLCy6/r; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-490b1bbcf3aso41006515e9.1 for ; Wed, 17 Jun 2026 00:48:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1781682488; x=1782287288; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jq6UoQQsiXd61WZGnI4lquwXIIhpusdEUYdqrZ810zs=; b=WNLCy6/rHJDMXnrT7dXeBqZxXH/n/3WDicgu5WVAoUyAK4WPzhFfQUBKfICDlnB40O 4dTMy3Hsb0jGjTesjJLQHjPFL7lkv4+Codk0IcuZhacvVOJJwBV4zf0g9qkV+c1qMQ7z MvapaPRs2bg9wuAvZkXSIPlji2CTBbOL1zFwg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781682488; x=1782287288; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=jq6UoQQsiXd61WZGnI4lquwXIIhpusdEUYdqrZ810zs=; b=LrB3AR4BeO7vMne2a400//DsxuxRX8hwHHnVQsbEWkm8UT1FrvuDLqb5lMkY2iGXk2 tv7Qc0hOh5gCYNa4N5RdtQI+aceMmXyDa5G0ZN0AmsDmRvzy+iiCj+6tsWtQ+i4+w4/k WhNWkP7GuL+K7U9WQX4QONG9u8g8B/ADfGg3HMxye0MdipIEYxBpFu0DrzRAE2eYGs9W pfqXC2YQJp3PvVEIU4AyPRTdSPW7tliODszyu8UdHrJtUv1N9blBM1D3yncJZYm/CSbm TSDI3NlCcZclTBFfKb8UBkrA3PiT59hlDr3m/ua+kcKIH6IBQN1NbcvRAOtu319PrHOf IaMQ== X-Gm-Message-State: AOJu0Yw8jLjlDxZXPiwIl6KjipoKfJSb339jzZ/HDZsMTSljUBHjFwhQ hE0AFnd02ZKUvQqo3EYBIe/it+Zo5KCp/7WYQUnFWNBXJ6rdoBvQNUmaWkA5D3eHYruyf1Sq046 y0pDK X-Gm-Gg: Acq92OFYK/fdVDdSr4TjESQHnvyhpi3Ja6CZ2o0+ANjOpN918k+sZBGtM2RQxOZID5K QsgzoDR2cuygOqEMdwMqPOjX7yV7GM7kJLbnsyc2AnssT5wlA899AGyqYCfo/dOAFD1BrHCqsOH XkMYRuBrl+JmPASjr7K58RdgHSn3AuiMkXmJzJP1tZabxPaMrDGMSAagvoFVPdIErfpfJKC4INu 94AzQZnBintu4uXfWhRKMuLvZjAxKr5q7JlEc8xL15LrM/Kxg5EaqGZksM/+vX/cMQCkQusQ0ri nqkbsF8Jab3lgwWCisr3x9oMBrM0OfbDQ6S9ObIOuTGwX70tphJ0WraJsB3Wl4jrKVI0ZaLiXU1 aoNbK0bWbOfHq2oq9Ke1JwjdgjCplmpyojx4U4fQr5D7iZgHsc9odp0arGeaFgjpRrHzLmSgKX8 1QmKLvNie2nssk9yB6EJlNpWa4bQbxvIsOHU3ih8IVCQjmA0qeBs7bx6CZBFegzsZ5phRMUJ/SN h6ZCjP2zwfSgssELg8/7p7Q9za/ X-Received: by 2002:a05:600c:a30c:b0:490:be1e:6ce6 with SMTP id 5b1f17b1804b1-492333aead6mr39813685e9.9.1781682487984; Wed, 17 Jun 2026 00:48:07 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00bc19bde07170effe.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:bc19:bde0:7170:effe]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4606f2dbfb1sm54721732f8f.35.2026.06.17.00.48.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jun 2026 00:48:07 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][wrynose 5/8] wireless-regdb: upgrade 2026.03.18 -> 2026.05.30 Date: Wed, 17 Jun 2026 09:47:56 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 17 Jun 2026 07:48:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239020 From: Ankur Tyagi Signed-off-by: Ankur Tyagi (cherry picked from commit 86e35bc1ab5fb2132b06b666fe73fc9bd6446ab6) Signed-off-by: Yoann Congal --- ...ireless-regdb_2026.03.18.bb => wireless-regdb_2026.05.30.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2026.03.18.bb => wireless-regdb_2026.05.30.bb} (94%) diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2026.03.18.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2026.05.30.bb similarity index 94% rename from meta/recipes-kernel/wireless-regdb/wireless-regdb_2026.03.18.bb rename to meta/recipes-kernel/wireless-regdb/wireless-regdb_2026.05.30.bb index a70e9dd0dae..e544b729656 100644 --- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2026.03.18.bb +++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2026.05.30.bb @@ -5,7 +5,7 @@ LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "5fc0000475d8c5368ccc5222827c16aef98b1eb6a69c9b5a3e7b7e98528945ac" +SRC_URI[sha256sum] = "8a27bfc081bafed8c24dd70fab0d96f098e5a0bfcd08d3da672595f225ab8993" inherit bin_package allarch From patchwork Wed Jun 17 07:47:57 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 90339 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE336CD98E2 for ; Wed, 17 Jun 2026 07:48:12 +0000 (UTC) Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.10443.1781682490190735649 for ; Wed, 17 Jun 2026 00:48:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=VqEDs4YX; spf=pass (domain: smile.fr, ip: 209.85.221.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-461a5a39da1so1226362f8f.2 for ; Wed, 17 Jun 2026 00:48:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1781682488; x=1782287288; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=KP9il0zz9mouQgh7+AQGmUhWCvuBgcrRg4Zp2rSjuww=; b=VqEDs4YXeVapKa7EnTPNDmg3DAZtNq4zuqhqyJh00mHLOYPZmQFE05PlSDGuhDVdkI zbEb1G1I1kT9KAe1F35oM6PfDq4BZJ4VpCuWsV26wutXxLNwvrYcn9FmPFnbuDxtb/kt aZ7XkLXjZhPnHWL4gNfjKsgWitKp4tJeJioo4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781682488; x=1782287288; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=KP9il0zz9mouQgh7+AQGmUhWCvuBgcrRg4Zp2rSjuww=; b=P+s5Fs7suXaEBuVSZ51yUvagoHvcF2VTI/J0oqS8Nw95STcetS2JPDnF/VurxOHQyf 7MpPavHORAn/0lVcjEzcS3wYnPfORzmDJLaufgJhPQ1xbm0WnErHdWSU0sEvcPJHyPci anIvPtXvQ5xRqpuP8z3akwcUVFWFb67grsKnv7vMr4edzkE8q9/KbEGyONryGMkpmkVF //QNuizYk/+7FTR2/V0nr/rcReqX9yeTaqvfceA5GtZqqAy9G22pNRtwXy5YjO8YHEj0 LuIJcpNjhU7GsUfyjY/EMmAedK8IFtYqPEvrkuVB21FYVeeNn89bZQu3jfskLM165EDw BgAg== X-Gm-Message-State: AOJu0Yy5amLjj39PqWBnXhUWHVbFvW+ExhlItV+1e11DFwYAWHmAISGt lqz/7XORu+Hyjd9t0XYITh4rCf/fkirN7aZJ/0+rxGnzl9wAo8CD4JGr2cRS65t56JqpFHktS+h KW0rW X-Gm-Gg: AfdE7ck+LgbtvDI/OGcQmGXfQkGtgQNKdhniMmKez88bpJ28kG1+163ui76OT6zddLe qFDkFlteLcYgBCtP4m4H1SXHCvHRqtZmjb2hpm76g3lnBjRIVqZFJI0XW4GyyIAdhhs4Qyp58Kz xUX2Qr7dj448f8Yzd5kPmVE4GB/JhPeWRhQHFiPdTR7/m9MIVUI74lPt19WrS9f1If7NmhT7qoL Y1estomLqiMCcxpWKY1unOvprm2zJpJDkAfB6qaPdfm78vIsmpnqYcVcsJ528U4K0O8+81ovL1i VWQlh1sB8rjlkSgkAswqqITmBTc6jCB8AP8WvtqhsnvjyeJ2WfyWvGrwTnT/VYRxzPWvFWQOuD7 WftCF0TLI3R5N1YzH4K0O2AeFRSaAeAABqQfBUgxSCfs7d72Z1nXlcr3w8eaRBG/MOOQKZSrdxb HynoCg+Upk3yIwIj7GsLGoRSSN1MJcoULjagzBFA9g4rxThxoTZpAsF4hoNuS4BYPi5CW+MReRZ Ktw6Y6l95c7ZD8VbQ== X-Received: by 2002:adf:f507:0:b0:455:70bc:216d with SMTP id ffacd0b85a97d-46236462342mr3364262f8f.12.1781682488472; Wed, 17 Jun 2026 00:48:08 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00bc19bde07170effe.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:bc19:bde0:7170:effe]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4606f2dbfb1sm54721732f8f.35.2026.06.17.00.48.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jun 2026 00:48:08 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][wrynose 6/8] ca-certificates: upgrade 20260223 -> 20260601 Date: Wed, 17 Jun 2026 09:47:57 +0200 Message-ID: <9cc809d98301d3f05672b6a025857658dd3fd017.1781682367.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 17 Jun 2026 07:48:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239021 From: Ankur Tyagi License-Update: ca-certificates-local example removed[1] [1] https://salsa.debian.org/debian/ca-certificates/-/commit/0ba2e089daf128206b0a13423ceede612bb60270 Signed-off-by: Ankur Tyagi (cherry picked from commit 366cfc1103661f98020d7b7c8d249f2b7f9432af) Signed-off-by: Yoann Congal --- ...a-certificates_20260223.bb => ca-certificates_20260601.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-support/ca-certificates/{ca-certificates_20260223.bb => ca-certificates_20260601.bb} (94%) diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20260223.bb b/meta/recipes-support/ca-certificates/ca-certificates_20260601.bb similarity index 94% rename from meta/recipes-support/ca-certificates/ca-certificates_20260223.bb rename to meta/recipes-support/ca-certificates/ca-certificates_20260601.bb index 41690d1d088..1bc64fe34a4 100644 --- a/meta/recipes-support/ca-certificates/ca-certificates_20260223.bb +++ b/meta/recipes-support/ca-certificates/ca-certificates_20260601.bb @@ -5,7 +5,7 @@ This derived from Debian's CA Certificates." HOMEPAGE = "http://packages.debian.org/sid/ca-certificates" SECTION = "misc" LICENSE = "GPL-2.0-or-later & MPL-2.0" -LIC_FILES_CHKSUM = "file://debian/copyright;md5=ae5b36b514e3f12ce1aa8e2ee67f3d7e" +LIC_FILES_CHKSUM = "file://debian/copyright;md5=dab7c7cea776d1a1648deb0052c72647" # This is needed to ensure we can run the postinst at image creation time DEPENDS = "" @@ -14,7 +14,7 @@ DEPENDS:class-nativesdk = "openssl-native" # Need rehash from openssl and run-parts from debianutils PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" -SRC_URI[sha256sum] = "2fa2b00d4360f0d14ec51640ae8aea9e563956b95ea786e3c3c01c4eead42b56" +SRC_URI[sha256sum] = "7ab6301f7f34eef90a4d278647c260bc0762e0e14561f4649854cf4b0d4bea21" SRC_URI = "${DEBIAN_MIRROR}/main/c/ca-certificates/${BPN}_${PV}.tar.xz \ file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \ file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \ From patchwork Wed Jun 17 07:47:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 90341 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29D57CD98ED for ; Wed, 17 Jun 2026 07:48:12 +0000 (UTC) Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.10268.1781682491070214591 for ; Wed, 17 Jun 2026 00:48:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=3BB1p7y3; spf=pass (domain: smile.fr, ip: 209.85.221.53, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-45ef29c5561so2921331f8f.0 for ; Wed, 17 Jun 2026 00:48:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1781682489; x=1782287289; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=x4MdfBwCOsM/yIwHnL4kOnnt8u9j72yFSADMaboResc=; b=3BB1p7y3pen2SzAh5YH++kXbWspwwQZqjPYUH6Q3JfREC/e42zczKYG9ryAcQeCYwM DtjYQLluuJrrAG58XsymeED+Utwb5Rbj/H3xaW/fa4clG846ks50HWNRU6M24frgL8nG zfYk+9WaOjbxEzOgHGWOgZZ2jQSVvayxq/2iI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781682489; x=1782287289; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=x4MdfBwCOsM/yIwHnL4kOnnt8u9j72yFSADMaboResc=; b=nooisKoy7it+KjERQe7tHZdcx0J9BVwSI0DrWfWXoWFUIXa83c58ACwz2sCczxEoBm BAL24IB7KNMmI9EBanP1BW6UjuNaqTBQPO4IsvaMg8Qz1XazUimvkYhzNSu+l9PCTK2s 4Qwmv6V/8MkOpuso5PmqaYJ9TeoyvLDDFHNWKNK6W05Bhvpq8kIq3ieW3jNTJTds36Sq Fea8sYxVfhBSB/kwz5RbTLVc9Z1JWid+rnsC9Z3GbLF4oPY/K8Jtfo4+Vk0jmW5zebdP rJnMHUAdOP0Brow8vxMrjIMUBm558FqzcBVYfHg5wuQwBl/LqssUk2DN5sib4viZ7IX2 OjvA== X-Gm-Message-State: AOJu0YzwVL4bTmWaCcUs9UcyCiB2wt7gwdhgMlG3c9JidRBsaR2To8qv DZB4hWmgQ8pgXTll0JVS8eJGj3NdlYE+1YG/rcSclY6hX/9vx0Aq0OqP7oarVMh3W5zlbOV2GHe YjV3C X-Gm-Gg: AfdE7ckeSKpQPOCH+ISDX+XDSE0v45NAF1WjM0J3jZDE3+WQBoMoir5Tbx1IMOdplZn oV7R2lOfNCrmkVet49hP6XpyObqxlqBfIkPmCetaZp3L1bn1T2sjvuZJw9E7+wa8ofW5yVamMmO aJoUsDUXXlvDxAZQ/XtIEY9olbIIMQTojIGte3mUNelxja99Yi/q+nHu4KxEPvh5vMPY5ps1x2q bwd6+JQzP2IvNqFgtGSJ2l09jeyLSd9nXBI5sidQhIEOcFF9+CT3qll5PgGqhUiFKkYXNBBEVf6 DNC2M7Fz63ifkz+w8VHHT9PYUuJORIDrT/BysFHZ3Wmc2IMoB5X6ItPGKTto67uCHPekS5MHbv7 QY0vZFKOdfBvPI18y7P4jgkAW9EfUXK/CSbBpzKJ3XUMEQYfaqrYUmQ9lOD6JrfF91vO8ejT8t4 wtup1eO527VzcMM7tcr4Fmix5WG7VHxJvLtuwwvYauwZrNNJT0HWS5Kb3ddxkUEhYsW/FJXucZm 85Hmde4GriNZ9fc4w== X-Received: by 2002:a05:6000:194f:b0:45e:fa38:c899 with SMTP id ffacd0b85a97d-462369304dbmr3583763f8f.4.1781682489242; Wed, 17 Jun 2026 00:48:09 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00bc19bde07170effe.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:bc19:bde0:7170:effe]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4606f2dbfb1sm54721732f8f.35.2026.06.17.00.48.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jun 2026 00:48:08 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][wrynose 7/8] libusb1: fix CVE-2026-23679 and CVE-2026-47104 Date: Wed, 17 Jun 2026 09:47:58 +0200 Message-ID: <8068c867330345bfea046542c91ad3f83552c265.1781682367.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 17 Jun 2026 07:48:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239022 From: Anil Dongare - Pick the upstream patch [1] as mentioned in [2] and [3]. included in v1.0.30. [1] https://github.com/libusb/libusb/commit/bc0886173ea15b8cc9bba2918f58a97a7f185231 [2] https://security-tracker.debian.org/tracker/CVE-2026-23679. [3] https://security-tracker.debian.org/tracker/CVE-2026-47104. Signed-off-by: Anil Dongare [YC: Fixed the version containing the commit] Signed-off-by: Yoann Congal --- .../CVE-2026-23679_CVE-2026-47104.patch | 89 +++++++++++++++++++ meta/recipes-support/libusb/libusb1_1.0.29.bb | 1 + 2 files changed, 90 insertions(+) create mode 100644 meta/recipes-support/libusb/libusb1/CVE-2026-23679_CVE-2026-47104.patch diff --git a/meta/recipes-support/libusb/libusb1/CVE-2026-23679_CVE-2026-47104.patch b/meta/recipes-support/libusb/libusb1/CVE-2026-23679_CVE-2026-47104.patch new file mode 100644 index 00000000000..f15f089f9f6 --- /dev/null +++ b/meta/recipes-support/libusb/libusb1/CVE-2026-23679_CVE-2026-47104.patch @@ -0,0 +1,89 @@ +From 04a9508e07582f553e9ea767f9e4a9b93839914b Mon Sep 17 00:00:00 2001 +From: MarkLee131 +Date: Sat, 25 Apr 2026 18:33:17 +0800 +Subject: [PATCH] descriptor: Fix two memory-safety bugs in malformed config + descriptor handling + +Two issues reachable from a malformed config descriptor returned by an +attached USB device, both surfaced by the same libFuzzer + ASan run. + +1) parse_interface() reads bNumEndpoints from the interface descriptor and + increments usb_interface->num_altsetting before entering the inner loop + that skips class/vendor specific descriptors ahead of the endpoint + array. If that loop's bLength > size short-read branch fires, the + function returns before the endpoint array is allocated, leaving the + caller with bNumEndpoints > 0 and endpoint == NULL. libusb.h documents + endpoint as an array sized by bNumEndpoints, and the testlibusb and + xusb examples both iterate it accordingly, so a NULL deref follows. + Reset bNumEndpoints to 0 before returning so the invariant holds. + +2) The first-pass loop in parse_iad_array() compares header.bLength + against the original size argument instead of the remaining bytes, + so a single descriptor with bLength == size - 1 lets consumed reach + size - 1 and the next iteration enters with only one byte of buffer + left. The buf[1] read on the second line of the loop body lands one + byte past the malloc allocation that backs the descriptor data. The + sibling parsers parse_configuration() and parse_interface() in the + same file already use the remaining-bytes form. Switch the IAD parser + loop guard and bound check to match. + +Both code paths are reachable from public APIs (libusb_get_*_config_descriptor +and libusb_get_*_interface_association_descriptors), with the malformed +input supplied by the attached device. Minimal reproducers are 20 and +9 bytes respectively. + +Fixes #1813 + +CVE: CVE-2026-23679 CVE-2026-47104 +Upstream-Status: Backport [https://github.com/libusb/libusb/commit/bc0886173ea15b8cc9bba2918f58a97a7f185231] + +Backport Changes: +- The upstream version_nano.h bump is omitted because this is a security + backport to libusb 1.0.29, not a version upgrade. + +Signed-off-by: MarkLee131 +(cherry picked from commit bc0886173ea15b8cc9bba2918f58a97a7f185231) +Signed-off-by: Anil Dongare +--- + libusb/descriptor.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/libusb/descriptor.c b/libusb/descriptor.c +index 870883a..7d4f118 100644 +--- a/libusb/descriptor.c ++++ b/libusb/descriptor.c +@@ -241,6 +241,10 @@ static int parse_interface(libusb_context *ctx, + usbi_warn(ctx, + "short extra intf desc read %d/%u", + size, header->bLength); ++ /* Keep the invariant: bNumEndpoints > 0 implies ++ * endpoint != NULL. The endpoint array isn't ++ * allocated yet on this early return. */ ++ ifp->bNumEndpoints = 0; + return parsed; + } + +@@ -1365,7 +1369,7 @@ static int parse_iad_array(struct libusb_context *ctx, + + /* First pass: Iterate through desc list, count number of IADs */ + iad_array->length = 0; +- while (consumed < size) { ++ while (size - consumed >= DESC_HEADER_LENGTH) { + header.bLength = buf[0]; + header.bDescriptorType = buf[1]; + if (header.bLength < DESC_HEADER_LENGTH) { +@@ -1373,9 +1377,9 @@ static int parse_iad_array(struct libusb_context *ctx, + header.bLength); + return LIBUSB_ERROR_IO; + } +- else if (header.bLength > size) { ++ else if (header.bLength > size - consumed) { + usbi_warn(ctx, "short config descriptor read %d/%u", +- size, header.bLength); ++ size - consumed, header.bLength); + return LIBUSB_ERROR_IO; + } + if (header.bDescriptorType == LIBUSB_DT_INTERFACE_ASSOCIATION) +-- +2.51.0 + diff --git a/meta/recipes-support/libusb/libusb1_1.0.29.bb b/meta/recipes-support/libusb/libusb1_1.0.29.bb index 856e32d1c62..d287ec171fe 100644 --- a/meta/recipes-support/libusb/libusb1_1.0.29.bb +++ b/meta/recipes-support/libusb/libusb1_1.0.29.bb @@ -14,6 +14,7 @@ BBCLASSEXTEND = "native nativesdk" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/libusb-${PV}.tar.bz2 \ file://run-ptest \ + file://CVE-2026-23679_CVE-2026-47104.patch \ " GITHUB_BASE_URI = "https://github.com/libusb/libusb/releases" From patchwork Wed Jun 17 07:47:59 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 90346 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E233CD98F7 for ; Wed, 17 Jun 2026 07:48:14 +0000 (UTC) Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.10445.1781682492255574301 for ; Wed, 17 Jun 2026 00:48:12 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=VJqi4w+d; spf=pass (domain: smile.fr, ip: 209.85.221.50, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-45f3cf907ceso2869040f8f.2 for ; Wed, 17 Jun 2026 00:48:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1781682490; x=1782287290; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7itocfpSS/rLXFULwStfObzERJOPBbEqJaNa5bASe64=; b=VJqi4w+d+X1exq4q1V34NunbQs+KnV1h0NKY9Eng1sylJaJAkY5nYqC9R+nTnAsVBX Hs2fU9pWe/jo1zsl0Ie0QjdciGtaqgvPO9n0/EaNbwgD5ByBUcrqB3FtOMZkDcSDRO4N fzhee8ee7Ym+vUW9IOUX35b9jkY/gmowdRreY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781682490; x=1782287290; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=7itocfpSS/rLXFULwStfObzERJOPBbEqJaNa5bASe64=; b=b/giCZi7gv4bCmrIKADHhhUCX1vd9gXiaiu1K5pk25sdqa95d0f5I4L/m0gGNfPwiq yBBD2gBRT07aeA/wyqBAJtZF2Xb4mSV3DU+sI+tfSVXT/AE78beal7UNvhxMwbIjfzW9 9j+kbDMCxgAJsaPBW1fmP+iLYe1PCxR+lE5phVmZtcQd10Qqy4qrR6yyWdWc/oq93stE wYkKjEveDCmQhGmmuxV6VP+iyZjfkz1jde7oIBtuJ/qxIG+FaX54YtAlxKn0CaPlNqBb yRyAJG4D1byA2ggg+dDeIGTrCfIf7utgPU9pYShd2h/oMg6MA/8d0pX+0qUrE20SVfdF kbZA== X-Gm-Message-State: AOJu0YykLn0ntAfPrl1+PPdsTclLLsskdtWqQ59t2wRcYRb/sUecgorR 638wVPYmzhPfVhsmCmVYFadYWLXjEfCa/W7wTkeziYw+MZjtHEJPurQ1h+PZgeKqCAKiLwM/RIf XPtRt X-Gm-Gg: AfdE7cnJKJLuhPHa3kMslM7eEgGkDTmI0lkyTsyikm3WLH4MyoVlI/sYAIg2ksZPjvO 6hyQRV3GCfVWKKes9HWG2JRpMJZg+UbafVGfwJEQEwd6y+7z9YEIDaN3O9ZJRKxupL1rXqr0EHE i6uIwsGowuU+RXMXaupCxe7gkwDqgk/cxjpJfTB5SalQdWzc+qYkH7lQWEiHet9z16Bsg81S17r +7jEvuVZdXp3KfPmptDPeZHiKjLMLvnsQOi7ZrydkTQkgyLPu470D2UELspn2YAoWZbhDPrivff ySCl9W5vCzuFKq8aqHNdck6PsWjBzuAzmSwabddSCg49b7Zda8EEDrN8YwTpqbxTHYkwsJSDL8M YoI441aIEeA1okiPHgWSV7VpMwQdsuxA+Sbg72am5t+Hj4+1+jP0I7RccNeDkYIaQXHJ6282rST GWSW3rAuz1cQt4Fk07wFghwvHxqJCJmuQG7fhEw0XcdCp5BllVio2rwXCTegUFpRUSRIYSHvKrD vdds06Tl/bU5UH0ag== X-Received: by 2002:adf:ffca:0:b0:461:a161:8102 with SMTP id ffacd0b85a97d-46237e50407mr3702288f8f.28.1781682490326; Wed, 17 Jun 2026 00:48:10 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00bc19bde07170effe.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:bc19:bde0:7170:effe]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4606f2dbfb1sm54721732f8f.35.2026.06.17.00.48.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jun 2026 00:48:09 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][wrynose 8/8] openssl: upgrade 3.5.6 -> 3.5.7 Date: Wed, 17 Jun 2026 09:47:59 +0200 Message-ID: <530fb9ea9ba6ffe212566d3b95d17b519c52c769.1781682367.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 17 Jun 2026 07:48:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239023 From: Peter Marko Release information [1]: OpenSSL 3.5.7 is a security patch release. The most severe CVE fixed in this release is High. This release incorporates the following bug fixes and mitigations: * Fixed heap use-after-free in PKCS7_verify(). (CVE-2026-45447) * Fixed CMS AuthEnvelopedData processing may accept forged messages. (CVE-2026-34182) * Fixed unbounded memory growth in the QUIC PATH_CHALLENGE handler. (CVE-2026-34183) * Fixed NULL pointer dereference in QUIC server initial packet handling. (CVE-2026-42764) * Fixed AES-OCB IV ignored on EVP_Cipher() path. (CVE-2026-45445) * Fixed possible heap buffer overflow in ASN.1 multibyte string conversion. (CVE-2026-7383) * Fixed out-of-bounds read in CMS password-based decryption. (CVE-2026-9076) * Fixed heap buffer over-read in ASN.1 content parsing. (CVE-2026-34180) * Fixed PKCS#12 files with PBMAC1 are accepted with short HMAC keys. (CVE-2026-34181) * Fixed possible NULL dereference in password-dased CMS decryption. (CVE-2026-42766) * Fixed NULL pointer dereference in CRMF EncryptedValue decryption. (CVE-2026-42767) * Fixed multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt(). (CVE-2026-42768) * Fixed trust anchor substitution via cert/issuer typo in CMP rootCaKeyUpdate. (CVE-2026-42769) * Fixed FFC-DH peer validation uses attacker-supplied q. (CVE-2026-42770) * Fixed incorrect tag processing for empty messages in AES-GCM-SIV and AES-SIV modes. (CVE-2026-45446) Refreshed patches. Installed new test files to pass ptests. [1] https://github.com/openssl/openssl/blob/openssl-3.5/NEWS.md#major-changes-between-openssl-356-and-openssl-357-9-jun-2026 (From OE-Core rev: 9365ac47f994a7d6be92b8c011c51ecf48e8ef87) Signed-off-by: Peter Marko Signed-off-by: Richard Purdie Signed-off-by: Peter Marko (cherry picked from commit 9365ac47f994a7d6be92b8c011c51ecf48e8ef87) Signed-off-by: Yoann Congal --- .../openssl/0001-Configure-do-not-tweak-mips-cflags.patch | 2 +- .../openssl/{openssl_3.5.6.bb => openssl_3.5.7.bb} | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) rename meta/recipes-connectivity/openssl/{openssl_3.5.6.bb => openssl_3.5.7.bb} (98%) diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch index cf5ff356ee7..cd8906df675 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch @@ -20,7 +20,7 @@ diff --git a/Configure b/Configure index fff97bd..5ee54c1 100755 --- a/Configure +++ b/Configure -@@ -1552,16 +1552,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) +@@ -1557,16 +1557,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) push @{$config{shared_ldflag}}, "-mno-cygwin"; } diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.6.bb b/meta/recipes-connectivity/openssl/openssl_3.5.7.bb similarity index 98% rename from meta/recipes-connectivity/openssl/openssl_3.5.6.bb rename to meta/recipes-connectivity/openssl/openssl_3.5.7.bb index 66856544721..212879dfa35 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.5.6.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.5.7.bb @@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "deae7c80cba99c4b4f940ecadb3c3338b13cb77418409238e57d7f31f2a3b736" +SRC_URI[sha256sum] = "a8c0d28a529ca480f9f36cf5792e2cd21984552a3c8e4aa11a24aa31aeac98e8" inherit lib_package multilib_header multilib_script ptest perlnative manpages MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" @@ -223,7 +223,7 @@ do_install_ptest() { ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps cd ${S} - find test/certs test/ct test/d2i-tests test/recipes test/ocsp-tests test/ssl-tests test/smime-certs -type f -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; + find test/certs test/ct test/d2i-tests test/recipes test/ocsp-tests test/ssl-tests test/smime-certs test/smime-eml -type f -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; find apps test -name \*.cnf -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; find apps test -name \*.der -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; find apps test -name \*.pem -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;