* [OE-core][kirkstone 0/9] Patch review
@ 2022-05-23 13:59 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-05-23 13:59 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by end
of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3692
The following changes since commit ec9e9497730f0a9c8ad3d696c8cdcec06267aacf:
base-passwd: Disable shell for default users (2022-05-16 13:59:44 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (1):
mmc-utils: upgrade to latest revision
Claudius Heine (1):
classes: rootfs-postcommands: add skip option to overlayfs_qa_check
Marta Rybczynska (1):
cve-check: Fix report generation
Richard Purdie (2):
staging: Fix rare sysroot corruption issue
selftest/imagefeatures/overlayfs: Always append to DISTRO_FEATURES
Robert Joslyn (1):
curl: Backport CVE fixes
Samuli Piippo (1):
binutils: Bump to latest 2.38 release branch
Steve Sakoman (1):
python3: fix reproducibility issue with python3-core
wangmy (1):
librepo: upgrade 1.14.2 -> 1.14.3
meta/classes/cve-check.bbclass | 18 +-
meta/classes/rootfs-postcommands.bbclass | 10 +-
meta/classes/staging.bbclass | 24 +
meta/lib/oeqa/selftest/cases/imagefeatures.py | 2 +-
meta/lib/oeqa/selftest/cases/overlayfs.py | 36 +-
.../binutils/binutils-2.38.inc | 2 +-
.../{librepo_1.14.2.bb => librepo_1.14.3.bb} | 2 +-
meta/recipes-devtools/mmc/mmc-utils_git.bb | 2 +-
.../recipes-devtools/python/python3_3.10.4.bb | 5 +
.../curl/curl/CVE-2022-22576.patch | 145 ++++++
.../curl/curl/CVE-2022-27774-1.patch | 45 ++
.../curl/curl/CVE-2022-27774-2.patch | 80 +++
.../curl/curl/CVE-2022-27774-3.patch | 83 ++++
.../curl/curl/CVE-2022-27774-4.patch | 35 ++
.../curl/curl/CVE-2022-27775.patch | 37 ++
.../curl/curl/CVE-2022-27776.patch | 115 +++++
.../curl/curl/CVE-2022-27779.patch | 42 ++
.../curl/curl/CVE-2022-27780.patch | 33 ++
.../curl/curl/CVE-2022-27781.patch | 43 ++
.../curl/curl/CVE-2022-27782-1.patch | 458 ++++++++++++++++++
.../curl/curl/CVE-2022-27782-2.patch | 71 +++
.../curl/curl/CVE-2022-30115.patch | 82 ++++
meta/recipes-support/curl/curl_7.82.0.bb | 16 +-
23 files changed, 1362 insertions(+), 24 deletions(-)
rename meta/recipes-devtools/librepo/{librepo_1.14.2.bb => librepo_1.14.3.bb} (94%)
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-22576.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-2.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-3.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-4.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27775.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27776.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27779.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27780.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27781.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-2.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-30115.patch
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2022-11-13 14:12 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-11-13 14:12 UTC (permalink / raw)
To: openembedded-core
Please review this set of patchesd for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4468
The following changes since commit 0c0723757fbba9a4b88c0f98477a18d1e220da2e:
mirrors.bbclass: use shallow tarball for binutils-native (2022-11-06 06:00:05 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (2):
lttng-modules: upgrade 2.13.4 -> 2.13.5
quilt: backport a patch to address grep 3.8 failures
Hitendra Prajapati (1):
QEMU: CVE-2022-3165 VNC: integer underflow in vnc_client_cut_text_ext
leads to CPU exhaustion
Michael Opdenacker (1):
create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED
Narpat Mali (1):
python3-mako: backport fix for CVE-2022-40023
Ross Burton (3):
pixman: backport fix for CVE-2022-44638
sanity: check for GNU tar specifically
qemu: add io_uring PACKAGECONFIG
ciarancourtney (1):
wic: swap partitions are not added to fstab
meta/classes/create-spdx.bbclass | 2 -
meta/classes/sanity.bbclass | 8 +
.../python/python3-mako/CVE-2022-40023.patch | 119 +++++++++++++++
.../python/python3-mako_1.1.6.bb | 2 +
meta/recipes-devtools/qemu/qemu.inc | 3 +-
.../qemu/qemu/CVE-2022-3165.patch | 61 ++++++++
meta/recipes-devtools/quilt/quilt.inc | 1 +
.../quilt/quilt/fix-grep-3.8.patch | 144 ++++++++++++++++++
.../xorg-lib/pixman/CVE-2022-44638.patch | 33 ++++
.../xorg-lib/pixman_0.40.0.bb | 1 +
.../lttng-modules/0001-fix-compaction.patch | 68 ---------
...c-fix-tracepoint-mm_page_alloc_zone_.patch | 106 -------------
...oduce-kfree_skb_reason-v5.15.58.v5.1.patch | 53 -------
...ags-parameter-from-aops-write_begin-.patch | 76 ---------
...Fix-type-of-cpu-in-trace-event-v5.19.patch | 124 ---------------
...ules_2.13.4.bb => lttng-modules_2.13.5.bb} | 7 +-
scripts/lib/wic/plugins/imager/direct.py | 2 +-
17 files changed, 373 insertions(+), 437 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3-mako/CVE-2022-40023.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch
create mode 100644 meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch
create mode 100644 meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch
rename meta/recipes-kernel/lttng/{lttng-modules_2.13.4.bb => lttng-modules_2.13.5.bb} (78%)
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2023-01-17 14:08 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2023-01-17 14:08 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4800
The following changes since commit 4760fac939a6204e3cb7dcd3699cd9a2508f9dee:
devtool: process local files only for the main branch (2023-01-12 04:56:26 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bhabu Bindu (1):
qemu: Fix CVE-2022-4144
Daniel Gomez (1):
gtk-icon-cache: Fix GTKIC_CMD if-else condition
KARN JYE LAU (1):
freetype:update mirror site.
Martin Jansa (1):
ffmpeg: refresh patches to apply cleanly
Narpat Mali (3):
python3-setuptools: fix for CVE-2022-40897
python3-wheel: fix for CVE-2022-40898
python3-git: fix for CVE-2022-24439
Yash Shinde (1):
glibc: stable 2.35 branch updates.
Yogita Urade (1):
libksba: fix CVE-2022-47629
meta/classes/gtk-icon-cache.bbclass | 2 +-
meta/recipes-core/glibc/glibc-version.inc | 2 +-
...-git-CVE-2022-24439-fix-from-PR-1518.patch | 97 ++++
...-git-CVE-2022-24439-fix-from-PR-1521.patch | 488 ++++++++++++++++++
.../python/python3-git_3.1.27.bb | 4 +
...-of-whitespace-to-search-backtrack.-.patch | 31 ++
.../python/python3-setuptools_59.5.0.bb | 1 +
...tential-DoS-attack-via-WHEEL_INFO_RE.patch | 32 ++
.../python/python3-wheel_0.37.1.bb | 4 +-
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2022-4144.patch | 99 ++++
.../freetype/freetype_2.11.1.bb | 2 +-
...c-stop-accessing-out-of-bounds-frame.patch | 19 +-
...c-stop-accessing-out-of-bounds-frame.patch | 7 +-
...-vp3-Add-missing-check-for-av_malloc.patch | 12 +-
...overflow-in-the-CRL-signature-parser.patch | 72 +++
meta/recipes-support/libksba/libksba_1.6.2.bb | 3 +-
17 files changed, 848 insertions(+), 28 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1518.patch
create mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1521.patch
create mode 100644 meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch
create mode 100644 meta/recipes-devtools/python/python3-wheel/0001-Fixed-potential-DoS-attack-via-WHEEL_INFO_RE.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
create mode 100644 meta/recipes-support/libksba/libksba/0001-Fix-an-integer-overflow-in-the-CRL-signature-parser.patch
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2023-06-20 15:37 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2023-06-20 15:37 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5492
The following changes since commit 0e17a5a4f0e3301bf78f77bb5ca4aaf3e4dbc7af:
Revert "ipk: Decode byte data to string in manifest handling" (2023-06-17 05:18:44 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (1):
nasm: fix CVE-2022-46457
Bruce Ashfield (1):
kernel: don't force PAHOLE=false
Chen Qi (1):
staging.bbclass: do not add extend_recipe_sysroot to prefuncs of
prepare_recipe_sysroot
Lorenzo Arena (1):
conf: add nice level to the hash config ignred variables
Martin Jansa (1):
go.bbclass: don't use test to check output from ls
Pavel Zhukov (1):
lib/terminal.py: Add urxvt terminal
Ranjitsinh Rathod (1):
kmscube: Correct DEPENDS to avoid overwrite
Thomas Roos (1):
oeqa/selftest/cases/devtool.py: skip all tests require folder a git
repo
Wang Mingyu (1):
iso-codes: upgrade 4.13.0 -> 4.15.0
meta/classes/go.bbclass | 2 +-
meta/classes/kernel.bbclass | 2 +-
meta/classes/staging.bbclass | 2 +-
meta/conf/bitbake.conf | 2 +-
meta/lib/oe/terminal.py | 4 ++
meta/lib/oeqa/selftest/cases/devtool.py | 8 +++
.../nasm/nasm/CVE-2022-46457.patch | 50 +++++++++++++++++++
meta/recipes-devtools/nasm/nasm_2.15.05.bb | 1 +
meta/recipes-graphics/kmscube/kmscube_git.bb | 3 +-
...so-codes_4.13.0.bb => iso-codes_4.15.0.bb} | 2 +-
10 files changed, 69 insertions(+), 7 deletions(-)
create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2022-46457.patch
rename meta/recipes-support/iso-codes/{iso-codes_4.13.0.bb => iso-codes_4.15.0.bb} (94%)
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2024-03-07 23:37 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2024-03-07 23:37 UTC (permalink / raw)
To: openembedded-core
Unfortunately this series of linux-yocto version bumps has caused a
number of issues with adding and resizing partitions. The problem was
introduced in 5.15.132 and has not been fixed in any of the subsequent
version bumps.
Bruce and have decided to revert this series until we have an acceptable fix.
Please have any comments back by end of day Monday, March 11.
The following changes since commit e5aae8a371717215a7d78459788ad67dfaefe37e:
golang: Fix CVE-2023-45289 & CVE-2023-45290 (2024-03-07 04:18:33 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Steve Sakoman (9):
Revert "linux-yocto/5.15: update CVE exclusions"
Revert "linux-yocto/5.15: update to v5.15.148"
Revert "linux-yocto/5.15: update CVE exclusions"
Revert "linux-yocto/5.15: update to v5.15.147"
Revert "linux-yocto/5.15: update CVE exclusions"
Revert "linux-yocto/5.15: update to v5.15.146"
Revert "linux-yocto/5.15: update to v5.15.145"
Revert "linux-yocto/5.15: update to v5.15.142"
Revert "linux-yocto/5.15: update to v5.15.141"
.../linux/cve-exclusion_5.15.inc | 372 ++----------------
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +-
4 files changed, 57 insertions(+), 353 deletions(-)
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2024-04-03 3:46 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2024-04-03 3:46 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, April 4
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6758
The following changes since commit 1b5405955c7c2579ed1f52522e2e177d0281fa33:
glibc: Fix subscript typos for get_nscd_addresses (2024-03-19 03:33:32 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Claus Stovgaard (1):
gcc: Backport sanitizer fix for 32-bit ALSR
Colin McAllister (1):
common-licenses: Backport missing license
Lee Chee Yang (2):
xwayland: fix CVE-2023-6816 CVE-2024-0408/0409
tiff: fix CVE-2023-52356 CVE-2023-6277
Meenali Gupta (1):
expat: fix CVE-2023-52425
Tan Wen Yan (1):
python3-urllib3: update to v1.26.18
Vijay Anusuri (2):
curl: backport Debian patch for CVE-2024-2398
qemu: Fix for CVE-2023-6683
aszh07 (1):
nghttp2: fix CVE-2023-44487
.../LGPL-3.0-with-zeromq-exception | 181 ++++
.../expat/expat/CVE-2023-52425-0001.patch | 40 +
.../expat/expat/CVE-2023-52425-0002.patch | 87 ++
.../expat/expat/CVE-2023-52425-0003.patch | 222 +++++
.../expat/expat/CVE-2023-52425-0004.patch | 42 +
.../expat/expat/CVE-2023-52425-0005.patch | 69 ++
.../expat/expat/CVE-2023-52425-0006.patch | 67 ++
.../expat/expat/CVE-2023-52425-0007.patch | 159 +++
.../expat/expat/CVE-2023-52425-0008.patch | 95 ++
.../expat/expat/CVE-2023-52425-0009.patch | 52 +
.../expat/expat/CVE-2023-52425-0010.patch | 111 +++
.../expat/expat/CVE-2023-52425-0011.patch | 89 ++
.../expat/expat/CVE-2023-52425-0012.patch | 87 ++
meta/recipes-core/expat/expat_2.5.0.bb | 12 +
meta/recipes-devtools/gcc/gcc-11.4.inc | 1 +
.../gcc/gcc/0031-gcc-sanitizers-fix.patch | 63 ++
..._1.26.17.bb => python3-urllib3_1.26.18.bb} | 2 +-
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2023-6683.patch | 92 ++
.../xwayland/xwayland/CVE-2023-6816.patch | 57 ++
.../xwayland/xwayland/CVE-2024-0408.patch | 65 ++
.../xwayland/xwayland/CVE-2024-0409.patch | 47 +
.../xwayland/xwayland_22.1.8.bb | 3 +
.../libtiff/tiff/CVE-2023-52356.patch | 54 +
.../libtiff/tiff/CVE-2023-6277-1.patch | 178 ++++
.../libtiff/tiff/CVE-2023-6277-2.patch | 151 +++
.../libtiff/tiff/CVE-2023-6277-3.patch | 46 +
.../libtiff/tiff/CVE-2023-6277-4.patch | 93 ++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 5 +
.../curl/curl/CVE-2024-2398.patch | 89 ++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
.../nghttp2/nghttp2/CVE-2023-44487.patch | 927 ++++++++++++++++++
.../recipes-support/nghttp2/nghttp2_1.47.0.bb | 1 +
33 files changed, 3188 insertions(+), 1 deletion(-)
create mode 100644 meta/files/common-licenses/LGPL-3.0-with-zeromq-exception
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0003.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0004.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0005.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0006.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0007.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0008.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0009.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0011.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0012.patch
create mode 100644 meta/recipes-devtools/gcc/gcc/0031-gcc-sanitizers-fix.patch
rename meta/recipes-devtools/python/{python3-urllib3_1.26.17.bb => python3-urllib3_1.26.18.bb} (86%)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2023-6816.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-0408.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-0409.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-1.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-2.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-3.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-4.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2024-2398.patch
create mode 100644 meta/recipes-support/nghttp2/nghttp2/CVE-2023-44487.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2024-06-22 11:57 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2024-06-22 11:57 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and hjave comments back by
end of day Tuesday, June 25
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7065
The following changes since commit ab2649ef6c83f0ae7cac554a72e6bea4dcda0e99:
build-appliance-image: Update to kirkstone head revision (2024-06-01 19:12:27 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Changqing Li (1):
man-pages: remove conflict pages
Deepthi Hemraj (1):
glibc: stable 2.35 branch updates
Khem Raj (1):
gobject-introspection: Do not hardcode objdump name
Peter Marko (1):
glib-2.0: patch CVE-2024-34397
Siddharth (1):
openssl: Upgrade 3.0.13 -> 3.0.14
Siddharth Doshi (1):
libxml2: Security fix for CVE-2024-34459
Thomas Perrot (1):
man-pages: add an alternative link name for crypt_r.3
Yogita Urade (2):
acpica: fix CVE-2024-24856
ruby: fix CVE-2024-27280
.../openssl/openssl/CVE-2024-2511.patch | 122 ---
.../openssl/openssl/CVE-2024-4603.patch | 180 ----
.../{openssl_3.0.13.bb => openssl_3.0.14.bb} | 4 +-
.../glib-2.0/glib-2.0/CVE-2024-34397_01.patch | 129 +++
.../glib-2.0/glib-2.0/CVE-2024-34397_02.patch | 62 ++
.../glib-2.0/glib-2.0/CVE-2024-34397_03.patch | 985 ++++++++++++++++++
.../glib-2.0/glib-2.0/CVE-2024-34397_04.patch | 253 +++++
.../glib-2.0/glib-2.0/CVE-2024-34397_05.patch | 88 ++
.../glib-2.0/glib-2.0/CVE-2024-34397_06.patch | 263 +++++
.../glib-2.0/glib-2.0/CVE-2024-34397_07.patch | 45 +
.../glib-2.0/glib-2.0/CVE-2024-34397_08.patch | 168 +++
.../glib-2.0/glib-2.0/CVE-2024-34397_09.patch | 81 ++
.../glib-2.0/glib-2.0/CVE-2024-34397_10.patch | 108 ++
.../glib-2.0/glib-2.0/CVE-2024-34397_11.patch | 133 +++
.../glib-2.0/glib-2.0/CVE-2024-34397_12.patch | 173 +++
.../glib-2.0/glib-2.0/CVE-2024-34397_13.patch | 513 +++++++++
.../glib-2.0/glib-2.0/CVE-2024-34397_14.patch | 75 ++
.../glib-2.0/glib-2.0/CVE-2024-34397_15.patch | 47 +
.../glib-2.0/glib-2.0/CVE-2024-34397_16.patch | 62 ++
.../glib-2.0/glib-2.0/CVE-2024-34397_17.patch | 121 +++
.../glib-2.0/glib-2.0/CVE-2024-34397_18.patch | 50 +
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 18 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../libxml/libxml2/CVE-2024-34459.patch | 30 +
meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 +
.../ruby/ruby/CVE-2024-27280.patch | 87 ++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
.../acpica/acpica/CVE-2024-24856.patch | 33 +
.../acpica/acpica_20211217.bb | 4 +-
.../man-pages/man-pages_5.13.bb | 12 +-
.../gobject-introspection_1.72.0.bb | 2 +-
31 files changed, 3536 insertions(+), 316 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.13.bb => openssl_3.0.14.bb} (98%)
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_01.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_02.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_03.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_04.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_05.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_06.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_07.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_08.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_09.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_10.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_11.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_12.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_13.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_14.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_15.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_16.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_17.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_18.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27280.patch
create mode 100644 meta/recipes-extended/acpica/acpica/CVE-2024-24856.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2024-12-17 20:54 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2024-12-17 20:54 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, December 19
Passed a-full on autobuilder:
https://valkyrie.yoctoproject.org/#/builders/29/builds/663
The following changes since commit b132b817f5931b290e5348dd4a17fbfdc5c6e2c4:
dbus: disable assertions and enable only modular tests (2024-12-10 05:38:29 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alex Kiernan (1):
base-passwd: Add the sgx group
Alexandre Belloni (1):
base-passwd: fix patchreview warning
Ernst Persson (1):
package.bbclass: Use shlex instead of deprecated pipes
Jiaying Song (1):
subversion: fix CVE-2024-46901
Louis Rannou (1):
base-passwd: add the wheel group
Peter Kjellerstedt (3):
base-passwd: Regenerate the patches
base-passwd: Update to 3.5.52
base-passwd: Update the status for two patches
Yogita Urade (1):
xserver-xorg: fix CVE-2024-9632
meta/classes/package.bbclass | 4 +-
.../0001-Add-a-shutdown-group.patch | 26 +++
.../0001-base-passwd-Add-the-sgx-group.patch | 30 ++++
...nstead-of-bin-bash-for-the-root-user.patch | 23 +++
...t-since-we-do-not-have-an-etc-shadow.patch | 21 +++
...put-group-for-the-dev-input-devices.patch} | 17 +-
.../{kvm.patch => 0005-Add-kvm-group.patch} | 2 +-
...ble-to-build-without-debconf-support.patch | 129 ++++++++++++++
...-to-disable-the-generation-of-the-do.patch | 46 +++++
.../base-passwd/0008-Add-wheel-group.patch | 20 +++
.../base-passwd/add_shutdown.patch | 19 ---
.../base-passwd/disable-docs.patch | 24 ---
.../base-passwd/disable-shell.patch | 57 -------
.../base-passwd/base-passwd/nobash.patch | 15 --
.../base-passwd/base-passwd/noshadow.patch | 14 --
...passwd_3.5.29.bb => base-passwd_3.5.52.bb} | 30 ++--
.../subversion/CVE-2024-46901.patch | 161 ++++++++++++++++++
.../subversion/subversion_1.14.2.bb | 3 +-
.../xserver-xorg/CVE-2024-9632.patch | 58 +++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 1 +
20 files changed, 547 insertions(+), 153 deletions(-)
create mode 100644 meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch
create mode 100644 meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch
create mode 100644 meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch
create mode 100644 meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch
rename meta/recipes-core/base-passwd/base-passwd/{input.patch => 0004-Add-an-input-group-for-the-dev-input-devices.patch} (42%)
rename meta/recipes-core/base-passwd/base-passwd/{kvm.patch => 0005-Add-kvm-group.patch} (88%)
create mode 100644 meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch
create mode 100644 meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch
create mode 100644 meta/recipes-core/base-passwd/base-passwd/0008-Add-wheel-group.patch
delete mode 100644 meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch
delete mode 100644 meta/recipes-core/base-passwd/base-passwd/disable-docs.patch
delete mode 100644 meta/recipes-core/base-passwd/base-passwd/disable-shell.patch
delete mode 100644 meta/recipes-core/base-passwd/base-passwd/nobash.patch
delete mode 100644 meta/recipes-core/base-passwd/base-passwd/noshadow.patch
rename meta/recipes-core/base-passwd/{base-passwd_3.5.29.bb => base-passwd_3.5.52.bb} (79%)
create mode 100644 meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-9632.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2025-07-04 15:28 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-07-04 15:28 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, July 8
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1949
The following changes since commit 75e54301c5076eb0454aee33c870adf078f563fd:
build-appliance-image: Update to kirkstone head revision (2025-06-27 08:10:04 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (6):
xwayland: fix CVE-2025-49175
xwayland: fix CVE-2025-49176
xwayland: fix CVE-2025-49177
xwayland: fix CVE-2025-49178
xwayland: fix CVE-2025-49178
xwayland: fix CVE-2025-49180
Chen Qi (1):
systemd: backport patches to fix CVE-2025-4598
Colin Pinnell McAllister (1):
libarchive: Fix CVE-2025-5914
Yogita Urade (1):
python3-urllib3: fix CVE-2025-50181
.../systemd/systemd/CVE-2025-4598-0001.patch | 92 ++++++++
.../systemd/systemd/CVE-2025-4598-0002.patch | 106 +++++++++
.../systemd/systemd/CVE-2025-4598-0003.patch | 144 ++++++++++++
.../systemd/systemd/CVE-2025-4598-0004.patch | 36 +++
meta/recipes-core/systemd/systemd_250.14.bb | 4 +
.../python3-urllib3/CVE-2025-50181.patch | 214 ++++++++++++++++++
.../python/python3-urllib3_1.26.18.bb | 4 +
.../libarchive/libarchive/CVE-2025-5914.patch | 46 ++++
.../libarchive/libarchive_3.6.2.bb | 1 +
.../xwayland/xwayland/CVE-2025-49175.patch | 92 ++++++++
.../xwayland/CVE-2025-49176-0001.patch | 93 ++++++++
.../xwayland/CVE-2025-49176-0002.patch | 38 ++++
.../xwayland/xwayland/CVE-2025-49177.patch | 55 +++++
.../xwayland/xwayland/CVE-2025-49178.patch | 50 ++++
.../xwayland/xwayland/CVE-2025-49179.patch | 69 ++++++
.../xwayland/xwayland/CVE-2025-49180.patch | 45 ++++
.../xwayland/xwayland_22.1.8.bb | 7 +
17 files changed, 1096 insertions(+)
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0001.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0002.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0003.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0004.patch
create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-50181.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-5914.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49175.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49176-0001.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49176-0002.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49177.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49178.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49179.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49180.patch
--
2.43.0
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2025-08-19 20:49 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-08-19 20:49 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Thursday, August 21
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2236
The following changes since commit 3d1c037a7cb7858a4e3c33a94f5d343a81aac5f7:
go-helloworld: fix license (2025-08-12 09:57:24 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Dan McGregor (1):
systemd: Fix manpage build after CVE-2025-4598
Hitendra Prajapati (3):
gstreamer1.0-plugins-base: fix CVE-2025-47806 & CVE-2025-47808
gstreamer1.0-plugins-good: fix CVE-2025-47183 & CVE-2025-47219
git: fix CVE-2025-27614-CVE-2025-27613-CVE-2025-46334-CVE-2025-46835
Peter Marko (1):
glib-2.0: ignore CVE-2025-4056
Vijay Anusuri (3):
xserver-xorg: Fix for CVE-2025-49175
xserver-xorg: Fix for CVE-2025-49176
xserver-xorg: Fix for CVE-2025-49177
Youngseok Jeong (1):
libubootenv: backport patch to fix unknown type name 'size_t'
...-Include-cstddef-in-the-header-for-C.patch | 27 +
meta/recipes-bsp/u-boot/libubootenv_0.3.2.bb | 6 +-
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 3 +
.../systemd/systemd/CVE-2025-4598-0003.patch | 7 +-
...-27613-CVE-2025-46334-CVE-2025-46835.patch | 2500 +++++++++++++++++
meta/recipes-devtools/git/git_2.35.7.bb | 1 +
.../xserver-xorg/CVE-2025-49175.patch | 91 +
.../xserver-xorg/CVE-2025-49176-1.patch | 92 +
.../xserver-xorg/CVE-2025-49176-2.patch | 37 +
.../xserver-xorg/CVE-2025-49177.patch | 54 +
.../xorg-xserver/xserver-xorg_21.1.8.bb | 4 +
.../CVE-2025-47806.patch | 50 +
.../CVE-2025-47808.patch | 36 +
.../gstreamer1.0-plugins-base_1.20.7.bb | 2 +
.../CVE-2025-47183-001.patch | 151 +
.../CVE-2025-47183-002.patch | 80 +
.../CVE-2025-47219.patch | 40 +
.../gstreamer1.0-plugins-good_1.20.7.bb | 3 +
18 files changed, 3179 insertions(+), 5 deletions(-)
create mode 100644 meta/recipes-bsp/u-boot/files/0001-Include-cstddef-in-the-header-for-C.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2025-27614-CVE-2025-27613-CVE-2025-46334-CVE-2025-46835.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49175.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49176-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49176-2.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49177.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47806.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47808.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-001.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-002.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch
--
2.43.0
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2025-08-26 13:44 Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 1/9] openssl: fix CVE-2023-50781 Steve Sakoman
` (8 more replies)
0 siblings, 9 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-08-26 13:44 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, August 28
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2267
The following changes since commit e401a16d8e26d25cec95fcea98d6530036cffca1:
libubootenv: backport patch to fix unknown type name 'size_t' (2025-08-19 10:14:55 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Hitendra Prajapati (1):
gstreamer1.0-plugins-base: fix CVE-2025-47807
Jiaying Song (1):
openssl: fix CVE-2023-50781
Peter Marko (4):
qemu: ignore CVE-2024-7730
glib-2.0: patch CVE-2025-7039
dpkg: patch CVE-2025-6297
libarchive: patch regression of patch for CVE-2025-5918
Vijay Anusuri (3):
xserver-xorg: Fix for CVE-2025-49178
xserver-xorg: Fix for CVE-2025-49179
xserver-xorg: Fix for CVE-2025-49180
.../openssl/openssl/CVE-2023-50781-1.patch | 618 ++++++++++++++++++
.../openssl/openssl/CVE-2023-50781-2.patch | 358 ++++++++++
.../openssl/openssl/CVE-2023-50781-3.patch | 41 ++
.../openssl/openssl/CVE-2023-50781-4.patch | 441 +++++++++++++
.../openssl/openssl/CVE-2023-50781-5.patch | 284 ++++++++
.../openssl/openssl/CVE-2023-50781-6.patch | 57 ++
.../openssl/openssl_3.0.17.bb | 8 +-
.../glib-2.0/glib-2.0/CVE-2025-7039-01.patch | 40 ++
.../glib-2.0/glib-2.0/CVE-2025-7039-02.patch | 43 ++
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 2 +
.../dpkg/dpkg/CVE-2025-6297.patch | 125 ++++
meta/recipes-devtools/dpkg/dpkg_1.21.4.bb | 1 +
meta/recipes-devtools/qemu/qemu.inc | 3 +
...2025-5918.patch => CVE-2025-5918-01.patch} | 0
.../libarchive/CVE-2025-5918-02.patch | 51 ++
.../libarchive/libarchive_3.6.2.bb | 3 +-
.../xserver-xorg/CVE-2025-49178.patch | 49 ++
.../xserver-xorg/CVE-2025-49179.patch | 67 ++
.../xserver-xorg/CVE-2025-49180-1.patch | 44 ++
.../xserver-xorg/CVE-2025-49180-2.patch | 52 ++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 4 +
.../CVE-2025-47807.patch | 49 ++
.../gstreamer1.0-plugins-base_1.20.7.bb | 1 +
23 files changed, 2339 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-1.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-2.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-3.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-4.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-5.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-6.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-01.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-02.patch
create mode 100644 meta/recipes-devtools/dpkg/dpkg/CVE-2025-6297.patch
rename meta/recipes-extended/libarchive/libarchive/{CVE-2025-5918.patch => CVE-2025-5918-01.patch} (100%)
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49178.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49179.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-2.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47807.patch
--
2.43.0
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 1/9] openssl: fix CVE-2023-50781
2025-08-26 13:44 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
@ 2025-08-26 13:44 ` Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 2/9] xserver-xorg: Fix for CVE-2025-49178 Steve Sakoman
` (7 subsequent siblings)
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-08-26 13:44 UTC (permalink / raw)
To: openembedded-core
From: Jiaying Song <jiaying.song.cn@windriver.com>
A flaw was found in m2crypto. This issue may allow a remote attacker to
decrypt captured messages in TLS servers that use RSA key exchanges,
which may lead to exposure of confidential or sensitive data.
The CVE-2023-50781 in M2Crypto is addressed by modifying OpenSSL because
M2Crypto relies on OpenSSL for its cryptographic operations.The issue
stems from OpenSSL’s RSA PKCS#1 v1.5 padding verification being
vulnerable to Bleichenbacher-type attacks.To mitigate this, OpenSSL
introduced an implicit rejection mechanism in the RSA PKCS#1 v1.5
padding.Therefore, resolving the vulnerability requires changes within
OpenSSL itself to ensure M2Crypto’s security.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-50781
https://github.com/openssl/openssl/pull/13817/commits
https://todo.sr.ht/~mcepl/m2crypto/342?__goaway_challenge=meta-refresh&__goaway_id=45a03d6accb7b343867110db1f7fb334
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssl/openssl/CVE-2023-50781-1.patch | 618 ++++++++++++++++++
.../openssl/openssl/CVE-2023-50781-2.patch | 358 ++++++++++
.../openssl/openssl/CVE-2023-50781-3.patch | 41 ++
.../openssl/openssl/CVE-2023-50781-4.patch | 441 +++++++++++++
.../openssl/openssl/CVE-2023-50781-5.patch | 284 ++++++++
.../openssl/openssl/CVE-2023-50781-6.patch | 57 ++
.../openssl/openssl_3.0.17.bb | 8 +-
7 files changed, 1806 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-1.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-2.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-3.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-4.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-5.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-6.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-1.patch
new file mode 100644
index 0000000000..234fe7b8aa
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-1.patch
@@ -0,0 +1,618 @@
+From 24734088e1034392de981151dfe57e3a379ada18 Mon Sep 17 00:00:00 2001
+From: Hubert Kario <hkario@redhat.com>
+Date: Tue, 15 Mar 2022 13:58:08 +0100
+Subject: [PATCH 1/3] rsa: add implicit rejection in PKCS#1 v1.5
+
+The RSA decryption as implemented before required very careful handling
+of both the exit code returned by OpenSSL and the potentially returned
+ciphertext. Looking at the recent security vulnerabilities
+(CVE-2020-25659 and CVE-2020-25657) it is unlikely that most users of
+OpenSSL do it correctly.
+
+Given that correct code requires side channel secure programming in
+application code, we can classify the existing RSA decryption methods
+as CWE-676, which in turn likely causes CWE-208 and CWE-385 in
+application code.
+
+To prevent that, we can use a technique called "implicit rejection".
+For that we generate a random message to be returned in case the
+padding check fails. We generate the message based on static secret
+data (the private exponent) and the provided ciphertext (so that the
+attacker cannot determine that the returned value is randomly generated
+instead of result of decryption and de-padding). We return it in case
+any part of padding check fails.
+
+The upshot of this approach is that then not only is the length of the
+returned message useless as the Bleichenbacher oracle, so are the
+actual bytes of the returned message. So application code doesn't have
+to perform any operations on the returned message in side-channel free
+way to remain secure against Bleichenbacher attacks.
+
+Note: this patch implements a specific algorithm, shared with Mozilla
+NSS, so that the attacker cannot use one library as an oracle against the
+other in heterogeneous environments.
+
+CVE: CVE-2023-50781
+
+Upstream-Status: Backport
+[https://github.com/openssl/openssl/commit/7fc67e0a33102aa47bbaa56533eeecb98c0450f7]
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/13817)
+
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ crypto/rsa/rsa_ossl.c | 95 +++++++-
+ crypto/rsa/rsa_pk1.c | 252 ++++++++++++++++++++++
+ doc/man1/openssl-pkeyutl.pod.in | 5 +
+ doc/man1/openssl-rsautl.pod.in | 5 +
+ doc/man3/EVP_PKEY_CTX_ctrl.pod | 7 +
+ doc/man3/EVP_PKEY_decrypt.pod | 12 ++
+ doc/man3/RSA_padding_add_PKCS1_type_1.pod | 7 +-
+ doc/man3/RSA_public_encrypt.pod | 11 +-
+ include/crypto/rsa.h | 4 +
+ 9 files changed, 393 insertions(+), 5 deletions(-)
+
+diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
+index 0fc642e777..330302ae55 100644
+--- a/crypto/rsa/rsa_ossl.c
++++ b/crypto/rsa/rsa_ossl.c
+@@ -17,6 +17,9 @@
+ #include "crypto/bn.h"
+ #include "rsa_local.h"
+ #include "internal/constant_time.h"
++#include <openssl/evp.h>
++#include <openssl/sha.h>
++#include <openssl/hmac.h>
+
+ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+@@ -377,8 +380,13 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+ BIGNUM *f, *ret;
+ int j, num = 0, r = -1;
+ unsigned char *buf = NULL;
++ unsigned char d_hash[SHA256_DIGEST_LENGTH] = {0};
++ HMAC_CTX *hmac = NULL;
++ unsigned int md_len = SHA256_DIGEST_LENGTH;
++ unsigned char kdk[SHA256_DIGEST_LENGTH] = {0};
+ BN_CTX *ctx = NULL;
+ int local_blinding = 0;
++ EVP_MD *md = NULL;
+ /*
+ * Used only if the blinding structure is shared. A non-NULL unblind
+ * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+@@ -408,6 +416,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+ goto err;
+ }
+
++ if (flen < 1) {
++ ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_SMALL);
++ goto err;
++ }
++
+ /* make data into a big number */
+ if (BN_bin2bn(from, (int)flen, f) == NULL)
+ goto err;
+@@ -472,13 +485,91 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+ if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+ goto err;
+
++ /*
++ * derive the Key Derivation Key from private exponent and public
++ * ciphertext
++ */
++ if (!(rsa->flags & RSA_FLAG_EXT_PKEY)) {
++ /*
++ * because we use d as a handle to rsa->d we need to keep it local and
++ * free before any further use of rsa->d
++ */
++ BIGNUM *d = BN_new();
++ if (d == NULL) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++ if (rsa->d == NULL) {
++ ERR_raise(ERR_LIB_RSA, RSA_R_MISSING_PRIVATE_KEY);
++ BN_free(d);
++ goto err;
++ }
++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
++ if (BN_bn2binpad(d, buf, num) < 0) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ BN_free(d);
++ goto err;
++ }
++ BN_free(d);
++
++ /*
++ * we use hardcoded hash so that migrating between versions that use
++ * different hash doesn't provide a Bleichenbacher oracle:
++ * if the attacker can see that different versions return different
++ * messages for the same ciphertext, they'll know that the message is
++ * syntethically generated, which means that the padding check failed
++ */
++ md = EVP_MD_fetch(rsa->libctx, "sha256", NULL);
++ if (md == NULL) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++
++ if (EVP_Digest(buf, num, d_hash, NULL, md, NULL) <= 0) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++
++ hmac = HMAC_CTX_new();
++ if (hmac == NULL) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++
++ if (HMAC_Init_ex(hmac, d_hash, sizeof(d_hash), md, NULL) <= 0) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++
++ if (flen < num) {
++ memset(buf, 0, num - flen);
++ if (HMAC_Update(hmac, buf, num - flen) <= 0) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++ }
++ if (HMAC_Update(hmac, from, flen) <= 0) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++
++ md_len = SHA256_DIGEST_LENGTH;
++ if (HMAC_Final(hmac, kdk, &md_len) <= 0) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++ }
++
+ j = BN_bn2binpad(ret, buf, num);
+ if (j < 0)
+ goto err;
+
+ switch (padding) {
+ case RSA_PKCS1_PADDING:
+- r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
++ if (rsa->flags & RSA_FLAG_EXT_PKEY)
++ r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
++ else
++ r = ossl_rsa_padding_check_PKCS1_type_2(rsa->libctx, to, num, buf, j, num, kdk);
+ break;
+ case RSA_PKCS1_OAEP_PADDING:
+ r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
+@@ -501,6 +592,8 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+ #endif
+
+ err:
++ HMAC_CTX_free(hmac);
++ EVP_MD_free(md);
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ OPENSSL_clear_free(buf, num);
+diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
+index 51507fc030..5cd2b26879 100644
+--- a/crypto/rsa/rsa_pk1.c
++++ b/crypto/rsa/rsa_pk1.c
+@@ -21,10 +21,14 @@
+ #include <openssl/rand.h>
+ /* Just for the SSL_MAX_MASTER_KEY_LENGTH value */
+ #include <openssl/prov_ssl.h>
++#include <openssl/evp.h>
++#include <openssl/sha.h>
++#include <openssl/hmac.h>
+ #include "internal/cryptlib.h"
+ #include "crypto/rsa.h"
+ #include "rsa_local.h"
+
++
+ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+ const unsigned char *from, int flen)
+ {
+@@ -273,6 +277,254 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+ return constant_time_select_int(good, mlen, -1);
+ }
+
++
++static int ossl_rsa_prf(OSSL_LIB_CTX *ctx,
++ unsigned char *to, int tlen,
++ const char *label, int llen,
++ const unsigned char *kdk,
++ uint16_t bitlen)
++{
++ int pos;
++ int ret = -1;
++ uint16_t iter = 0;
++ unsigned char be_iter[sizeof(iter)];
++ unsigned char be_bitlen[sizeof(bitlen)];
++ HMAC_CTX *hmac = NULL;
++ EVP_MD *md = NULL;
++ unsigned char hmac_out[SHA256_DIGEST_LENGTH];
++ unsigned int md_len;
++
++ if (tlen * 8 != bitlen) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ return ret;
++ }
++
++ be_bitlen[0] = (bitlen >> 8) & 0xff;
++ be_bitlen[1] = bitlen & 0xff;
++
++ hmac = HMAC_CTX_new();
++ if (hmac == NULL) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++
++ /*
++ * we use hardcoded hash so that migrating between versions that use
++ * different hash doesn't provide a Bleichenbacher oracle:
++ * if the attacker can see that different versions return different
++ * messages for the same ciphertext, they'll know that the message is
++ * syntethically generated, which means that the padding check failed
++ */
++ md = EVP_MD_fetch(ctx, "sha256", NULL);
++ if (md == NULL) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++
++ if (HMAC_Init_ex(hmac, kdk, SHA256_DIGEST_LENGTH, md, NULL) <= 0) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++
++ for (pos = 0; pos < tlen; pos += SHA256_DIGEST_LENGTH, iter++) {
++ if (HMAC_Init_ex(hmac, NULL, 0, NULL, NULL) <= 0) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++
++ be_iter[0] = (iter >> 8) & 0xff;
++ be_iter[1] = iter & 0xff;
++
++ if (HMAC_Update(hmac, be_iter, sizeof(be_iter)) <= 0) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++ if (HMAC_Update(hmac, (unsigned char *)label, llen) <= 0) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++ if (HMAC_Update(hmac, be_bitlen, sizeof(be_bitlen)) <= 0) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++
++ /*
++ * HMAC_Final requires the output buffer to fit the whole MAC
++ * value, so we need to use the intermediate buffer for the last
++ * unaligned block
++ */
++ md_len = SHA256_DIGEST_LENGTH;
++ if (pos + SHA256_DIGEST_LENGTH > tlen) {
++ if (HMAC_Final(hmac, hmac_out, &md_len) <= 0) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++ memcpy(to + pos, hmac_out, tlen - pos);
++ } else {
++ if (HMAC_Final(hmac, to + pos, &md_len) <= 0) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ goto err;
++ }
++ }
++ }
++
++ ret = 0;
++
++err:
++ HMAC_CTX_free(hmac);
++ EVP_MD_free(md);
++ return ret;
++}
++
++/*
++ * ossl_rsa_padding_check_PKCS1_type_2() checks and removes the PKCS#1 type 2
++ * padding from a decrypted RSA message. Unlike the
++ * RSA_padding_check_PKCS1_type_2() it will not return an error in case it
++ * detects a padding error, rather it will return a deterministically generated
++ * random message. In other words it will perform an implicit rejection
++ * of an invalid padding. This means that the returned value does not indicate
++ * if the padding of the encrypted message was correct or not, making
++ * side channel attacks like the ones described by Bleichenbacher impossible
++ * without access to the full decrypted value and a brute-force search of
++ * remaining padding bytes
++ */
++int ossl_rsa_padding_check_PKCS1_type_2(OSSL_LIB_CTX *ctx,
++ unsigned char *to, int tlen,
++ const unsigned char *from, int flen,
++ int num, unsigned char *kdk)
++{
++/*
++ * We need to generate a random length for the synthethic message, to avoid
++ * bias towards zero and avoid non-constant timeness of DIV, we prepare
++ * 128 values to check if they are not too large for the used key size,
++ * and use 0 in case none of them are small enough, as 2^-128 is a good enough
++ * safety margin
++ */
++#define MAX_LEN_GEN_TRIES 128
++ unsigned char *synthetic = NULL;
++ int synthethic_length;
++ uint16_t len_candidate;
++ unsigned char candidate_lengths[MAX_LEN_GEN_TRIES * sizeof(len_candidate)];
++ uint16_t len_mask;
++ uint16_t max_sep_offset;
++ int synth_msg_index = 0;
++ int ret = -1;
++ int i, j;
++ unsigned int good, found_zero_byte;
++ int zero_index = 0, msg_index;
++
++ /*
++ * If these checks fail then either the message in publicly invalid, or
++ * we've been called incorrectly. We can fail immediately.
++ * Since this code is called only internally by openssl, those are just
++ * sanity checks
++ */
++ if (num != flen || tlen <= 0 || flen <= 0) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ return -1;
++ }
++
++ /* Generate a random message to return in case the padding checks fail */
++ synthetic = OPENSSL_malloc(flen);
++ if (synthetic == NULL) {
++ ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE);
++ return -1;
++ }
++
++ if (ossl_rsa_prf(ctx, synthetic, flen, "message", 7, kdk, flen * 8) < 0)
++ goto err;
++
++ /* decide how long the random message should be */
++ if (ossl_rsa_prf(ctx, candidate_lengths, sizeof(candidate_lengths),
++ "length", 6, kdk,
++ MAX_LEN_GEN_TRIES * sizeof(len_candidate) * 8) < 0)
++ goto err;
++
++ /*
++ * max message size is the size of the modulus size less 2 bytes for
++ * version and padding type and a minimum of 8 bytes padding
++ */
++ len_mask = max_sep_offset = flen - 2 - 8;
++ /*
++ * we want a mask so lets propagate the high bit to all positions less
++ * significant than it
++ */
++ len_mask |= len_mask >> 1;
++ len_mask |= len_mask >> 2;
++ len_mask |= len_mask >> 4;
++ len_mask |= len_mask >> 8;
++
++ synthethic_length = 0;
++ for (i = 0; i < MAX_LEN_GEN_TRIES * (int)sizeof(len_candidate);
++ i += sizeof(len_candidate)) {
++ len_candidate = (candidate_lengths[i] << 8) | candidate_lengths[i + 1];
++ len_candidate &= len_mask;
++
++ synthethic_length = constant_time_select_int(
++ constant_time_lt(len_candidate, max_sep_offset),
++ len_candidate, synthethic_length);
++ }
++
++ synth_msg_index = flen - synthethic_length;
++
++ /* we have alternative message ready, check the real one */
++ good = constant_time_is_zero(from[0]);
++ good &= constant_time_eq(from[1], 2);
++
++ /* then look for the padding|message separator (the first zero byte) */
++ found_zero_byte = 0;
++ for (i = 2; i < flen; i++) {
++ unsigned int equals0 = constant_time_is_zero(from[i]);
++ zero_index = constant_time_select_int(~found_zero_byte & equals0,
++ i, zero_index);
++ found_zero_byte |= equals0;
++ }
++
++ /*
++ * padding must be at least 8 bytes long, and it starts two bytes into
++ * |from|. If we never found a 0-byte, then |zero_index| is 0 and the check
++ * also fails.
++ */
++ good &= constant_time_ge(zero_index, 2 + 8);
++
++ /*
++ * Skip the zero byte. This is incorrect if we never found a zero-byte
++ * but in this case we also do not copy the message out.
++ */
++ msg_index = zero_index + 1;
++
++ /*
++ * old code returned an error in case the decrypted message wouldn't fit
++ * into the |to|, since that would leak information, return the synthethic
++ * message instead
++ */
++ good &= constant_time_ge(tlen, num - msg_index);
++
++ msg_index = constant_time_select_int(good, msg_index, synth_msg_index);
++
++ /*
++ * since at this point the |msg_index| does not provide the signal
++ * indicating if the padding check failed or not, we don't have to worry
++ * about leaking the length of returned message, we still need to ensure
++ * that we read contents of both buffers so that cache accesses don't leak
++ * the value of |good|
++ */
++ for (i = msg_index, j = 0; i < flen && j < tlen; i++, j++)
++ to[j] = constant_time_select_8(good, from[i], synthetic[i]);
++ ret = j;
++
++err:
++ /*
++ * the only time ret < 0 is when the ciphertext is publicly invalid
++ * or we were called with invalid parameters, so we don't have to perform
++ * a side-channel secure raising of the error
++ */
++ if (ret < 0)
++ ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
++ OPENSSL_free(synthetic);
++ return ret;
++}
++
+ /*
+ * ossl_rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2
+ * padding from a decrypted RSA message in a TLS signature. The result is stored
+diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in
+index 2f6ef0021d..015265a74d 100644
+--- a/doc/man1/openssl-pkeyutl.pod.in
++++ b/doc/man1/openssl-pkeyutl.pod.in
+@@ -273,6 +273,11 @@ signed or verified directly instead of using a B<DigestInfo> structure. If a
+ digest is set, then the B<DigestInfo> structure is used and its length
+ must correspond to the digest type.
+
++Note, for B<pkcs1> padding, as a protection against Bleichenbacher attack,
++the decryption will not fail in case of padding check failures. Use B<none>
++and manual inspection of the decrypted message to verify if the decrypted
++value has correct PKCS#1 v1.5 padding.
++
+ For B<oaep> mode only encryption and decryption is supported.
+
+ For B<x931> if the digest type is set it is used to format the block data
+diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in
+index 0a32fd965b..4c462abc8c 100644
+--- a/doc/man1/openssl-rsautl.pod.in
++++ b/doc/man1/openssl-rsautl.pod.in
+@@ -105,6 +105,11 @@ The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
+ ANSI X9.31, or no padding, respectively.
+ For signatures, only B<-pkcs> and B<-raw> can be used.
+
++Note: because of protection against Bleichenbacher attacks, decryption
++using PKCS#1 v1.5 mode will not return errors in case padding check failed.
++Use B<-raw> and inspect the returned value manually to check if the
++padding is correct.
++
+ =item B<-hexdump>
+
+ Hex dump the output data.
+diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
+index 3075eaafd6..e788f38809 100644
+--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
++++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
+@@ -386,6 +386,13 @@ this behaviour should be tolerated then
+ OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION should be set to the actual
+ negotiated protocol version. Otherwise it should be left unset.
+
++Similarly to the B<RSA_PKCS1_WITH_TLS_PADDING> above, since OpenSSL version
++3.1.0, the use of B<RSA_PKCS1_PADDING> will return a randomly generated message
++instead of padding errors in case padding checks fail. Applications that
++want to remain secure while using earlier versions of OpenSSL, still need to
++handle both the error code from the RSA decryption operation and the
++returned message in a side channel secure manner.
++
+ =head2 DSA parameters
+
+ EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used for DSA
+diff --git a/doc/man3/EVP_PKEY_decrypt.pod b/doc/man3/EVP_PKEY_decrypt.pod
+index b6f9bad5f1..898535a7a2 100644
+--- a/doc/man3/EVP_PKEY_decrypt.pod
++++ b/doc/man3/EVP_PKEY_decrypt.pod
+@@ -51,6 +51,18 @@ return 1 for success and 0 or a negative value for failure. In particular a
+ return value of -2 indicates the operation is not supported by the public key
+ algorithm.
+
++=head1 WARNINGS
++
++In OpenSSL versions before 3.1.0, when used in PKCS#1 v1.5 padding,
++both the return value from the EVP_PKEY_decrypt() and the B<outlen> provided
++information useful in mounting a Bleichenbacher attack against the
++used private key. They had to processed in a side-channel free way.
++
++Since version 3.1.0, the EVP_PKEY_decrypt() method when used with PKCS#1
++v1.5 padding doesn't return an error in case it detects an error in padding,
++instead it returns a pseudo-randomly generated message, removing the need
++of side-channel secure code from applications using OpenSSL.
++
+ =head1 EXAMPLES
+
+ Decrypt data using OAEP (for RSA keys):
+diff --git a/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/doc/man3/RSA_padding_add_PKCS1_type_1.pod
+index 9f7025c497..36ae18563f 100644
+--- a/doc/man3/RSA_padding_add_PKCS1_type_1.pod
++++ b/doc/man3/RSA_padding_add_PKCS1_type_1.pod
+@@ -121,8 +121,8 @@ L<ERR_get_error(3)>.
+
+ =head1 WARNINGS
+
+-The result of RSA_padding_check_PKCS1_type_2() is a very sensitive
+-information which can potentially be used to mount a Bleichenbacher
++The result of RSA_padding_check_PKCS1_type_2() is exactly the
++information which is used to mount a classical Bleichenbacher
+ padding oracle attack. This is an inherent weakness in the PKCS #1
+ v1.5 padding design. Prefer PKCS1_OAEP padding. If that is not
+ possible, the result of RSA_padding_check_PKCS1_type_2() should be
+@@ -137,6 +137,9 @@ as this would create a small timing side channel which could be
+ used to mount a Bleichenbacher attack against any padding mode
+ including PKCS1_OAEP.
+
++You should prefer the use of EVP PKEY APIs for PKCS#1 v1.5 decryption
++as they implement the necessary workarounds internally.
++
+ =head1 SEE ALSO
+
+ L<RSA_public_encrypt(3)>,
+diff --git a/doc/man3/RSA_public_encrypt.pod b/doc/man3/RSA_public_encrypt.pod
+index 1d38073aea..bd3f835ac6 100644
+--- a/doc/man3/RSA_public_encrypt.pod
++++ b/doc/man3/RSA_public_encrypt.pod
+@@ -52,8 +52,8 @@ Encrypting user data directly with RSA is insecure.
+
+ =back
+
+-B<flen> must not be more than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
+-based padding modes, not more than RSA_size(B<rsa>) - 42 for
++When encrypting B<flen> must not be more than RSA_size(B<rsa>) - 11 for the
++PKCS #1 v1.5 based padding modes, not more than RSA_size(B<rsa>) - 42 for
+ RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B<rsa>) for RSA_NO_PADDING.
+ When a padding mode other than RSA_NO_PADDING is in use, then
+ RSA_public_encrypt() will include some random bytes into the ciphertext
+@@ -92,6 +92,13 @@ which can potentially be used to mount a Bleichenbacher padding oracle
+ attack. This is an inherent weakness in the PKCS #1 v1.5 padding
+ design. Prefer RSA_PKCS1_OAEP_PADDING.
+
++In OpenSSL before version 3.1.0, both the return value and the length of
++returned value could be used to mount the Bleichenbacher attack.
++Since version 3.1.0, OpenSSL does not return an error in case of padding
++checks failed. Instead it generates a random message based on used private
++key and provided ciphertext so that application code doesn't have to implement
++a side-channel secure error handling.
++
+ =head1 CONFORMING TO
+
+ SSL, PKCS #1 v2.0
+diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h
+index 949873d0ee..f267e5d9d1 100644
+--- a/include/crypto/rsa.h
++++ b/include/crypto/rsa.h
+@@ -83,6 +83,10 @@ int ossl_rsa_param_decode(RSA *rsa, const X509_ALGOR *alg);
+ RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
+ OSSL_LIB_CTX *libctx, const char *propq);
+
++int ossl_rsa_padding_check_PKCS1_type_2(OSSL_LIB_CTX *ctx,
++ unsigned char *to, int tlen,
++ const unsigned char *from, int flen,
++ int num, unsigned char *kdk);
+ int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *ctx, unsigned char *to,
+ size_t tlen,
+ const unsigned char *from,
+--
+2.34.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-2.patch
new file mode 100644
index 0000000000..b336d9e850
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-2.patch
@@ -0,0 +1,358 @@
+From e92f0cd3b03e5aca948b03df7e3d02e536700f68 Mon Sep 17 00:00:00 2001
+From: Hubert Kario <hkario@redhat.com>
+Date: Thu, 27 Oct 2022 19:16:58 +0200
+Subject: [PATCH 2/3] rsa: Add option to disable implicit rejection
+
+CVE: CVE-2023-50781
+
+Upstream-Status: Backport
+[https://github.com/openssl/openssl/commit/5ab3ec1bb1eaa795d775f5896818cfaa84d33a1a]
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/13817)
+
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ crypto/cms/cms_env.c | 7 +++++
+ crypto/evp/ctrl_params_translate.c | 6 +++++
+ crypto/rsa/rsa_ossl.c | 16 ++++++++----
+ crypto/rsa/rsa_pmeth.c | 20 +++++++++++++-
+ doc/man1/openssl-pkeyutl.pod.in | 10 +++++++
+ doc/man3/EVP_PKEY_CTX_ctrl.pod | 2 ++
+ doc/man7/provider-asym_cipher.pod | 9 +++++++
+ include/openssl/core_names.h | 2 ++
+ include/openssl/rsa.h | 5 ++++
+ .../implementations/asymciphers/rsa_enc.c | 26 +++++++++++++++++--
+ 10 files changed, 95 insertions(+), 8 deletions(-)
+
+diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
+index 445a16fb77..49b0289114 100644
+--- a/crypto/cms/cms_env.c
++++ b/crypto/cms/cms_env.c
+@@ -581,6 +581,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
+ if (!ossl_cms_env_asn1_ctrl(ri, 1))
+ goto err;
+
++ if (EVP_PKEY_is_a(pkey, "RSA"))
++ /* upper layer CMS code incorrectly assumes that a successful RSA
++ * decryption means that the key matches ciphertext (which never
++ * was the case, implicit rejection or not), so to make it work
++ * disable implicit rejection for RSA keys */
++ EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_pkcs1_implicit_rejection", "0");
++
+ if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
+ ktri->encryptedKey->data,
+ ktri->encryptedKey->length) <= 0)
+diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
+index 44d0895bcf..db7325439a 100644
+--- a/crypto/evp/ctrl_params_translate.c
++++ b/crypto/evp/ctrl_params_translate.c
+@@ -2269,6 +2269,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
+ EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL,
+ OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL },
+
++ { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
++ EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION, NULL,
++ "rsa_pkcs1_implicit_rejection",
++ OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, OSSL_PARAM_UNSIGNED_INTEGER,
++ NULL },
++
+ { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN,
+ EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL,
+ OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
+diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
+index 330302ae55..4bdacd5ed9 100644
+--- a/crypto/rsa/rsa_ossl.c
++++ b/crypto/rsa/rsa_ossl.c
+@@ -395,6 +395,12 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+ BIGNUM *unblind = NULL;
+ BN_BLINDING *blinding = NULL;
+
++ /*
++ * we need the value of the private exponent to perform implicit rejection
++ */
++ if ((rsa->flags & RSA_FLAG_EXT_PKEY) && (padding == RSA_PKCS1_PADDING))
++ padding = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING;
++
+ if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+@@ -489,7 +495,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+ * derive the Key Derivation Key from private exponent and public
+ * ciphertext
+ */
+- if (!(rsa->flags & RSA_FLAG_EXT_PKEY)) {
++ if (padding == RSA_PKCS1_PADDING) {
+ /*
+ * because we use d as a handle to rsa->d we need to keep it local and
+ * free before any further use of rsa->d
+@@ -565,11 +571,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+ goto err;
+
+ switch (padding) {
++ case RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING:
++ r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
++ break;
+ case RSA_PKCS1_PADDING:
+- if (rsa->flags & RSA_FLAG_EXT_PKEY)
+- r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
+- else
+- r = ossl_rsa_padding_check_PKCS1_type_2(rsa->libctx, to, num, buf, j, num, kdk);
++ r = ossl_rsa_padding_check_PKCS1_type_2(rsa->libctx, to, num, buf, j, num, kdk);
+ break;
+ case RSA_PKCS1_OAEP_PADDING:
+ r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
+diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
+index 0bf5ac098a..81b031f81b 100644
+--- a/crypto/rsa/rsa_pmeth.c
++++ b/crypto/rsa/rsa_pmeth.c
+@@ -52,6 +52,8 @@ typedef struct {
+ /* OAEP label */
+ unsigned char *oaep_label;
+ size_t oaep_labellen;
++ /* if to use implicit rejection in PKCS#1 v1.5 decryption */
++ int implicit_rejection;
+ } RSA_PKEY_CTX;
+
+ /* True if PSS parameters are restricted */
+@@ -72,6 +74,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
+ /* Maximum for sign, auto for verify */
+ rctx->saltlen = RSA_PSS_SALTLEN_AUTO;
+ rctx->min_saltlen = -1;
++ rctx->implicit_rejection = 1;
+ ctx->data = rctx;
+ ctx->keygen_info = rctx->gentmp;
+ ctx->keygen_info_count = 2;
+@@ -97,6 +100,7 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
+ dctx->md = sctx->md;
+ dctx->mgf1md = sctx->mgf1md;
+ dctx->saltlen = sctx->saltlen;
++ dctx->implicit_rejection = sctx->implicit_rejection;
+ if (sctx->oaep_label) {
+ OPENSSL_free(dctx->oaep_label);
+ dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen);
+@@ -347,6 +351,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
+ const unsigned char *in, size_t inlen)
+ {
+ int ret;
++ int pad_mode;
+ RSA_PKEY_CTX *rctx = ctx->data;
+ /*
+ * Discard const. Its marked as const because this may be a cached copy of
+@@ -367,7 +372,12 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
+ rctx->oaep_labellen,
+ rctx->md, rctx->mgf1md);
+ } else {
+- ret = RSA_private_decrypt(inlen, in, out, rsa, rctx->pad_mode);
++ if (rctx->pad_mode == RSA_PKCS1_PADDING &&
++ rctx->implicit_rejection == 0)
++ pad_mode = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING;
++ else
++ pad_mode = rctx->pad_mode;
++ ret = RSA_private_decrypt(inlen, in, out, rsa, pad_mode);
+ }
+ *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
+ ret = constant_time_select_int(constant_time_msb(ret), ret, 1);
+@@ -591,6 +601,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+ *(unsigned char **)p2 = rctx->oaep_label;
+ return rctx->oaep_labellen;
+
++ case EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION:
++ if (rctx->pad_mode != RSA_PKCS1_PADDING) {
++ ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING_MODE);
++ return -2;
++ }
++ rctx->implicit_rejection = p1;
++ return 1;
++
+ case EVP_PKEY_CTRL_DIGESTINIT:
+ case EVP_PKEY_CTRL_PKCS7_SIGN:
+ #ifndef OPENSSL_NO_CMS
+diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in
+index 015265a74d..5e62551d34 100644
+--- a/doc/man1/openssl-pkeyutl.pod.in
++++ b/doc/man1/openssl-pkeyutl.pod.in
+@@ -305,6 +305,16 @@ explicitly set in PSS mode then the signing digest is used.
+ Sets the digest used for the OAEP hash function. If not explicitly set then
+ SHA1 is used.
+
++=item B<rsa_pkcs1_implicit_rejection:>I<flag>
++
++Disables (when set to 0) or enables (when set to 1) the use of implicit
++rejection with PKCS#1 v1.5 decryption. When enabled (the default), as a
++protection against Bleichenbacher attack, the library will generate a
++deterministic random plaintext that it will return to the caller in case
++of padding check failure.
++When disabled, it's the callers' responsibility to handle the returned
++errors in a side-channel free manner.
++
+ =back
+
+ =head1 RSA-PSS ALGORITHM
+diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
+index e788f38809..3844aa2199 100644
+--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
++++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
+@@ -392,6 +392,8 @@ instead of padding errors in case padding checks fail. Applications that
+ want to remain secure while using earlier versions of OpenSSL, still need to
+ handle both the error code from the RSA decryption operation and the
+ returned message in a side channel secure manner.
++This protection against Bleichenbacher attacks can be disabled by setting
++the OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION (an unsigned integer) to 0.
+
+ =head2 DSA parameters
+
+diff --git a/doc/man7/provider-asym_cipher.pod b/doc/man7/provider-asym_cipher.pod
+index 0976a263a8..2a8426a6ed 100644
+--- a/doc/man7/provider-asym_cipher.pod
++++ b/doc/man7/provider-asym_cipher.pod
+@@ -234,6 +234,15 @@ The TLS protocol version first requested by the client.
+
+ The negotiated TLS protocol version.
+
++=item "implicit-rejection" (B<OSSL_PKEY_PARAM_IMPLICIT_REJECTION>) <unsigned integer>
++
++Gets of sets the use of the implicit rejection mechanism for RSA PKCS#1 v1.5
++decryption. When set (non zero value), the decryption API will return
++a deterministically random value if the PKCS#1 v1.5 padding check fails.
++This makes explotation of the Bleichenbacher significantly harder, even
++if the code using the RSA decryption API is not implemented in side-channel
++free manner. Set by default.
++
+ =back
+
+ OSSL_FUNC_asym_cipher_gettable_ctx_params() and OSSL_FUNC_asym_cipher_settable_ctx_params()
+diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
+index 6bed5a8a67..5a350b537f 100644
+--- a/include/openssl/core_names.h
++++ b/include/openssl/core_names.h
+@@ -292,6 +292,7 @@ extern "C" {
+ #define OSSL_PKEY_PARAM_DIST_ID "distid"
+ #define OSSL_PKEY_PARAM_PUB_KEY "pub"
+ #define OSSL_PKEY_PARAM_PRIV_KEY "priv"
++#define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+
+ /* Diffie-Hellman/DSA Parameters */
+ #define OSSL_PKEY_PARAM_FFC_P "p"
+@@ -467,6 +468,7 @@ extern "C" {
+ #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
+ #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
+ #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
++#define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection"
+
+ /*
+ * Encoder / decoder parameters
+diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
+index a55c9727c6..247f9014e3 100644
+--- a/include/openssl/rsa.h
++++ b/include/openssl/rsa.h
+@@ -183,6 +183,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
+
+ # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13)
+
++# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
++
+ # define RSA_PKCS1_PADDING 1
+ # define RSA_NO_PADDING 3
+ # define RSA_PKCS1_OAEP_PADDING 4
+@@ -192,6 +194,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
+ # define RSA_PKCS1_PSS_PADDING 6
+ # define RSA_PKCS1_WITH_TLS_PADDING 7
+
++/* internal RSA_ only */
++# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
++
+ # define RSA_PKCS1_PADDING_SIZE 11
+
+ # define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
+diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
+index c8921acd6e..11a91e62b1 100644
+--- a/providers/implementations/asymciphers/rsa_enc.c
++++ b/providers/implementations/asymciphers/rsa_enc.c
+@@ -75,6 +75,8 @@ typedef struct {
+ /* TLS padding */
+ unsigned int client_version;
+ unsigned int alt_version;
++ /* PKCS#1 v1.5 decryption mode */
++ unsigned int implicit_rejection;
+ } PROV_RSA_CTX;
+
+ static void *rsa_newctx(void *provctx)
+@@ -107,6 +109,7 @@ static int rsa_init(void *vprsactx, void *vrsa, const OSSL_PARAM params[],
+ RSA_free(prsactx->rsa);
+ prsactx->rsa = vrsa;
+ prsactx->operation = operation;
++ prsactx->implicit_rejection = 1;
+
+ switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) {
+ case RSA_FLAG_TYPE_RSA:
+@@ -199,6 +202,7 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
+ {
+ PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
+ int ret;
++ int pad_mode;
+ size_t len = RSA_size(prsactx->rsa);
+
+ if (!ossl_prov_is_running())
+@@ -276,8 +280,12 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
+ }
+ OPENSSL_free(tbuf);
+ } else {
+- ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa,
+- prsactx->pad_mode);
++ if ((prsactx->implicit_rejection == 0) &&
++ (prsactx->pad_mode == RSA_PKCS1_PADDING))
++ pad_mode = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING;
++ else
++ pad_mode = prsactx->pad_mode;
++ ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, pad_mode);
+ }
+ *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
+ ret = constant_time_select_int(constant_time_msb(ret), 0, 1);
+@@ -401,6 +409,10 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
+ if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->alt_version))
+ return 0;
+
++ p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION);
++ if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->implicit_rejection))
++ return 0;
++
+ return 1;
+ }
+
+@@ -412,6 +424,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
+ NULL, 0),
+ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
+ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
++ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL),
+ OSSL_PARAM_END
+ };
+
+@@ -549,6 +562,14 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+ return 0;
+ prsactx->alt_version = alt_version;
+ }
++ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION);
++ if (p != NULL) {
++ unsigned int implicit_rejection;
++
++ if (!OSSL_PARAM_get_uint(p, &implicit_rejection))
++ return 0;
++ prsactx->implicit_rejection = implicit_rejection;
++ }
+
+ return 1;
+ }
+@@ -562,6 +583,7 @@ static const OSSL_PARAM known_settable_ctx_params[] = {
+ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, NULL, 0),
+ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
+ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
++ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL),
+ OSSL_PARAM_END
+ };
+
+--
+2.34.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-3.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-3.patch
new file mode 100644
index 0000000000..0a1f63f30a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-3.patch
@@ -0,0 +1,41 @@
+From ba78f7b0599ba5bfb5032dd2664465c5b13388e3 Mon Sep 17 00:00:00 2001
+From: Hubert Kario <hkario@redhat.com>
+Date: Tue, 22 Nov 2022 18:25:49 +0100
+Subject: [PATCH 3/3] smime/pkcs7: disable the Bleichenbacher workaround
+
+CVE: CVE-2023-50781
+
+Upstream-Status: Backport
+[https://github.com/openssl/openssl/commit/056dade341d2589975a3aae71f81c8d7061583c7]
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/13817)
+
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ crypto/pkcs7/pk7_doit.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
+index e9de097da1..6d3124da87 100644
+--- a/crypto/pkcs7/pk7_doit.c
++++ b/crypto/pkcs7/pk7_doit.c
+@@ -170,6 +170,13 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
+ if (EVP_PKEY_decrypt_init(pctx) <= 0)
+ goto err;
+
++ if (EVP_PKEY_is_a(pkey, "RSA"))
++ /* upper layer pkcs7 code incorrectly assumes that a successful RSA
++ * decryption means that the key matches ciphertext (which never
++ * was the case, implicit rejection or not), so to make it work
++ * disable implicit rejection for RSA keys */
++ EVP_PKEY_CTX_ctrl_str(pctx, "rsa_pkcs1_implicit_rejection", "0");
++
+ if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
+ ri->enc_key->data, ri->enc_key->length) <= 0)
+ goto err;
+--
+2.34.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-4.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-4.patch
new file mode 100644
index 0000000000..c6dad3cbec
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-4.patch
@@ -0,0 +1,441 @@
+From 8ae4f0e68ebb7435be494b58676827ae91695371 Mon Sep 17 00:00:00 2001
+From: Hubert Kario <hkario@redhat.com>
+Date: Tue, 12 Jan 2021 14:58:04 +0100
+Subject: [PATCH] rsa: add test vectors for the implicit rejection in RSA
+ PKCS#1 v1.5
+
+CVE: CVE-2023-50781
+
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/8ae4f0e68ebb7435be494b58676827ae91695371]
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/13817)
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ .../30-test_evp_data/evppkey_rsa_common.txt | 408 ++++++++++++++++++
+ 1 file changed, 408 insertions(+)
+
+diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+index 080c4d02af..1405465098 100644
+--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
++++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+@@ -277,6 +277,414 @@ Derive = RSA-2048
+ Result = KEYOP_INIT_ERROR
+ Reason = operation not supported for this keytype
+
++# Test vectors for the Bleichenbacher workaround
++
++PrivateKey = RSA-2048-2
++-----BEGIN RSA PRIVATE KEY-----
++MIIEowIBAAKCAQEAyMyDlxQJjaVsqiNkD5PciZfBY3KWj8Gwxt9RE8HJTosh5IrS
++KX5lQZARtObY9ec7G3iyV0ADIdHva2AtTsjOjRQclJBetK0wZjmkkgZTS25/JgdC
++Ppff/RM8iNchOZ3vvH6WzNy9fzquH+iScSv7SSmBfVEWZkQKH6y3ogj16hZZEK3Y
++o/LUlyAjYMy2MgJPDQcWnBkY8xb3lLFDrvVOyHUipMApePlomYC/+/ZJwwfoGBm/
+++IQJY41IvZS+FStZ/2SfoL1inQ/6GBPDq/S1a9PC6lRl3/oUWJKSqdiiStJr5+4F
++EHQbY4LUPIPVv6QKRmE9BivkRVF9vK8MtOGnaQIDAQABAoIBABRVAQ4PLVh2Y6Zm
++pv8czbvw7dgQBkbQKgI5IpCJksStOeVWWSlybvZQjDpxFY7wtv91HTnQdYC7LS8G
++MhBELQYD/1DbvXs1/iybsZpHoa+FpMJJAeAsqLWLeRmyDt8yqs+/Ua20vEthubfp
++aMqk1XD3DvGNgGMiiJPkfUOe/KeTJZvPLNEIo9hojN8HjnrHmZafIznSwfUiuWlo
++RimpM7quwmgWJeq4T05W9ER+nYj7mhmc9xAj4OJXsURBszyE07xnyoAx0mEmGBA6
++egpAhEJi912IkM1hblH5A1SI/W4Jnej/bWWk/xGCVIB8n1jS+7qLoVHcjGi+NJyX
++eiBOBMECgYEA+PWta6gokxvqRZuKP23AQdI0gkCcJXHpY/MfdIYColY3GziD7UWe
++z5cFJkWe3RbgVSL1pF2UdRsuwtrycsf4gWpSwA0YCAFxY02omdeXMiL1G5N2MFSG
++lqn32MJKWUl8HvzUVc+5fuhtK200lyszL9owPwSZm062tcwLsz53Yd0CgYEAznou
++O0mpC5YzChLcaCvfvfuujdbcA7YUeu+9V1dD8PbaTYYjUGG3Gv2crS00Al5WrIaw
++93Q+s14ay8ojeJVCRGW3Bu0iF15XGMjHC2cD6o9rUQ+UW+SOWja7PDyRcytYnfwF
++1y2AkDGURSvaITSGR+xylD8RqEbmL66+jrU2sP0CgYB2/hXxiuI5zfHfa0RcpLxr
++uWjXiMIZM6T13NKAAz1nEgYswIpt8gTB+9C+RjB0Q+bdSmRWN1Qp1OA4yiVvrxyb
++3pHGsXt2+BmV+RxIy768e/DjSUwINZ5OjNalh9e5bWIh/X4PtcVXXwgu5XdpeYBx
++sru0oyI4FRtHMUu2VHkDEQKBgQCZiEiwVUmaEAnLx9KUs2sf/fICDm5zZAU+lN4a
++AA3JNAWH9+JydvaM32CNdTtjN3sDtvQITSwCfEs4lgpiM7qe2XOLdvEOp1vkVgeL
++9wH2fMaz8/3BhuZDNsdrNy6AkQ7ICwrcwj0C+5rhBIaigkgHW06n5W3fzziC5FFW
++FHGikQKBgGQ790ZCn32DZnoGUwITR++/wF5jUfghqd67YODszeUAWtnp7DHlWPfp
++LCkyjnRWnXzvfHTKvCs1XtQBoaCRS048uwZITlgZYFEWntFMqi76bqBE4FTSYUTM
++FinFUBBVigThM/RLfCRNrCW/kTxXuJDuSfVIJZzWNAT+9oWdz5da
++-----END RSA PRIVATE KEY-----
++
++# corresponding public key
++PublicKey = RSA-2048-2-PUBLIC
++-----BEGIN PUBLIC KEY-----
++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMyDlxQJjaVsqiNkD5Pc
++iZfBY3KWj8Gwxt9RE8HJTosh5IrSKX5lQZARtObY9ec7G3iyV0ADIdHva2AtTsjO
++jRQclJBetK0wZjmkkgZTS25/JgdCPpff/RM8iNchOZ3vvH6WzNy9fzquH+iScSv7
++SSmBfVEWZkQKH6y3ogj16hZZEK3Yo/LUlyAjYMy2MgJPDQcWnBkY8xb3lLFDrvVO
++yHUipMApePlomYC/+/ZJwwfoGBm/+IQJY41IvZS+FStZ/2SfoL1inQ/6GBPDq/S1
++a9PC6lRl3/oUWJKSqdiiStJr5+4FEHQbY4LUPIPVv6QKRmE9BivkRVF9vK8MtOGn
++aQIDAQAB
++-----END PUBLIC KEY-----
++
++PrivPubKeyPair = RSA-2048-2:RSA-2048-2-PUBLIC
++
++# RSA decrypt
++
++# a random positive test case
++Decrypt = RSA-2048-2
++Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066
++Output = "lorem ipsum dolor sit amet"
++
++# a random negative test case decrypting to empty
++Decrypt = RSA-2048-2
++Input = 20aaa8adbbc593a924ba1c5c7990b5c2242ae4b99d0fe636a19a4cf754edbcee774e472fe028160ed42634f8864900cb514006da642cae6ae8c7d087caebcfa6dad1551301e130344989a1d462d4164505f6393933450c67bc6d39d8f5160907cabc251b737925a1cf21e5c6aa5781b7769f6a2a583d97cce008c0f8b6add5f0b2bd80bee60237aa39bb20719fe75749f4bc4e42466ef5a861ae3a92395c7d858d430bfe38040f445ea93fa2958b503539800ffa5ce5f8cf51fa8171a91f36cb4f4575e8de6b4d3f096ee140b938fd2f50ee13f0d050222e2a72b0a3069ff3a6738e82c87090caa5aed4fcbe882c49646aa250b98f12f83c8d528113614a29e7
++Output =
++
++# invalid decrypting to max length message
++Decrypt = RSA-2048-2
++Input = 48cceab10f39a4db32f60074feea473cbcdb7accf92e150417f76b44756b190e843e79ec12aa85083a21f5437e7bad0a60482e601198f9d86923239c8786ee728285afd0937f7dde12717f28389843d7375912b07b991f4fdb0190fced8ba665314367e8c5f9d2981d0f5128feeb46cb50fc237e64438a86df198dd0209364ae3a842d77532b66b7ef263b83b1541ed671b120dfd660462e2107a4ee7b964e734a7bd68d90dda61770658a3c242948532da32648687e0318286473f675b412d6468f013f14d760a358dfcad3cda2afeec5e268a37d250c37f722f468a70dfd92d7294c3c1ee1e7f8843b7d16f9f37ef35748c3ae93aa155cdcdfeb4e78567303
++Output = 22d850137b9eebe092b24f602dc5bb7918c16bd89ddbf20467b119d205f9c2e4bd7d2592cf1e532106e0f33557565923c73a02d4f09c0c22bea89148183e60317f7028b3aa1f261f91c979393101d7e15f4067e63979b32751658ef769610fe97cf9cef3278b3117d384051c3b1d82c251c2305418c8f6840530e631aad63e70e20e025bcd8efb54c92ec6d3b106a2f8e64eeff7d38495b0fc50c97138af4b1c0a67a1c4e27b077b8439332edfa8608dfeae653cd6a628ac550395f7e74390e42c11682234870925eeaa1fa71b76cf1f2ee3bda69f6717033ff8b7c95c9799e7a3bea5e7e4a1c359772fb6b1c6e6c516661dfe30c3
++
++# invalid decrypting to message with length specified by second to last value from PRF
++Decrypt = RSA-2048-2
++Input = 1439e08c3f84c1a7fec74ce07614b20e01f6fa4e8c2a6cffdc3520d8889e5d9a950c6425798f85d4be38d300ea5695f13ecd4cb389d1ff5b82484b494d6280ab7fa78e645933981cb934cce8bfcd114cc0e6811eefa47aae20af638a1cd163d2d3366186d0a07df0c81f6c9f3171cf3561472e98a6006bf75ddb457bed036dcce199369de7d94ef2c68e8467ee0604eea2b3009479162a7891ba5c40cab17f49e1c438cb6eaea4f76ce23cce0e483ff0e96fa790ea15be67671814342d0a23f4a20262b6182e72f3a67cd289711503c85516a9ed225422f98b116f1ab080a80abd6f0216df88d8cfd67c139243be8dd78502a7aaf6bc99d7da71bcdf627e7354
++Output = 0f9b
++
++# invalid decrypting to message with length specified by third to last value from PRF
++Decrypt = RSA-2048-2
++Input = 1690ebcceece2ce024f382e467cf8510e74514120937978576caf684d4a02ad569e8d76cbe365a060e00779de2f0865ccf0d923de3b4783a4e2c74f422e2f326086c390b658ba47f31ab013aa80f468c71256e5fa5679b24e83cd82c3d1e05e398208155de2212993cd2b8bab6987cf4cc1293f19909219439d74127545e9ed8a706961b8ee2119f6bfacafbef91b75a789ba65b8b833bc6149cf49b5c4d2c6359f62808659ba6541e1cd24bf7f7410486b5103f6c0ea29334ea6f4975b17387474fe920710ea61568d7b7c0a7916acf21665ad5a31c4eabcde44f8fb6120d8457afa1f3c85d517cda364af620113ae5a3c52a048821731922737307f77a1081
++Output = 4f02
++
++# positive test with 11 byte long value
++Decrypt = RSA-2048-2
++Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592
++Output = "lorem ipsum"
++
++# positive test with 11 byte long value and zero padded ciphertext
++Decrypt = RSA-2048-2
++Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b
++Output = "lorem ipsum"
++
++# positive test with 11 byte long value and zero truncated ciphertext
++Decrypt = RSA-2048-2
++Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b
++Output = "lorem ipsum"
++
++# positive test with 11 byte long value and double zero padded ciphertext
++Decrypt = RSA-2048-2
++Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc
++Output = "lorem ipsum"
++
++# positive test with 11 byte long value and double zero truncated ciphertext
++Decrypt = RSA-2048-2
++Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc
++Output = "lorem ipsum"
++
++# positive that generates a 0 byte long synthethic message internally
++Decrypt = RSA-2048-2
++Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0
++Output = "lorem ipsum"
++
++# positive that generates a 245 byte long synthethic message internally
++Decrypt = RSA-2048-2
++Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50
++Output = "lorem ipsum"
++
++# a random negative test that generates an 11 byte long message
++Decrypt = RSA-2048-2
++Input = 5f02f4b1f46935c742ebe62b6f05aa0a3286aab91a49b34780adde6410ab46f7386e05748331864ac98e1da63686e4babe3a19ed40a7f5ceefb89179596aab07ab1015e03b8f825084dab028b6731288f2e511a4b314b6ea3997d2e8fe2825cef8897cbbdfb6c939d441d6e04948414bb69e682927ef8576c9a7090d4aad0e74c520d6d5ce63a154720f00b76de8cc550b1aa14f016d63a7b6d6eaa1f7dbe9e50200d3159b3d099c900116bf4eba3b94204f18b1317b07529751abf64a26b0a0bf1c8ce757333b3d673211b67cc0653f2fe2620d57c8b6ee574a0323a167eab1106d9bc7fd90d415be5f1e9891a0e6c709f4fc0404e8226f8477b4e939b36eb2
++Output = af9ac70191c92413cb9f2d
++
++# an otherwise correct plaintext, but with wrong first byte
++# (0x01 instead of 0x00), generates a random 11 byte long plaintext
++Decrypt = RSA-2048-2
++Input = 9b2ec9c0c917c98f1ad3d0119aec6be51ae3106e9af1914d48600ab6a2c0c0c8ae02a2dc3039906ff3aac904af32ec798fd65f3ad1afa2e69400e7c1de81f5728f3b3291f38263bc7a90a0563e43ce7a0d4ee9c0d8a716621ca5d3d081188769ce1b131af7d35b13dea99153579c86db31fe07d5a2c14d621b77854e48a8df41b5798563af489a291e417b6a334c63222627376118c02c53b6e86310f728734ffc86ef9d7c8bf56c0c841b24b82b59f51aee4526ba1c4268506d301e4ebc498c6aebb6fd5258c876bf900bac8ca4d309dd522f6a6343599a8bc3760f422c10c72d0ad527ce4af1874124ace3d99bb74db8d69d2528db22c3a37644640f95c05f
++Output = a1f8c9255c35cfba403ccc
++
++# an otherwise correct plaintext, but with wrong second byte
++# (0x01 instead of 0x02), generates a random 11 byte long plaintext
++Decrypt = RSA-2048-2
++Input = 782c2b59a21a511243820acedd567c136f6d3090c115232a82a5efb0b178285f55b5ec2d2bac96bf00d6592ea7cdc3341610c8fb07e527e5e2d20cfaf2c7f23e375431f45e998929a02f25fd95354c33838090bca838502259e92d86d568bc2cdb132fab2a399593ca60a015dc2bb1afcd64fef8a3834e17e5358d822980dc446e845b3ab4702b1ee41fe5db716d92348d5091c15d35a110555a35deb4650a5a1d2c98025d42d4544f8b32aa6a5e02dc02deaed9a7313b73b49b0d4772a3768b0ea0db5846ace6569cae677bf67fb0acf3c255dc01ec8400c963b6e49b1067728b4e563d7e1e1515664347b92ee64db7efb5452357a02fff7fcb7437abc2e579
++Output = e6d700309ca0ed62452254
++
++# an invalid ciphertext, with a zero byte in first byte of
++# ciphertext, decrypts to a random 11 byte long synthethic
++# plaintext
++Decrypt = RSA-2048-2
++Input = 0096136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3fa2162131d859cd9da5a0c8a42281d9a63e5f353971b72e36b5722e4ac444d77f892a5443deb3dca49fa732fe855727196e23c26eeac55eeced8267a209ebc0f92f4656d64a6c13f7f7ce544ebeb0f668fe3a6c0f189e4bcd5ea12b73cf63e0c8350ee130dd62f01e5c97a1e13f52fde96a9a1bc9936ce734fdd61f27b18216f1d6de87f49cf4f2ea821fb8efd1f92cdad529baf7e31aff9bff4074f2cad2b4243dd15a711adcf7de900851fbd6bcb53dac399d7c880531d06f25f7002e1aaf1722765865d2c2b902c7736acd27bc6cbd3e38b560e2eecf7d4b576
++Output = ba27b1842e7c21c0e7ef6a
++
++# an invalid ciphertext, with a zero byte removed from first byte of
++# ciphertext, decrypts to a random 11 byte long synthethic
++# plaintext
++Decrypt = RSA-2048-2
++Input = 96136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3fa2162131d859cd9da5a0c8a42281d9a63e5f353971b72e36b5722e4ac444d77f892a5443deb3dca49fa732fe855727196e23c26eeac55eeced8267a209ebc0f92f4656d64a6c13f7f7ce544ebeb0f668fe3a6c0f189e4bcd5ea12b73cf63e0c8350ee130dd62f01e5c97a1e13f52fde96a9a1bc9936ce734fdd61f27b18216f1d6de87f49cf4f2ea821fb8efd1f92cdad529baf7e31aff9bff4074f2cad2b4243dd15a711adcf7de900851fbd6bcb53dac399d7c880531d06f25f7002e1aaf1722765865d2c2b902c7736acd27bc6cbd3e38b560e2eecf7d4b576
++Output = ba27b1842e7c21c0e7ef6a
++
++# an invalid ciphertext, with two zero bytes in first bytes of
++# ciphertext, decrypts to a random 11 byte long synthethic
++# plaintext
++Decrypt = RSA-2048-2
++Input = 0000587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c26e88ea9f6519e86a542cec96aad1e5e9013c3cc203b6de15a69183050813af5c9ad79703136d4b92f50ce171eefc6aa7988ecf02f319ffc5eafd6ee7a137f8fce64b255bb1b8dd19cfe767d64fdb468b9b2e9e7a0c24dae03239c8c714d3f40b7ee9c4e59ac15b17e4d328f1100756bce17133e8e7493b54e5006c3cbcdacd134130c5132a1edebdbd01a0c41452d16ed7a0788003c34730d0808e7e14c797a21f2b45a8aa1644357fd5e988f99b017d9df37563a354c788dc0e2f9466045622fa3f3e17db63414d27761f57392623a2bef6467501c63e8d645
++Output = d5cf555b1d6151029a429a
++
++# an invalid ciphertext, with two zero bytes removed from first bytes of
++# ciphertext, decrypts to a random 11 byte long synthethic
++# plaintext
++Decrypt = RSA-2048-2
++Input = 587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c26e88ea9f6519e86a542cec96aad1e5e9013c3cc203b6de15a69183050813af5c9ad79703136d4b92f50ce171eefc6aa7988ecf02f319ffc5eafd6ee7a137f8fce64b255bb1b8dd19cfe767d64fdb468b9b2e9e7a0c24dae03239c8c714d3f40b7ee9c4e59ac15b17e4d328f1100756bce17133e8e7493b54e5006c3cbcdacd134130c5132a1edebdbd01a0c41452d16ed7a0788003c34730d0808e7e14c797a21f2b45a8aa1644357fd5e988f99b017d9df37563a354c788dc0e2f9466045622fa3f3e17db63414d27761f57392623a2bef6467501c63e8d645
++Output = d5cf555b1d6151029a429a
++
++# and invalid ciphertext, otherwise valid but starting with 000002, decrypts
++# to random 11 byte long synthethic plaintext
++Decrypt = RSA-2048-2
++Input = 1786550ce8d8433052e01ecba8b76d3019f1355b212ac9d0f5191b023325a7e7714b7802f8e9a17c4cb3cd3a84041891471b10ca1fcfb5d041d34c82e6d0011cf4dc76b90e9c2e0743590579d55bcd7857057152c4a8040361343d1d22ba677d62b011407c652e234b1d663af25e2386251d7409190f19fc8ec3f9374fdf1254633874ce2ec2bff40ad0cb473f9761ec7b68da45a4bd5e33f5d7dac9b9a20821df9406b653f78a95a6c0ea0a4d57f867e4db22c17bf9a12c150f809a7b72b6db86c22a8732241ebf3c6a4f2cf82671d917aba8bc61052b40ccddd743a94ea9b538175106201971cca9d136d25081739aaf6cd18b2aecf9ad320ea3f89502f955
++Output = 3d4a054d9358209e9cbbb9
++
++# negative test with otherwise valid padding but a zero byte in first byte
++# of padding
++Decrypt = RSA-2048-2
++Input = 179598823812d2c58a7eb50521150a48bcca8b4eb53414018b6bca19f4801456c5e36a940037ac516b0d6412ba44ec6b4f268a55ef1c5ffbf18a2f4e3522bb7b6ed89774b79bffa22f7d3102165565642de0d43a955e96a1f2e80e5430671d7266eb4f905dc8ff5e106dc5588e5b0289e49a4913940e392a97062616d2bda38155471b7d360cfb94681c702f60ed2d4de614ea72bf1c53160e63179f6c5b897b59492bee219108309f0b7b8cb2b136c346a5e98b8b4b8415fb1d713bae067911e3057f1c335b4b7e39101eafd5d28f0189037e4334f4fdb9038427b1d119a6702aa8233319cc97d496cc289ae8c956ddc84042659a2d43d6aa22f12b81ab884e
++Output = 1f037dd717b07d3e7f7359
++
++# negative test with otherwise valid padding but a zero byte at the eigth
++# byte of padding
++Decrypt = RSA-2048-2
++Input = a7a340675a82c30e22219a55bc07cdf36d47d01834c1834f917f18b517419ce9de2a96460e745024436470ed85e94297b283537d52189c406a3f533cb405cc6a9dba46b482ce98b6e3dd52d8fce2237425617e38c11fbc46b61897ef200d01e4f25f5f6c4c5b38cd0de38ba11908b86595a8036a08a42a3d05b79600a97ac18ba368a08d6cf6ccb624f6e8002afc75599fba4de3d4f3ba7d208391ebe8d21f8282b18e2c10869eb2702e68f9176b42b0ddc9d763f0c86ba0ff92c957aaeab76d9ab8da52ea297ec11d92d770146faa1b300e0f91ef969b53e7d2907ffc984e9a9c9d11fb7d6cba91972059b46506b035efec6575c46d7114a6b935864858445f
++Output = 63cb0bf65fc8255dd29e17
++
++# negative test with an otherwise valid plaintext but with missing separator
++# byte
++Decrypt = RSA-2048-2
++Input = 3d1b97e7aa34eaf1f4fc171ceb11dcfffd9a46a5b6961205b10b302818c1fcc9f4ec78bf18ea0cee7e9fa5b16fb4c611463b368b3312ac11cf9c06b7cf72b54e284848a508d3f02328c62c2999d0fb60929f81783c7a256891bc2ff4d91df2af96a24fc5701a1823af939ce6dbdc510608e3d41eec172ad2d51b9fc61b4217c923cadcf5bac321355ef8be5e5f090cdc2bd0c697d9058247db3ad613fdce87d2955a6d1c948a5160f93da21f731d74137f5d1f53a1923adb513d2e6e1589d44cc079f4c6ddd471d38ac82d20d8b1d21f8d65f3b6907086809f4123e08d86fb38729585de026a485d8f0e703fd4772f6668febf67df947b82195fa3867e3a3065
++Output = 6f09a0b62699337c497b0b
++
++# Test vectors for the Bleichenbacher workaround (2049 bit key size)
++
++PrivateKey = RSA-2049
++-----BEGIN RSA PRIVATE KEY-----
++MIIEpQIBAAKCAQEBVfiJVWoXdfHHp3hqULGLwoyemG7eVmfKs5uEEk6Q66dcHbCD
++rD5EO7qU3CNWD3XjqBaToqQ73HQm2MTq/mjIXeD+dX9uSbue1EfmAkMIANuwTOsi
++5/pXoY0zj7ZgJs20Z+cMwEDn02fvQDx78ePfYkZQCUYx8h6v0vtbyRX/BDeazRES
++9zLAtGYHwXjTiiD1LtpQny+cBAXVEGnoDM+UFVTQRwRnUFw89UHqCJffyfQAzssp
++j/x1M3LZ9pM68XTMQO2W1GcDFzO5f4zd0/krw6A+qFdsQX8kAHteT3UBEFtUTen6
++3N/635jftLsFuBmfP4Ws/ZH3qaCUuaOD9QSQlwIDAQABAoIBAQEZwrP1CnrWFSZ5
++1/9RCVisLYym8AKFkvMy1VoWc2F4qOZ/F+cFzjAOPodUclEAYBP5dNCj20nvNEyl
++omo0wEUHBNDkIuDOI6aUJcFf77bybhBu7/ZMyLnXRC5NpOjIUAjq6zZYWaIpT6OT
++e8Jr5WMy59geLBYO9jXMUoqnvlXmM6cj28Hha6KeUrKa7y+eVlT9wGZrsPwlSsvo
++DmOHTw9fAgeC48nc/CUg0MnEp7Y05FA/u0k+Gq/us/iL16EzmHJdrm/jmed1zV1M
++8J/IODR8TJjasaSIPM5iBRNhWvqhCmM2jm17ed9BZqsWJznvUVpEAu4eBgHFpVvH
++HfDjDt+BAoGBAYj2k2DwHhjZot4pUlPSUsMeRHbOpf97+EE99/3jVlI83JdoBfhP
++wN3sdw3wbO0GXIETSHVLNGrxaXVod/07PVaGgsh4fQsxTvasZ9ZegTM5i2Kgg8D4
++dlxa1A1agfm73OJSftfpUAjLECnLTKvR+em+38KGyWVSJV2n6rGSF473AoGBAN7H
++zxHa3oOkxD0vgBl/If1dRv1XtDH0T+gaHeN/agkf/ARk7ZcdyFCINa3mzF9Wbzll
++YTqLNnmMkubiP1LvkH6VZ+NBvrxTNxiWJfu+qx87ez+S/7JoHm71p4SowtePfC2J
++qqok0s7b0GaBz+ZcNse/o8W6E1FiIi71wukUyYNhAoGAEgk/OnPK7dkPYKME5FQC
+++HGrMsjJVbCa9GOjvkNw8tVYSpq7q2n9sDHqRPmEBl0EYehAqyGIhmAONxVUbIsL
++ha0m04y0MI9S0H+ZRH2R8IfzndNAONsuk46XrQU6cfvtZ3Xh3IcY5U5sr35lRn2c
++ut3H52XIWJ4smN/cJcpOyoECgYEAjM5hNHnPlgj392wkXPkbtJXWHp3mSISQVLTd
++G0MW8/mBQg3AlXi/eRb+RpHPrppk5jQLhgMjRSPyXXe2amb8PuWTqfGN6l32PtX3
++3+udILpppb71Wf+w7JTbcl9v9uq7o9SVR8DKdPA+AeweSQ0TmqCnlHuNZizOSjwP
++G16GF0ECgYEA+ZWbNMS8qM5IiHgbMbHptdit9dDT4+1UXoNn0/hUW6ZEMriHMDXv
++iBwrzeANGAn5LEDYeDe1xPms9Is2uNxTpZVhpFZSNALR6Po68wDlTJG2PmzuBv5t
++5mbzkpWCoD4fRU53ifsHgaTW+7Um74gWIf0erNIUZuTN2YrtEPTnb3k=
++-----END RSA PRIVATE KEY-----
++
++# corresponding public key
++PublicKey = RSA-2049-PUBLIC
++-----BEGIN PUBLIC KEY-----
++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEBVfiJVWoXdfHHp3hqULGL
++woyemG7eVmfKs5uEEk6Q66dcHbCDrD5EO7qU3CNWD3XjqBaToqQ73HQm2MTq/mjI
++XeD+dX9uSbue1EfmAkMIANuwTOsi5/pXoY0zj7ZgJs20Z+cMwEDn02fvQDx78ePf
++YkZQCUYx8h6v0vtbyRX/BDeazRES9zLAtGYHwXjTiiD1LtpQny+cBAXVEGnoDM+U
++FVTQRwRnUFw89UHqCJffyfQAzsspj/x1M3LZ9pM68XTMQO2W1GcDFzO5f4zd0/kr
++w6A+qFdsQX8kAHteT3UBEFtUTen63N/635jftLsFuBmfP4Ws/ZH3qaCUuaOD9QSQ
++lwIDAQAB
++-----END PUBLIC KEY-----
++
++PrivPubKeyPair = RSA-2049:RSA-2049-PUBLIC
++
++# RSA decrypt
++
++# malformed that generates length specified by 3rd last value from PRF
++Decrypt = RSA-2049
++Input = 00b26f6404b82649629f2704494282443776929122e279a9cf30b0c6fe8122a0a9042870d97cc8ef65490fe58f031eb2442352191f5fbc311026b5147d32df914599f38b825ebb824af0d63f2d541a245c5775d1c4b78630e4996cc5fe413d38455a776cf4edcc0aa7fccb31c584d60502ed2b77398f536e137ff7ba6430e9258e21c2db5b82f5380f566876110ac4c759178900fbad7ab70ea07b1daf7a1639cbb4196543a6cbe8271f35dddb8120304f6eef83059e1c5c5678710f904a6d760c4d1d8ad076be17904b9e69910040b47914a0176fb7eea0c06444a6c4b86d674d19a556a1de5490373cb01ce31bbd15a5633362d3d2cd7d4af1b4c5121288b894
++Output = 42
++
++# simple positive test case
++Decrypt = RSA-2049
++Input = 013300edbf0bb3571e59889f7ed76970bf6d57e1c89bbb6d1c3991d9df8e65ed54b556d928da7d768facb395bbcc81e9f8573b45cf8195dbd85d83a59281cddf4163aec11b53b4140053e3bd109f787a7c3cec31d535af1f50e0598d85d96d91ea01913d07097d25af99c67464ebf2bb396fb28a9233e56f31f7e105d71a23e9ef3b736d1e80e713d1691713df97334779552fc94b40dd733c7251bc522b673d3ec9354af3dd4ad44fa71c0662213a57ada1d75149697d0eb55c053aaed5ffd0b815832f454179519d3736fb4faf808416071db0d0f801aca8548311ee708c131f4be658b15f6b54256872c2903ac708bd43b017b073b5707bc84c2cd9da70e967
++Output = "lorem ipsum"
++
++# positive test case with null padded ciphertext
++Decrypt = RSA-2049
++Input = 0002aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162
++Output = "lorem ipsum"
++
++# positive test case with null truncated ciphertext
++Decrypt = RSA-2049
++Input = 02aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162
++Output = "lorem ipsum"
++
++# positive test case with double null padded ciphertext
++Decrypt = RSA-2049
++Input = 0000f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052
++Output = "lorem ipsum"
++
++# positive test case with double null truncated ciphertext
++Decrypt = RSA-2049
++Input = f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052
++Output = "lorem ipsum"
++
++# a random negative test case that generates an 11 byte long message
++Decrypt = RSA-2049
++Input = 00f910200830fc8fff478e99e145f1474b312e2512d0f90b8cef77f8001d09861688c156d1cbaf8a8957f7ebf35f724466952d0524cad48aad4fba1e45ce8ea27e8f3ba44131b7831b62d60c0762661f4c1d1a88cd06263a259abf1ba9e6b0b172069afb86a7e88387726f8ab3adb30bfd6b3f6be6d85d5dfd044e7ef052395474a9cbb1c3667a92780b43a22693015af6c513041bdaf87d43b24ddd244e791eeaea1066e1f4917117b3a468e22e0f7358852bb981248de4d720add2d15dccba6280355935b67c96f9dcb6c419cc38ab9f6fba2d649ef2066e0c34c9f788ae49babd9025fa85b21113e56ce4f43aa134c512b030dd7ac7ce82e76f0be9ce09ebca
++Output = 1189b6f5498fd6df532b00
++
++# otherwise correct plaintext, but with wrong first byte (0x01 instead of 0x00)
++Decrypt = RSA-2049
++Input = 002c9ddc36ba4cf0038692b2d3a1c61a4bb3786a97ce2e46a3ba74d03158aeef456ce0f4db04dda3fe062268a1711250a18c69778a6280d88e133a16254e1f0e30ce8dac9b57d2e39a2f7d7be3ee4e08aec2fdbe8dadad7fdbf442a29a8fb40857407bf6be35596b8eefb5c2b3f58b894452c2dc54a6123a1a38d642e23751746597e08d71ac92704adc17803b19e131b4d1927881f43b0200e6f95658f559f912c889b4cd51862784364896cd6e8618f485a992f82997ad6a0917e32ae5872eaf850092b2d6c782ad35f487b79682333c1750c685d7d32ab3e1538f31dcaa5e7d5d2825875242c83947308dcf63ba4bfff20334c9c140c837dbdbae7a8dee72ff
++Output = f6d0f5b78082fe61c04674
++
++# otherwise correct plaintext, but with wrong second byte (0x01 instead of 0x02)
++Decrypt = RSA-2049
++Input = 00c5d77826c1ab7a34d6390f9d342d5dbe848942e2618287952ba0350d7de6726112e9cebc391a0fae1839e2bf168229e3e0d71d4161801509f1f28f6e1487ca52df05c466b6b0a6fbbe57a3268a970610ec0beac39ec0fa67babce1ef2a86bf77466dc127d7d0d2962c20e66593126f276863cd38dc6351428f884c1384f67cad0a0ffdbc2af16711fb68dc559b96b37b4f04cd133ffc7d79c43c42ca4948fa895b9daeb853150c8a5169849b730cc77d68b0217d6c0e3dbf38d751a1998186633418367e7576530566c23d6d4e0da9b038d0bb5169ce40133ea076472d055001f0135645940fd08ea44269af2604c8b1ba225053d6db9ab43577689401bdc0f3
++Output = 1ab287fcef3ff17067914d
++
++# RSA decrypt with 3072 bit keys
++PrivateKey = RSA-3072
++-----BEGIN RSA PRIVATE KEY-----
++MIIG5AIBAAKCAYEAr9ccqtXp9bjGw2cHCkfxnX5mrt4YpbJ0H7PE0zQ0VgaSotkJ
++72iI7GAv9rk68ljudDA8MBr81O2+xDMR3cjdvwDdu+OG0zuNDiKxtEk23EiYcbhS
++N7NM50etj9sMTk0dqnqt8HOFxchzLMt9Wkni5QyIPH16wQ7Wp02ayQ35EpkFoX1K
++CHIQ/Hi20EseuWlILBGm7recUOWxbz8lT3VxUosvFxargW1uygcnveqYBZMpcw64
++wzznHWHdSsOTtiVuB6wdEk8CANHD4FpMG8fx7S/IPlcZnP5ZCLEAh+J/vZfSwkIU
++YZxxR8j778o5vCVnYqaCNTH34jTWjq56DZ+vEN0V6VI3gMfVrlgJStUlqQY7TDP5
++XhAG2i6xLTdDaJSVwfICPkBzU8XrPkyhxIz/gaEJANFIIOuAGvTxpZbEuc6aUx/P
++ilTZ/9ckJYtu7CAQjfb9/XbUrgO6fqWY3LDkooCElYcob01/JWzoXl61Z5sdrMH5
++CVZJty5foHKusAN5AgMBAAECggGAJRfqyzr+9L/65gOY35lXpdKhVKgzaNjhWEKy
++9Z7gn3kZe9LvHprdr4eG9rQSdEdAXjBCsh8vULeqc3cWgMO7y2wiWl1f9rVsRxwY
++gqCjOwrxZaPtbCSdx3g+a8dYrDfmVy0z/jJQeO2VJlDy65YEkC75mlEaERnRPE/J
++pDoXXc37+xoUAP4XCTtpzTzbiV9lQy6iGV+QURxzNrWKaF2s/y2vTF6S5WWxZlrm
++DlErqplluAjV/xGc63zWksv5IAZ6+s2An2a+cG2iaBCseQ2xVslI5v5YG8mEkVf0
++2kk/OmSwxuEZ4DGxB/hDbOKRYLRYuPnxCV/esZJjOE/1OHVXvE8QtANN6EFwO60s
++HnacI4U+tjCjbRBh3UbipruvdDqX8LMsNvUMGjci3vOjlNkcLgeL8J15Xs3l5WuC
++Avl0Am91/FbpoN1qiPLny3jvEpjMbGUgfKRb03GIgHtPzbHmDdjluFZI+376i2/d
++RI85dBqNmAn+Fjrz3kW6wkpahByBAoHBAOSj2DDXPosxxoLidP/J/RKsMT0t0FE9
++UFcNt+tHYv6hk+e7VAuUqUpd3XQqz3P13rnK4xvSOsVguyeU/WgmH4ID9XGSgpBP
++Rh6s7izn4KAJeqfI26vTPxvyaZEqB4JxT6k7SerENus95zSn1v/f2MLBQ16EP8cJ
+++QSOVCoZfEhUK+srherQ9eZKpj0OwBUrP4VhLdymv96r8xddWX1AVj4OBi2RywKI
++gAgv6fjwkb292jFu6x6FjKRNKwKK6c3jqQKBwQDE4c0Oz0KYYV4feJun3iL9UJSv
++StGsKVDuljA4WiBAmigMZTii/u0DFEjibiLWcJOnH53HTr0avA6c6D1nCwJ2qxyF
++rHNN2L+cdMx/7L1zLR11+InvRgpIGbpeGwHeIzJVUYG3b6llRJMZimBvAMr9ipM1
++bkVvIjt1G9W1ypeuKzm6d/t8F0yC7AIYZWDV4nvxiiY8whLZzGawHR2iZz8pfUwb
++7URbTvxdsGE27Kq9gstU0PzEJpnU1goCJ7/gA1ECgcBA8w5B6ZM5xV0H5z6nPwDm
++IgYmw/HucgV1hU8exfuoK8wxQvTACW4B0yJKkrK11T1899aGG7VYRn9D4j4OLO48
++Z9V8esseJXbc1fEezovvymGOci984xiFXtqAQzk44+lmQJJh33VeZApe2eLocvVH
++ddEmc1kOuJWFpszf3LeCcG69cnKrXsrLrZ8Frz//g3aa9B0sFi5hGeWHWJxISVN2
++c1Nr9IN/57i/GqVTcztjdCAcdM7Tr8phDg7OvRlnxGkCgcEAuYhMFBuulyiSaTff
++/3ZvJKYOJ45rPkEFGoD/2ercn+RlvyCYGcoAEjnIYVEGlWwrSH+b0NlbjVkQsD6O
++to8CeE/RpgqX8hFCqC7NE/RFp8cpDyXy3j/zqnRMUyhCP1KNuScBBZs9V8gikxv6
++ukBWCk3PYbeTySHKRBbB8vmCrMfhM96jaBIQsQO1CcZnVceDo1/bnsAIwaREVMxr
++Q8LmG7QOx/Z0x1MMsUFoqzilwccC09/JgxMZPh+h+Nv6jiCxAoHBAOEqQgFAfSdR
++ya60LLH55q803NRFMamuKiPbVJLzwiKfbjOiiopmQOS/LxxqIzeMXlYV4OsSvxTo
++G7mcTOFRtU5hKCK+t8qeQQpa/dsMpiHllwArnRyBjIVgL5lFKRpHUGLsavU/T1IH
++mtgaxZo32dXvcAh1+ndCHVBwbHTOF4conA+g+Usp4bZSSWn5nU4oIizvSVpG7SGe
++0GngdxH9Usdqbvzcip1EKeHRTZrHIEYmB+x0LaRIB3dwZNidK3TkKw==
++-----END RSA PRIVATE KEY-----
++
++PublicKey = RSA-3072-PUBLIC
++-----BEGIN PUBLIC KEY-----
++MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAr9ccqtXp9bjGw2cHCkfx
++nX5mrt4YpbJ0H7PE0zQ0VgaSotkJ72iI7GAv9rk68ljudDA8MBr81O2+xDMR3cjd
++vwDdu+OG0zuNDiKxtEk23EiYcbhSN7NM50etj9sMTk0dqnqt8HOFxchzLMt9Wkni
++5QyIPH16wQ7Wp02ayQ35EpkFoX1KCHIQ/Hi20EseuWlILBGm7recUOWxbz8lT3Vx
++UosvFxargW1uygcnveqYBZMpcw64wzznHWHdSsOTtiVuB6wdEk8CANHD4FpMG8fx
++7S/IPlcZnP5ZCLEAh+J/vZfSwkIUYZxxR8j778o5vCVnYqaCNTH34jTWjq56DZ+v
++EN0V6VI3gMfVrlgJStUlqQY7TDP5XhAG2i6xLTdDaJSVwfICPkBzU8XrPkyhxIz/
++gaEJANFIIOuAGvTxpZbEuc6aUx/PilTZ/9ckJYtu7CAQjfb9/XbUrgO6fqWY3LDk
++ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKusAN5AgMBAAE=
++-----END PUBLIC KEY-----
++
++PrivPubKeyPair = RSA-3072:RSA-3072-PUBLIC
++
++# a random invalid ciphertext that generates an empty synthethic one
++Decrypt = RSA-3072
++Input = 5e956cd9652f4a2ece902931013e09662b6a9257ad1e987fb75f73a0606df2a4b04789770820c2e02322c4e826f767bd895734a01e20609c3be4517a7a2a589ea1cdc137beb73eb38dac781b52e863de9620f79f9b90fd5b953651fcbfef4a9f1cc07421d511a87dd6942caab6a5a0f4df473e62defb529a7de1509ab99c596e1dff1320402298d8be73a896cc86c38ae3f2f576e9ea70cc28ad575cb0f854f0be43186baa9c18e29c47c6ca77135db79c811231b7c1730955887d321fdc06568382b86643cf089b10e35ab23e827d2e5aa7b4e99ff2e914f302351819eb4d1693243b35f8bf1d42d08f8ec4acafa35f747a4a975a28643ec630d8e4fa5be59d81995660a14bb64c1fea5146d6b11f92da6a3956dd5cb5e0d747cf2ea23f81617769185336263d46ef4c144b754de62a6337342d6c85a95f19f015724546ee3fc4823eca603dbc1dc01c2d5ed50bd72d8e96df2dc048edde0081284068283fc5e73a6139851abf2f29977d0b3d160c883a42a37efba1be05c1a0b1741d7ddf59
++Output =
++
++# a random invalid that has PRF output with a length one byte too long
++# in the last value
++Decrypt = RSA-3072
++Input = 7db0390d75fcf9d4c59cf27b264190d856da9abd11e92334d0e5f71005cfed865a711dfa28b791188374b61916dbc11339bf14b06f5f3f68c206c5607380e13da3129bfb744157e1527dd6fdf6651248b028a496ae1b97702d44706043cdaa7a59c0f41367303f21f268968bf3bd2904db3ae5239b55f8b438d93d7db9d1666c071c0857e2ec37757463769c54e51f052b2a71b04c2869e9e7049a1037b8429206c99726f07289bac18363e7eb2a5b417f47c37a55090cda676517b3549c873f2fe95da9681752ec9864b069089a2ed2f340c8b04ee00079055a817a3355b46ac7dc00d17f4504ccfbcfcadb0c04cb6b22069e179385ae1eafabad5521bac2b8a8ee1dfff59a22eb3fdacfc87175d10d7894cfd869d056057dd9944b869c1784fcc27f731bc46171d39570fbffbadf082d33f6352ecf44aca8d9478e53f5a5b7c852b401e8f5f74da49da91e65bdc97765a9523b7a0885a6f8afe5759d58009fbfa837472a968e6ae92026a5e0202a395483095302d6c3985b5f5831c521a271
++Output = 56a3bea054e01338be9b7d7957539c
++
++# a random invalid that generates a synthethic of maximum size
++Decrypt = RSA-3072
++Input = 1715065322522dff85049800f6a29ab5f98c465020467414b2a44127fe9446da47fa18047900f99afe67c2df6f50160bb8e90bff296610fde632b3859d4d0d2e644f23835028c46cca01b84b88231d7e03154edec6627bcba23de76740d839851fa12d74c8f92e540c73fe837b91b7d699b311997d5f0f7864c486d499c3a79c111faaacbe4799597a25066c6200215c3d158f3817c1aa57f18bdaad0be1658da9da93f5cc6c3c4dd72788af57adbb6a0c26f42d32d95b8a4f95e8c6feb2f8a5d53b19a50a0b7cbc25e055ad03e5ace8f3f7db13e57759f67b65d143f08cca15992c6b2aae643390483de111c2988d4e76b42596266005103c8de6044fb7398eb3c28a864fa672de5fd8774510ff45e05969a11a4c7d3f343e331190d2dcf24fb9154ba904dc94af98afc5774a9617d0418fe6d13f8245c7d7626c176138dd698a23547c25f27c2b98ea4d8a45c7842b81888e4cc14e5b72e9cf91f56956c93dbf2e5f44a8282a7813157fc481ff1371a0f66b31797e81ebdb09a673d4db96d6
++Output = 7b036fcd6243900e4236c894e2462c17738acc87e01a76f4d95cb9a328d9acde81650283b8e8f60a217e3bdee835c7b222ad4c85d0acdb9a309bd2a754609a65dec50f3aa04c6d5891034566b9563d42668ede1f8992b17753a2132e28970584e255efc8b45a41c5dbd7567f014acec5fe6fdb6d484790360a913ebb9defcd74ff377f2a8ba46d2ed85f733c9a3da08eb57ecedfafda806778f03c66b2c5d2874cec1c291b2d49eb194c7b5d0dd2908ae90f4843268a2c45563092ade08acb6ab481a08176102fc803fbb2f8ad11b0e1531bd37df543498daf180b12017f4d4d426ca29b4161075534bfb914968088a9d13785d0adc0e2580d3548494b2a9e91605f2b27e6cc701c796f0de7c6f471f6ab6cb9272a1ed637ca32a60d117505d82af3c1336104afb537d01a8f70b510e1eebf4869cb976c419473795a66c7f5e6e20a8094b1bb603a74330c537c5c0698c31538bd2e138c1275a1bdf24c5fa8ab3b7b526324e7918a382d1363b3d463764222150e04
++
++# a positive test case that decrypts to 9 byte long value
++Decrypt = RSA-3072
++Input = 6c60845a854b4571f678941ae35a2ac03f67c21e21146f9db1f2306be9f136453b86ad55647d4f7b5c9e62197aaff0c0e40a3b54c4cde14e774b1c5959b6c2a2302896ffae1f73b00b862a20ff4304fe06cea7ff30ecb3773ca9af27a0b54547350d7c07dfb0a39629c7e71e83fc5af9b2adbaf898e037f1de696a3f328cf45af7ec9aff7173854087fb8fbf34be981efbd8493f9438d1b2ba2a86af082662aa46ae9adfbec51e5f3d9550a4dd1dcb7c8969c9587a6edc82a8cabbc785c40d9fbd12064559fb769450ac3e47e87bc046148130d7eaa843e4b3ccef3675d0630500803cb7ffee3882378c1a404e850c3e20707bb745e42b13c18786c4976076ed9fa8fd0ff15e571bef02cbbe2f90c908ac3734a433b73e778d4d17fcc28f49185ebc6e8536a06d293202d94496453bfdf1c2c7833a3f99fa38ca8a81f42eaa529d603b890308a319c0ab63a35ff8ebac965f6278f5a7e5d622be5d5fe55f0ca3ec993d55430d2bf59c5d3e860e90c16d91a04596f6fdf60d89ed95d88c036dde
++Output = "forty two"
++
++# a positive test case with null padded ciphertext
++Decrypt = RSA-3072
++Input = 00f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727
++Output = "forty two"
++
++# a positive test case with null truncated ciphertext
++Decrypt = RSA-3072
++Input = f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727
++Output = "forty two"
++
++# a positive test case with double null padded ciphertext
++Decrypt = RSA-3072
++Input = 00001ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0
++Output = "forty two"
++
++# a positive test case with double null truncated ciphertext
++Decrypt = RSA-3072
++Input = 1ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0
++Output = "forty two"
++
++# a random negative test case that generates a 9 byte long message
++Decrypt = RSA-3072
++Input = 5c8555f5cef627c15d37f85c7f5fd6e499264ea4b8e3f9112023aeb722eb38d8eac2be3751fd5a3785ab7f2d59fa3728e5be8c3de78a67464e30b21ee23b5484bb3cd06d0e1c6ad25649c8518165653eb80488bfb491b20c04897a6772f69292222fc5ef50b5cf9efc6d60426a449b6c489569d48c83488df629d695653d409ce49a795447fcec2c58a1a672e4a391401d428baaf781516e11e323d302fcf20f6eab2b2dbe53a48c987e407c4d7e1cb41131329138313d330204173a4f3ff06c6fadf970f0ed1005d0b27e35c3d11693e0429e272d583e57b2c58d24315c397856b34485dcb077665592b747f889d34febf2be8fce66c265fd9fc3575a6286a5ce88b4b413a08efc57a07a8f57a999605a837b0542695c0d189e678b53662ecf7c3d37d9dbeea585eebfaf79141118e06762c2381fe27ca6288edddc19fd67cd64f16b46e06d8a59ac530f22cd83cc0bc4e37feb52015cbb2283043ccf5e78a4eb7146827d7a466b66c8a4a4826c1bad68123a7f2d00fc1736525ff90c058f56
++Output = 257906ca6de8307728
++
++# a random negative test case that generates a 9 byte long message based on
++# second to last value from PRF
++Decrypt = RSA-3072
++Input = 758c215aa6acd61248062b88284bf43c13cb3b3d02410be4238607442f1c0216706e21a03a2c10eb624a63322d854da195c017b76fea83e274fa371834dcd2f3b7accf433fc212ad76c0bac366e1ed32e25b279f94129be7c64d6e162adc08ccebc0cfe8e926f01c33ab9c065f0e0ac83ae5137a4cb66702615ad68a35707d8676d2740d7c1a954680c83980e19778ed11eed3a7c2dbdfc461a9bbef671c1bc00c882d361d29d5f80c42bdf5efec886c34138f83369c6933b2ac4e93e764265351b4a0083f040e14f511f09b22f96566138864e4e6ff24da4810095da98e0585410951538ced2f757a277ff8e17172f06572c9024eeae503f176fd46eb6c5cd9ba07af11cde31dccac12eb3a4249a7bfd3b19797ad1656984bfcbf6f74e8f99d8f1ac420811f3d166d87f935ef15ae858cf9e72c8e2b547bf16c3fb09a8c9bf88fd2e5d38bf24ed610896131a84df76b9f920fe76d71fff938e9199f3b8cd0c11fd0201f9139d7673a871a9e7d4adc3bbe360c8813617cd60a90128fbe34c9d5
++Output = 043383c929060374ed
++
++# a random negative test that generates message based on 3rd last value from
++# PRF
++Decrypt = RSA-3072
++Input = 7b22d5e62d287968c6622171a1f75db4b0fd15cdf3134a1895d235d56f8d8fe619f2bf4868174a91d7601a82975d2255190d28b869141d7c395f0b8c4e2be2b2c1b4ffc12ce749a6f6803d4cfe7fba0a8d6949c04151f981c0d84592aa2ff25d1bd3ce5d10cb03daca6b496c6ad40d30bfa8acdfd02cdb9326c4bdd93b949c9dc46caa8f0e5f429785bce64136a429a3695ee674b647452bea1b0c6de9c5f1e8760d5ef6d5a9cfff40457b023d3c233c1dcb323e7808103e73963b2eafc928c9eeb0ee3294955415c1ddd9a1bb7e138fecd79a3cb89c57bd2305524624814aaf0fd1acbf379f7f5b39421f12f115ba488d380586095bb53f174fae424fa4c8e3b299709cd344b9f949b1ab57f1c645d7ed3c8f81d5594197355029fee8960970ff59710dc0e5eb50ea6f4c3938e3f89ed7933023a2c2ddffaba07be147f686828bd7d520f300507ed6e71bdaee05570b27bc92741108ac2eb433f028e138dd6d63067bc206ea2d826a7f41c0d613daed020f0f30f4e272e9618e0a8c39018a83
++Output = 70263fa6050534b9e0
++
++# an otherwise valid plaintext, but with wrong first byte (0x01 instead of 0x00)
++Decrypt = RSA-3072
++Input = 6db80adb5ff0a768caf1378ecc382a694e7d1bde2eff4ba12c48aaf794ded7a994a5b2b57acec20dbec4ae385c9dd531945c0f197a5496908725fc99d88601a17d3bb0b2d38d2c1c3100f39955a4cb3dbed5a38bf900f23d91e173640e4ec655c84fdfe71fcdb12a386108fcf718c9b7af37d39703e882436224c877a2235e8344fba6c951eb7e2a4d1d1de81fb463ac1b880f6cc0e59ade05c8ce35179ecd09546731fc07b141d3d6b342a97ae747e61a9130f72d37ac5a2c30215b6cbd66c7db893810df58b4c457b4b54f34428247d584e0fa71062446210db08254fb9ead1ba1a393c724bd291f0cf1a7143f32df849051dc896d7d176fef3b57ab6dffd626d0c3044e9edb2e3d012ace202d2581df01bec7e9aa0727a6650dd373d374f0bc0f4a611f8139dfe97d63e70c6188f4df5b672e47c51d8aa567097293fbff127c75ec690b43407578b73c85451710a0cece58fd497d7f7bd36a8a92783ef7dc6265dff52aac8b70340b996508d39217f2783ce6fc91a1cc94bb2ac487b84f62
++Output = 6d8d3a094ff3afff4c
++
++# an otherwise valid plaintext, but with wrong second byte (0x01 instead of 0x02)
++Decrypt = RSA-3072
++Input = 417328c034458563079a4024817d0150340c34e25ae16dcad690623f702e5c748a6ebb3419ff48f486f83ba9df35c05efbd7f40613f0fc996c53706c30df6bba6dcd4a40825f96133f3c21638a342bd4663dffbd0073980dac47f8c1dd8e97ce1412e4f91f2a8adb1ac2b1071066efe8d718bbb88ca4a59bd61500e826f2365255a409bece0f972df97c3a55e09289ef5fa815a2353ef393fd1aecfc888d611c16aec532e5148be15ef1bf2834b8f75bb26db08b66d2baad6464f8439d1986b533813321dbb180080910f233bcc4dd784fb21871aef41be08b7bfad4ecc3b68f228cb5317ac6ec1227bc7d0e452037ba918ee1da9fdb8393ae93b1e937a8d4691a17871d5092d2384b6190a53df888f65b951b05ed4ad57fe4b0c6a47b5b22f32a7f23c1a234c9feb5d8713d949686760680da4db454f4acad972470033472b9864d63e8d23eefc87ebcf464ecf33f67fbcdd48eab38c5292586b36aef5981ed2fa07b2f9e23fc57d9eb71bfff4111c857e9fff23ceb31e72592e70c874b4936
++Output = c6ae80ffa80bc184b0
++
++# an otherwise valid plaintext, but with zero byte in first byte of padding
++Decrypt = RSA-3072
++Input = 8542c626fe533467acffcd4e617692244c9b5a3bf0a215c5d64891ced4bf4f9591b4b2aedff9843057986d81631b0acb3704ec2180e5696e8bd15b217a0ec36d2061b0e2182faa3d1c59bd3f9086a10077a3337a3f5da503ec3753535ffd25b837a12f2541afefd0cffb0224b8f874e4bed13949e105c075ed44e287c5ae03b155e06b90ed247d2c07f1ef3323e3508cce4e4074606c54172ad74d12f8c3a47f654ad671104bf7681e5b061862747d9afd37e07d8e0e2291e01f14a95a1bb4cbb47c304ef067595a3947ee2d722067e38a0f046f43ec29cac6a8801c6e3e9a2331b1d45a7aa2c6af3205be382dd026e389614ee095665a611ab2e8dced2ee1c9d08ac9de11aef5b3803fc9a9ce8231ec87b5fed386fb92ee3db995a89307bcba844bd0a691c29ae51216e949dfc813133cb06a07265fd807bcb3377f6adb0a481d9b7f442003115895939773e6b95371c4febef29edae946fa245e7c50729e2e558cfaad773d1fd5f67b457a6d9d17a847c6fcbdb103a86f35f228cefc06cea0
++Output = a8a9301daa01bb25c7
++
++# an otherwise valid plaintext, but with zero byte in eight byte of padding
++Decrypt = RSA-3072
++Input = 449dfa237a70a99cb0351793ec8677882021c2aa743580bf6a0ea672055cffe8303ac42855b1d1f3373aae6af09cb9074180fc963e9d1478a4f98b3b4861d3e7f0aa8560cf603711f139db77667ca14ba3a1acdedfca9ef4603d6d7eb0645bfc805304f9ad9d77d34762ce5cd84bd3ec9d35c30e3be72a1e8d355d5674a141b5530659ad64ebb6082e6f73a80832ab6388912538914654d34602f4b3b1c78589b4a5d964b2efcca1dc7004c41f6cafcb5a7159a7fc7c0398604d0edbd4c8f4f04067da6a153a05e7cbeea13b5ee412400ef7d4f3106f4798da707ec37a11286df2b7a204856d5ff773613fd1e453a7114b78e347d3e8078e1cb3276b3562486ba630bf719697e0073a123c3e60ebb5c7a1ccff4279faffa2402bc1109f8d559d6766e73591943dfcf25ba10c3762f02af85187799b8b4b135c3990793a6fd32642f1557405ba55cc7cf7336a0e967073c5fa50743f9cc5e3017c172d9898d2af83345e71b3e0c22ab791eacb6484a32ec60ebc226ec9deaee91b1a0560c2b571
++Output = 6c716fe01d44398018
++
++# an otherwise valid plaintext, but with null separator missing
++Decrypt = RSA-3072
++Input = a7a5c99e50da48769ecb779d9abe86ef9ec8c38c6f43f17c7f2d7af608a4a1bd6cf695b47e97c191c61fb5a27318d02f495a176b9fae5a55b5d3fabd1d8aae4957e3879cb0c60f037724e11be5f30f08fc51c033731f14b44b414d11278cd3dba7e1c8bfe208d2b2bb7ec36366dacb6c88b24cd79ab394adf19dbbc21dfa5788bacbadc6a62f79cf54fd8cf585c615b5c0eb94c35aa9de25321c8ffefb8916bbaa2697cb2dd82ee98939df9b6704cee77793edd2b4947d82e00e5749664970736c59a84197bd72b5c71e36aae29cd39af6ac73a368edbc1ca792e1309f442aafcd77c992c88f8e4863149f221695cb7b0236e75b2339a02c4ea114854372c306b9412d8eedb600a31532002f2cea07b4df963a093185e4607732e46d753b540974fb5a5c3f9432df22e85bb17611370966c5522fd23f2ad3484341ba7fd8885fc8e6d379a611d13a2aca784fba2073208faad2137bf1979a0fa146c1880d4337db3274269493bab44a1bcd0681f7227ffdf589c2e925ed9d36302509d1109ba4
++Output = aa2de6cde4e2442884
++
+ # RSA PSS key tests
+
+ # PSS only key, no parameter restrictions
+--
+2.34.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-5.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-5.patch
new file mode 100644
index 0000000000..f4650de5de
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-5.patch
@@ -0,0 +1,284 @@
+From c693522a96b6fb2bb4b55a53d86550811bc0d7df Mon Sep 17 00:00:00 2001
+From: Hubert Kario <hkario@redhat.com>
+Date: Thu, 3 Nov 2022 17:45:58 +0100
+Subject: [PATCH] rsa: Skip the synthethic plaintext test with old FIPS
+ provider
+
+since the 3.0.0 FIPS provider doesn't implement the Bleichenbacher
+workaround, the decryption fails instead of providing a synthetic
+plaintext, so skip them then
+
+CVE: CVE-2023-50781
+
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/ddecbef6e389d263b728b7fa30fd3d9ce13feddb]
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/13817)
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ .../30-test_evp_data/evppkey_rsa_common.txt | 66 ++++++++++++++++++-
+ 1 file changed, 63 insertions(+), 3 deletions(-)
+
+diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+index d569e78..4bd7c72 100644
+--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
++++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+@@ -253,12 +253,12 @@ Decrypt = RSA-2048
+ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
+ Output = "Hello World"
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # Corrupted ciphertext
+-FIPSversion = <3.2.0
+ Decrypt = RSA-2048
+ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79
+-Output = "Hello World"
+-Result = KEYOP_ERROR
++Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff
+
+ # OAEP padding
+ Decrypt = RSA-2048
+@@ -330,21 +330,29 @@ Decrypt = RSA-2048-2
+ Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066
+ Output = "lorem ipsum dolor sit amet"
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # a random negative test case decrypting to empty
+ Decrypt = RSA-2048-2
+ Input = 20aaa8adbbc593a924ba1c5c7990b5c2242ae4b99d0fe636a19a4cf754edbcee774e472fe028160ed42634f8864900cb514006da642cae6ae8c7d087caebcfa6dad1551301e130344989a1d462d4164505f6393933450c67bc6d39d8f5160907cabc251b737925a1cf21e5c6aa5781b7769f6a2a583d97cce008c0f8b6add5f0b2bd80bee60237aa39bb20719fe75749f4bc4e42466ef5a861ae3a92395c7d858d430bfe38040f445ea93fa2958b503539800ffa5ce5f8cf51fa8171a91f36cb4f4575e8de6b4d3f096ee140b938fd2f50ee13f0d050222e2a72b0a3069ff3a6738e82c87090caa5aed4fcbe882c49646aa250b98f12f83c8d528113614a29e7
+ Output =
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # invalid decrypting to max length message
+ Decrypt = RSA-2048-2
+ Input = 48cceab10f39a4db32f60074feea473cbcdb7accf92e150417f76b44756b190e843e79ec12aa85083a21f5437e7bad0a60482e601198f9d86923239c8786ee728285afd0937f7dde12717f28389843d7375912b07b991f4fdb0190fced8ba665314367e8c5f9d2981d0f5128feeb46cb50fc237e64438a86df198dd0209364ae3a842d77532b66b7ef263b83b1541ed671b120dfd660462e2107a4ee7b964e734a7bd68d90dda61770658a3c242948532da32648687e0318286473f675b412d6468f013f14d760a358dfcad3cda2afeec5e268a37d250c37f722f468a70dfd92d7294c3c1ee1e7f8843b7d16f9f37ef35748c3ae93aa155cdcdfeb4e78567303
+ Output = 22d850137b9eebe092b24f602dc5bb7918c16bd89ddbf20467b119d205f9c2e4bd7d2592cf1e532106e0f33557565923c73a02d4f09c0c22bea89148183e60317f7028b3aa1f261f91c979393101d7e15f4067e63979b32751658ef769610fe97cf9cef3278b3117d384051c3b1d82c251c2305418c8f6840530e631aad63e70e20e025bcd8efb54c92ec6d3b106a2f8e64eeff7d38495b0fc50c97138af4b1c0a67a1c4e27b077b8439332edfa8608dfeae653cd6a628ac550395f7e74390e42c11682234870925eeaa1fa71b76cf1f2ee3bda69f6717033ff8b7c95c9799e7a3bea5e7e4a1c359772fb6b1c6e6c516661dfe30c3
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # invalid decrypting to message with length specified by second to last value from PRF
+ Decrypt = RSA-2048-2
+ Input = 1439e08c3f84c1a7fec74ce07614b20e01f6fa4e8c2a6cffdc3520d8889e5d9a950c6425798f85d4be38d300ea5695f13ecd4cb389d1ff5b82484b494d6280ab7fa78e645933981cb934cce8bfcd114cc0e6811eefa47aae20af638a1cd163d2d3366186d0a07df0c81f6c9f3171cf3561472e98a6006bf75ddb457bed036dcce199369de7d94ef2c68e8467ee0604eea2b3009479162a7891ba5c40cab17f49e1c438cb6eaea4f76ce23cce0e483ff0e96fa790ea15be67671814342d0a23f4a20262b6182e72f3a67cd289711503c85516a9ed225422f98b116f1ab080a80abd6f0216df88d8cfd67c139243be8dd78502a7aaf6bc99d7da71bcdf627e7354
+ Output = 0f9b
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # invalid decrypting to message with length specified by third to last value from PRF
+ Decrypt = RSA-2048-2
+ Input = 1690ebcceece2ce024f382e467cf8510e74514120937978576caf684d4a02ad569e8d76cbe365a060e00779de2f0865ccf0d923de3b4783a4e2c74f422e2f326086c390b658ba47f31ab013aa80f468c71256e5fa5679b24e83cd82c3d1e05e398208155de2212993cd2b8bab6987cf4cc1293f19909219439d74127545e9ed8a706961b8ee2119f6bfacafbef91b75a789ba65b8b833bc6149cf49b5c4d2c6359f62808659ba6541e1cd24bf7f7410486b5103f6c0ea29334ea6f4975b17387474fe920710ea61568d7b7c0a7916acf21665ad5a31c4eabcde44f8fb6120d8457afa1f3c85d517cda364af620113ae5a3c52a048821731922737307f77a1081
+@@ -385,23 +393,31 @@ Decrypt = RSA-2048-2
+ Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50
+ Output = "lorem ipsum"
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # a random negative test that generates an 11 byte long message
+ Decrypt = RSA-2048-2
+ Input = 5f02f4b1f46935c742ebe62b6f05aa0a3286aab91a49b34780adde6410ab46f7386e05748331864ac98e1da63686e4babe3a19ed40a7f5ceefb89179596aab07ab1015e03b8f825084dab028b6731288f2e511a4b314b6ea3997d2e8fe2825cef8897cbbdfb6c939d441d6e04948414bb69e682927ef8576c9a7090d4aad0e74c520d6d5ce63a154720f00b76de8cc550b1aa14f016d63a7b6d6eaa1f7dbe9e50200d3159b3d099c900116bf4eba3b94204f18b1317b07529751abf64a26b0a0bf1c8ce757333b3d673211b67cc0653f2fe2620d57c8b6ee574a0323a167eab1106d9bc7fd90d415be5f1e9891a0e6c709f4fc0404e8226f8477b4e939b36eb2
+ Output = af9ac70191c92413cb9f2d
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # an otherwise correct plaintext, but with wrong first byte
+ # (0x01 instead of 0x00), generates a random 11 byte long plaintext
+ Decrypt = RSA-2048-2
+ Input = 9b2ec9c0c917c98f1ad3d0119aec6be51ae3106e9af1914d48600ab6a2c0c0c8ae02a2dc3039906ff3aac904af32ec798fd65f3ad1afa2e69400e7c1de81f5728f3b3291f38263bc7a90a0563e43ce7a0d4ee9c0d8a716621ca5d3d081188769ce1b131af7d35b13dea99153579c86db31fe07d5a2c14d621b77854e48a8df41b5798563af489a291e417b6a334c63222627376118c02c53b6e86310f728734ffc86ef9d7c8bf56c0c841b24b82b59f51aee4526ba1c4268506d301e4ebc498c6aebb6fd5258c876bf900bac8ca4d309dd522f6a6343599a8bc3760f422c10c72d0ad527ce4af1874124ace3d99bb74db8d69d2528db22c3a37644640f95c05f
+ Output = a1f8c9255c35cfba403ccc
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # an otherwise correct plaintext, but with wrong second byte
+ # (0x01 instead of 0x02), generates a random 11 byte long plaintext
+ Decrypt = RSA-2048-2
+ Input = 782c2b59a21a511243820acedd567c136f6d3090c115232a82a5efb0b178285f55b5ec2d2bac96bf00d6592ea7cdc3341610c8fb07e527e5e2d20cfaf2c7f23e375431f45e998929a02f25fd95354c33838090bca838502259e92d86d568bc2cdb132fab2a399593ca60a015dc2bb1afcd64fef8a3834e17e5358d822980dc446e845b3ab4702b1ee41fe5db716d92348d5091c15d35a110555a35deb4650a5a1d2c98025d42d4544f8b32aa6a5e02dc02deaed9a7313b73b49b0d4772a3768b0ea0db5846ace6569cae677bf67fb0acf3c255dc01ec8400c963b6e49b1067728b4e563d7e1e1515664347b92ee64db7efb5452357a02fff7fcb7437abc2e579
+ Output = e6d700309ca0ed62452254
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # an invalid ciphertext, with a zero byte in first byte of
+ # ciphertext, decrypts to a random 11 byte long synthethic
+ # plaintext
+@@ -409,6 +425,8 @@ Decrypt = RSA-2048-2
+ Input = 0096136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3fa2162131d859cd9da5a0c8a42281d9a63e5f353971b72e36b5722e4ac444d77f892a5443deb3dca49fa732fe855727196e23c26eeac55eeced8267a209ebc0f92f4656d64a6c13f7f7ce544ebeb0f668fe3a6c0f189e4bcd5ea12b73cf63e0c8350ee130dd62f01e5c97a1e13f52fde96a9a1bc9936ce734fdd61f27b18216f1d6de87f49cf4f2ea821fb8efd1f92cdad529baf7e31aff9bff4074f2cad2b4243dd15a711adcf7de900851fbd6bcb53dac399d7c880531d06f25f7002e1aaf1722765865d2c2b902c7736acd27bc6cbd3e38b560e2eecf7d4b576
+ Output = ba27b1842e7c21c0e7ef6a
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # an invalid ciphertext, with a zero byte removed from first byte of
+ # ciphertext, decrypts to a random 11 byte long synthethic
+ # plaintext
+@@ -416,6 +434,8 @@ Decrypt = RSA-2048-2
+ Input = 96136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3fa2162131d859cd9da5a0c8a42281d9a63e5f353971b72e36b5722e4ac444d77f892a5443deb3dca49fa732fe855727196e23c26eeac55eeced8267a209ebc0f92f4656d64a6c13f7f7ce544ebeb0f668fe3a6c0f189e4bcd5ea12b73cf63e0c8350ee130dd62f01e5c97a1e13f52fde96a9a1bc9936ce734fdd61f27b18216f1d6de87f49cf4f2ea821fb8efd1f92cdad529baf7e31aff9bff4074f2cad2b4243dd15a711adcf7de900851fbd6bcb53dac399d7c880531d06f25f7002e1aaf1722765865d2c2b902c7736acd27bc6cbd3e38b560e2eecf7d4b576
+ Output = ba27b1842e7c21c0e7ef6a
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # an invalid ciphertext, with two zero bytes in first bytes of
+ # ciphertext, decrypts to a random 11 byte long synthethic
+ # plaintext
+@@ -423,6 +443,8 @@ Decrypt = RSA-2048-2
+ Input = 0000587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c26e88ea9f6519e86a542cec96aad1e5e9013c3cc203b6de15a69183050813af5c9ad79703136d4b92f50ce171eefc6aa7988ecf02f319ffc5eafd6ee7a137f8fce64b255bb1b8dd19cfe767d64fdb468b9b2e9e7a0c24dae03239c8c714d3f40b7ee9c4e59ac15b17e4d328f1100756bce17133e8e7493b54e5006c3cbcdacd134130c5132a1edebdbd01a0c41452d16ed7a0788003c34730d0808e7e14c797a21f2b45a8aa1644357fd5e988f99b017d9df37563a354c788dc0e2f9466045622fa3f3e17db63414d27761f57392623a2bef6467501c63e8d645
+ Output = d5cf555b1d6151029a429a
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # an invalid ciphertext, with two zero bytes removed from first bytes of
+ # ciphertext, decrypts to a random 11 byte long synthethic
+ # plaintext
+@@ -430,24 +452,32 @@ Decrypt = RSA-2048-2
+ Input = 587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c26e88ea9f6519e86a542cec96aad1e5e9013c3cc203b6de15a69183050813af5c9ad79703136d4b92f50ce171eefc6aa7988ecf02f319ffc5eafd6ee7a137f8fce64b255bb1b8dd19cfe767d64fdb468b9b2e9e7a0c24dae03239c8c714d3f40b7ee9c4e59ac15b17e4d328f1100756bce17133e8e7493b54e5006c3cbcdacd134130c5132a1edebdbd01a0c41452d16ed7a0788003c34730d0808e7e14c797a21f2b45a8aa1644357fd5e988f99b017d9df37563a354c788dc0e2f9466045622fa3f3e17db63414d27761f57392623a2bef6467501c63e8d645
+ Output = d5cf555b1d6151029a429a
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # and invalid ciphertext, otherwise valid but starting with 000002, decrypts
+ # to random 11 byte long synthethic plaintext
+ Decrypt = RSA-2048-2
+ Input = 1786550ce8d8433052e01ecba8b76d3019f1355b212ac9d0f5191b023325a7e7714b7802f8e9a17c4cb3cd3a84041891471b10ca1fcfb5d041d34c82e6d0011cf4dc76b90e9c2e0743590579d55bcd7857057152c4a8040361343d1d22ba677d62b011407c652e234b1d663af25e2386251d7409190f19fc8ec3f9374fdf1254633874ce2ec2bff40ad0cb473f9761ec7b68da45a4bd5e33f5d7dac9b9a20821df9406b653f78a95a6c0ea0a4d57f867e4db22c17bf9a12c150f809a7b72b6db86c22a8732241ebf3c6a4f2cf82671d917aba8bc61052b40ccddd743a94ea9b538175106201971cca9d136d25081739aaf6cd18b2aecf9ad320ea3f89502f955
+ Output = 3d4a054d9358209e9cbbb9
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # negative test with otherwise valid padding but a zero byte in first byte
+ # of padding
+ Decrypt = RSA-2048-2
+ Input = 179598823812d2c58a7eb50521150a48bcca8b4eb53414018b6bca19f4801456c5e36a940037ac516b0d6412ba44ec6b4f268a55ef1c5ffbf18a2f4e3522bb7b6ed89774b79bffa22f7d3102165565642de0d43a955e96a1f2e80e5430671d7266eb4f905dc8ff5e106dc5588e5b0289e49a4913940e392a97062616d2bda38155471b7d360cfb94681c702f60ed2d4de614ea72bf1c53160e63179f6c5b897b59492bee219108309f0b7b8cb2b136c346a5e98b8b4b8415fb1d713bae067911e3057f1c335b4b7e39101eafd5d28f0189037e4334f4fdb9038427b1d119a6702aa8233319cc97d496cc289ae8c956ddc84042659a2d43d6aa22f12b81ab884e
+ Output = 1f037dd717b07d3e7f7359
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # negative test with otherwise valid padding but a zero byte at the eigth
+ # byte of padding
+ Decrypt = RSA-2048-2
+ Input = a7a340675a82c30e22219a55bc07cdf36d47d01834c1834f917f18b517419ce9de2a96460e745024436470ed85e94297b283537d52189c406a3f533cb405cc6a9dba46b482ce98b6e3dd52d8fce2237425617e38c11fbc46b61897ef200d01e4f25f5f6c4c5b38cd0de38ba11908b86595a8036a08a42a3d05b79600a97ac18ba368a08d6cf6ccb624f6e8002afc75599fba4de3d4f3ba7d208391ebe8d21f8282b18e2c10869eb2702e68f9176b42b0ddc9d763f0c86ba0ff92c957aaeab76d9ab8da52ea297ec11d92d770146faa1b300e0f91ef969b53e7d2907ffc984e9a9c9d11fb7d6cba91972059b46506b035efec6575c46d7114a6b935864858445f
+ Output = 63cb0bf65fc8255dd29e17
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # negative test with an otherwise valid plaintext but with missing separator
+ # byte
+ Decrypt = RSA-2048-2
+@@ -501,6 +531,8 @@ PrivPubKeyPair = RSA-2049:RSA-2049-PUBLIC
+
+ # RSA decrypt
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # malformed that generates length specified by 3rd last value from PRF
+ Decrypt = RSA-2049
+ Input = 00b26f6404b82649629f2704494282443776929122e279a9cf30b0c6fe8122a0a9042870d97cc8ef65490fe58f031eb2442352191f5fbc311026b5147d32df914599f38b825ebb824af0d63f2d541a245c5775d1c4b78630e4996cc5fe413d38455a776cf4edcc0aa7fccb31c584d60502ed2b77398f536e137ff7ba6430e9258e21c2db5b82f5380f566876110ac4c759178900fbad7ab70ea07b1daf7a1639cbb4196543a6cbe8271f35dddb8120304f6eef83059e1c5c5678710f904a6d760c4d1d8ad076be17904b9e69910040b47914a0176fb7eea0c06444a6c4b86d674d19a556a1de5490373cb01ce31bbd15a5633362d3d2cd7d4af1b4c5121288b894
+@@ -531,16 +563,22 @@ Decrypt = RSA-2049
+ Input = f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052
+ Output = "lorem ipsum"
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # a random negative test case that generates an 11 byte long message
+ Decrypt = RSA-2049
+ Input = 00f910200830fc8fff478e99e145f1474b312e2512d0f90b8cef77f8001d09861688c156d1cbaf8a8957f7ebf35f724466952d0524cad48aad4fba1e45ce8ea27e8f3ba44131b7831b62d60c0762661f4c1d1a88cd06263a259abf1ba9e6b0b172069afb86a7e88387726f8ab3adb30bfd6b3f6be6d85d5dfd044e7ef052395474a9cbb1c3667a92780b43a22693015af6c513041bdaf87d43b24ddd244e791eeaea1066e1f4917117b3a468e22e0f7358852bb981248de4d720add2d15dccba6280355935b67c96f9dcb6c419cc38ab9f6fba2d649ef2066e0c34c9f788ae49babd9025fa85b21113e56ce4f43aa134c512b030dd7ac7ce82e76f0be9ce09ebca
+ Output = 1189b6f5498fd6df532b00
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # otherwise correct plaintext, but with wrong first byte (0x01 instead of 0x00)
+ Decrypt = RSA-2049
+ Input = 002c9ddc36ba4cf0038692b2d3a1c61a4bb3786a97ce2e46a3ba74d03158aeef456ce0f4db04dda3fe062268a1711250a18c69778a6280d88e133a16254e1f0e30ce8dac9b57d2e39a2f7d7be3ee4e08aec2fdbe8dadad7fdbf442a29a8fb40857407bf6be35596b8eefb5c2b3f58b894452c2dc54a6123a1a38d642e23751746597e08d71ac92704adc17803b19e131b4d1927881f43b0200e6f95658f559f912c889b4cd51862784364896cd6e8618f485a992f82997ad6a0917e32ae5872eaf850092b2d6c782ad35f487b79682333c1750c685d7d32ab3e1538f31dcaa5e7d5d2825875242c83947308dcf63ba4bfff20334c9c140c837dbdbae7a8dee72ff
+ Output = f6d0f5b78082fe61c04674
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # otherwise correct plaintext, but with wrong second byte (0x01 instead of 0x02)
+ Decrypt = RSA-2049
+ Input = 00c5d77826c1ab7a34d6390f9d342d5dbe848942e2618287952ba0350d7de6726112e9cebc391a0fae1839e2bf168229e3e0d71d4161801509f1f28f6e1487ca52df05c466b6b0a6fbbe57a3268a970610ec0beac39ec0fa67babce1ef2a86bf77466dc127d7d0d2962c20e66593126f276863cd38dc6351428f884c1384f67cad0a0ffdbc2af16711fb68dc559b96b37b4f04cd133ffc7d79c43c42ca4948fa895b9daeb853150c8a5169849b730cc77d68b0217d6c0e3dbf38d751a1998186633418367e7576530566c23d6d4e0da9b038d0bb5169ce40133ea076472d055001f0135645940fd08ea44269af2604c8b1ba225053d6db9ab43577689401bdc0f3
+@@ -603,17 +641,23 @@ ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKusAN5AgMBAAE=
+
+ PrivPubKeyPair = RSA-3072:RSA-3072-PUBLIC
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # a random invalid ciphertext that generates an empty synthethic one
+ Decrypt = RSA-3072
+ Input = 5e956cd9652f4a2ece902931013e09662b6a9257ad1e987fb75f73a0606df2a4b04789770820c2e02322c4e826f767bd895734a01e20609c3be4517a7a2a589ea1cdc137beb73eb38dac781b52e863de9620f79f9b90fd5b953651fcbfef4a9f1cc07421d511a87dd6942caab6a5a0f4df473e62defb529a7de1509ab99c596e1dff1320402298d8be73a896cc86c38ae3f2f576e9ea70cc28ad575cb0f854f0be43186baa9c18e29c47c6ca77135db79c811231b7c1730955887d321fdc06568382b86643cf089b10e35ab23e827d2e5aa7b4e99ff2e914f302351819eb4d1693243b35f8bf1d42d08f8ec4acafa35f747a4a975a28643ec630d8e4fa5be59d81995660a14bb64c1fea5146d6b11f92da6a3956dd5cb5e0d747cf2ea23f81617769185336263d46ef4c144b754de62a6337342d6c85a95f19f015724546ee3fc4823eca603dbc1dc01c2d5ed50bd72d8e96df2dc048edde0081284068283fc5e73a6139851abf2f29977d0b3d160c883a42a37efba1be05c1a0b1741d7ddf59
+ Output =
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # a random invalid that has PRF output with a length one byte too long
+ # in the last value
+ Decrypt = RSA-3072
+ Input = 7db0390d75fcf9d4c59cf27b264190d856da9abd11e92334d0e5f71005cfed865a711dfa28b791188374b61916dbc11339bf14b06f5f3f68c206c5607380e13da3129bfb744157e1527dd6fdf6651248b028a496ae1b97702d44706043cdaa7a59c0f41367303f21f268968bf3bd2904db3ae5239b55f8b438d93d7db9d1666c071c0857e2ec37757463769c54e51f052b2a71b04c2869e9e7049a1037b8429206c99726f07289bac18363e7eb2a5b417f47c37a55090cda676517b3549c873f2fe95da9681752ec9864b069089a2ed2f340c8b04ee00079055a817a3355b46ac7dc00d17f4504ccfbcfcadb0c04cb6b22069e179385ae1eafabad5521bac2b8a8ee1dfff59a22eb3fdacfc87175d10d7894cfd869d056057dd9944b869c1784fcc27f731bc46171d39570fbffbadf082d33f6352ecf44aca8d9478e53f5a5b7c852b401e8f5f74da49da91e65bdc97765a9523b7a0885a6f8afe5759d58009fbfa837472a968e6ae92026a5e0202a395483095302d6c3985b5f5831c521a271
+ Output = 56a3bea054e01338be9b7d7957539c
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # a random invalid that generates a synthethic of maximum size
+ Decrypt = RSA-3072
+ Input = 1715065322522dff85049800f6a29ab5f98c465020467414b2a44127fe9446da47fa18047900f99afe67c2df6f50160bb8e90bff296610fde632b3859d4d0d2e644f23835028c46cca01b84b88231d7e03154edec6627bcba23de76740d839851fa12d74c8f92e540c73fe837b91b7d699b311997d5f0f7864c486d499c3a79c111faaacbe4799597a25066c6200215c3d158f3817c1aa57f18bdaad0be1658da9da93f5cc6c3c4dd72788af57adbb6a0c26f42d32d95b8a4f95e8c6feb2f8a5d53b19a50a0b7cbc25e055ad03e5ace8f3f7db13e57759f67b65d143f08cca15992c6b2aae643390483de111c2988d4e76b42596266005103c8de6044fb7398eb3c28a864fa672de5fd8774510ff45e05969a11a4c7d3f343e331190d2dcf24fb9154ba904dc94af98afc5774a9617d0418fe6d13f8245c7d7626c176138dd698a23547c25f27c2b98ea4d8a45c7842b81888e4cc14e5b72e9cf91f56956c93dbf2e5f44a8282a7813157fc481ff1371a0f66b31797e81ebdb09a673d4db96d6
+@@ -644,43 +688,59 @@ Decrypt = RSA-3072
+ Input = 1ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0
+ Output = "forty two"
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # a random negative test case that generates a 9 byte long message
+ Decrypt = RSA-3072
+ Input = 5c8555f5cef627c15d37f85c7f5fd6e499264ea4b8e3f9112023aeb722eb38d8eac2be3751fd5a3785ab7f2d59fa3728e5be8c3de78a67464e30b21ee23b5484bb3cd06d0e1c6ad25649c8518165653eb80488bfb491b20c04897a6772f69292222fc5ef50b5cf9efc6d60426a449b6c489569d48c83488df629d695653d409ce49a795447fcec2c58a1a672e4a391401d428baaf781516e11e323d302fcf20f6eab2b2dbe53a48c987e407c4d7e1cb41131329138313d330204173a4f3ff06c6fadf970f0ed1005d0b27e35c3d11693e0429e272d583e57b2c58d24315c397856b34485dcb077665592b747f889d34febf2be8fce66c265fd9fc3575a6286a5ce88b4b413a08efc57a07a8f57a999605a837b0542695c0d189e678b53662ecf7c3d37d9dbeea585eebfaf79141118e06762c2381fe27ca6288edddc19fd67cd64f16b46e06d8a59ac530f22cd83cc0bc4e37feb52015cbb2283043ccf5e78a4eb7146827d7a466b66c8a4a4826c1bad68123a7f2d00fc1736525ff90c058f56
+ Output = 257906ca6de8307728
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # a random negative test case that generates a 9 byte long message based on
+ # second to last value from PRF
+ Decrypt = RSA-3072
+ Input = 758c215aa6acd61248062b88284bf43c13cb3b3d02410be4238607442f1c0216706e21a03a2c10eb624a63322d854da195c017b76fea83e274fa371834dcd2f3b7accf433fc212ad76c0bac366e1ed32e25b279f94129be7c64d6e162adc08ccebc0cfe8e926f01c33ab9c065f0e0ac83ae5137a4cb66702615ad68a35707d8676d2740d7c1a954680c83980e19778ed11eed3a7c2dbdfc461a9bbef671c1bc00c882d361d29d5f80c42bdf5efec886c34138f83369c6933b2ac4e93e764265351b4a0083f040e14f511f09b22f96566138864e4e6ff24da4810095da98e0585410951538ced2f757a277ff8e17172f06572c9024eeae503f176fd46eb6c5cd9ba07af11cde31dccac12eb3a4249a7bfd3b19797ad1656984bfcbf6f74e8f99d8f1ac420811f3d166d87f935ef15ae858cf9e72c8e2b547bf16c3fb09a8c9bf88fd2e5d38bf24ed610896131a84df76b9f920fe76d71fff938e9199f3b8cd0c11fd0201f9139d7673a871a9e7d4adc3bbe360c8813617cd60a90128fbe34c9d5
+ Output = 043383c929060374ed
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # a random negative test that generates message based on 3rd last value from
+ # PRF
+ Decrypt = RSA-3072
+ Input = 7b22d5e62d287968c6622171a1f75db4b0fd15cdf3134a1895d235d56f8d8fe619f2bf4868174a91d7601a82975d2255190d28b869141d7c395f0b8c4e2be2b2c1b4ffc12ce749a6f6803d4cfe7fba0a8d6949c04151f981c0d84592aa2ff25d1bd3ce5d10cb03daca6b496c6ad40d30bfa8acdfd02cdb9326c4bdd93b949c9dc46caa8f0e5f429785bce64136a429a3695ee674b647452bea1b0c6de9c5f1e8760d5ef6d5a9cfff40457b023d3c233c1dcb323e7808103e73963b2eafc928c9eeb0ee3294955415c1ddd9a1bb7e138fecd79a3cb89c57bd2305524624814aaf0fd1acbf379f7f5b39421f12f115ba488d380586095bb53f174fae424fa4c8e3b299709cd344b9f949b1ab57f1c645d7ed3c8f81d5594197355029fee8960970ff59710dc0e5eb50ea6f4c3938e3f89ed7933023a2c2ddffaba07be147f686828bd7d520f300507ed6e71bdaee05570b27bc92741108ac2eb433f028e138dd6d63067bc206ea2d826a7f41c0d613daed020f0f30f4e272e9618e0a8c39018a83
+ Output = 70263fa6050534b9e0
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # an otherwise valid plaintext, but with wrong first byte (0x01 instead of 0x00)
+ Decrypt = RSA-3072
+ Input = 6db80adb5ff0a768caf1378ecc382a694e7d1bde2eff4ba12c48aaf794ded7a994a5b2b57acec20dbec4ae385c9dd531945c0f197a5496908725fc99d88601a17d3bb0b2d38d2c1c3100f39955a4cb3dbed5a38bf900f23d91e173640e4ec655c84fdfe71fcdb12a386108fcf718c9b7af37d39703e882436224c877a2235e8344fba6c951eb7e2a4d1d1de81fb463ac1b880f6cc0e59ade05c8ce35179ecd09546731fc07b141d3d6b342a97ae747e61a9130f72d37ac5a2c30215b6cbd66c7db893810df58b4c457b4b54f34428247d584e0fa71062446210db08254fb9ead1ba1a393c724bd291f0cf1a7143f32df849051dc896d7d176fef3b57ab6dffd626d0c3044e9edb2e3d012ace202d2581df01bec7e9aa0727a6650dd373d374f0bc0f4a611f8139dfe97d63e70c6188f4df5b672e47c51d8aa567097293fbff127c75ec690b43407578b73c85451710a0cece58fd497d7f7bd36a8a92783ef7dc6265dff52aac8b70340b996508d39217f2783ce6fc91a1cc94bb2ac487b84f62
+ Output = 6d8d3a094ff3afff4c
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # an otherwise valid plaintext, but with wrong second byte (0x01 instead of 0x02)
+ Decrypt = RSA-3072
+ Input = 417328c034458563079a4024817d0150340c34e25ae16dcad690623f702e5c748a6ebb3419ff48f486f83ba9df35c05efbd7f40613f0fc996c53706c30df6bba6dcd4a40825f96133f3c21638a342bd4663dffbd0073980dac47f8c1dd8e97ce1412e4f91f2a8adb1ac2b1071066efe8d718bbb88ca4a59bd61500e826f2365255a409bece0f972df97c3a55e09289ef5fa815a2353ef393fd1aecfc888d611c16aec532e5148be15ef1bf2834b8f75bb26db08b66d2baad6464f8439d1986b533813321dbb180080910f233bcc4dd784fb21871aef41be08b7bfad4ecc3b68f228cb5317ac6ec1227bc7d0e452037ba918ee1da9fdb8393ae93b1e937a8d4691a17871d5092d2384b6190a53df888f65b951b05ed4ad57fe4b0c6a47b5b22f32a7f23c1a234c9feb5d8713d949686760680da4db454f4acad972470033472b9864d63e8d23eefc87ebcf464ecf33f67fbcdd48eab38c5292586b36aef5981ed2fa07b2f9e23fc57d9eb71bfff4111c857e9fff23ceb31e72592e70c874b4936
+ Output = c6ae80ffa80bc184b0
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # an otherwise valid plaintext, but with zero byte in first byte of padding
+ Decrypt = RSA-3072
+ Input = 8542c626fe533467acffcd4e617692244c9b5a3bf0a215c5d64891ced4bf4f9591b4b2aedff9843057986d81631b0acb3704ec2180e5696e8bd15b217a0ec36d2061b0e2182faa3d1c59bd3f9086a10077a3337a3f5da503ec3753535ffd25b837a12f2541afefd0cffb0224b8f874e4bed13949e105c075ed44e287c5ae03b155e06b90ed247d2c07f1ef3323e3508cce4e4074606c54172ad74d12f8c3a47f654ad671104bf7681e5b061862747d9afd37e07d8e0e2291e01f14a95a1bb4cbb47c304ef067595a3947ee2d722067e38a0f046f43ec29cac6a8801c6e3e9a2331b1d45a7aa2c6af3205be382dd026e389614ee095665a611ab2e8dced2ee1c9d08ac9de11aef5b3803fc9a9ce8231ec87b5fed386fb92ee3db995a89307bcba844bd0a691c29ae51216e949dfc813133cb06a07265fd807bcb3377f6adb0a481d9b7f442003115895939773e6b95371c4febef29edae946fa245e7c50729e2e558cfaad773d1fd5f67b457a6d9d17a847c6fcbdb103a86f35f228cefc06cea0
+ Output = a8a9301daa01bb25c7
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # an otherwise valid plaintext, but with zero byte in eight byte of padding
+ Decrypt = RSA-3072
+ Input = 449dfa237a70a99cb0351793ec8677882021c2aa743580bf6a0ea672055cffe8303ac42855b1d1f3373aae6af09cb9074180fc963e9d1478a4f98b3b4861d3e7f0aa8560cf603711f139db77667ca14ba3a1acdedfca9ef4603d6d7eb0645bfc805304f9ad9d77d34762ce5cd84bd3ec9d35c30e3be72a1e8d355d5674a141b5530659ad64ebb6082e6f73a80832ab6388912538914654d34602f4b3b1c78589b4a5d964b2efcca1dc7004c41f6cafcb5a7159a7fc7c0398604d0edbd4c8f4f04067da6a153a05e7cbeea13b5ee412400ef7d4f3106f4798da707ec37a11286df2b7a204856d5ff773613fd1e453a7114b78e347d3e8078e1cb3276b3562486ba630bf719697e0073a123c3e60ebb5c7a1ccff4279faffa2402bc1109f8d559d6766e73591943dfcf25ba10c3762f02af85187799b8b4b135c3990793a6fd32642f1557405ba55cc7cf7336a0e967073c5fa50743f9cc5e3017c172d9898d2af83345e71b3e0c22ab791eacb6484a32ec60ebc226ec9deaee91b1a0560c2b571
+ Output = 6c716fe01d44398018
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
+ # an otherwise valid plaintext, but with null separator missing
+ Decrypt = RSA-3072
+ Input = a7a5c99e50da48769ecb779d9abe86ef9ec8c38c6f43f17c7f2d7af608a4a1bd6cf695b47e97c191c61fb5a27318d02f495a176b9fae5a55b5d3fabd1d8aae4957e3879cb0c60f037724e11be5f30f08fc51c033731f14b44b414d11278cd3dba7e1c8bfe208d2b2bb7ec36366dacb6c88b24cd79ab394adf19dbbc21dfa5788bacbadc6a62f79cf54fd8cf585c615b5c0eb94c35aa9de25321c8ffefb8916bbaa2697cb2dd82ee98939df9b6704cee77793edd2b4947d82e00e5749664970736c59a84197bd72b5c71e36aae29cd39af6ac73a368edbc1ca792e1309f442aafcd77c992c88f8e4863149f221695cb7b0236e75b2339a02c4ea114854372c306b9412d8eedb600a31532002f2cea07b4df963a093185e4607732e46d753b540974fb5a5c3f9432df22e85bb17611370966c5522fd23f2ad3484341ba7fd8885fc8e6d379a611d13a2aca784fba2073208faad2137bf1979a0fa146c1880d4337db3274269493bab44a1bcd0681f7227ffdf589c2e925ed9d36302509d1109ba4
+--
+2.34.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-6.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-6.patch
new file mode 100644
index 0000000000..75e1df4bba
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-6.patch
@@ -0,0 +1,57 @@
+From 455db0c94c0b83083ce8b792982c03aa56fc866f Mon Sep 17 00:00:00 2001
+From: Hubert Kario <hkario@redhat.com>
+Date: Tue, 22 Nov 2022 17:42:11 +0100
+Subject: [PATCH] rsa: add test for the option to disable implicit rejection
+
+CVE: CVE-2023-50781
+
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/455db0c94c0b83083ce8b792982c03aa56fc866f]
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/13817)
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ .../30-test_evp_data/evppkey_rsa_common.txt | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+index 0ad654fc60..a3d01eec45 100644
+--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
++++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+@@ -253,6 +253,14 @@ Decrypt = RSA-2048
+ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
+ Output = "Hello World"
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
++# Note: disable the Bleichenbacher workaround to see if it passes
++Decrypt = RSA-2048
++Ctrl = rsa_pkcs1_implicit_rejection:0
++Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
++Output = "Hello World"
++
+ # The old FIPS provider doesn't include the workaround (#13817)
+ FIPSversion = >3.0.0
+ # Corrupted ciphertext
+@@ -261,6 +269,16 @@ Decrypt = RSA-2048
+ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79
+ Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff
+
++# The old FIPS provider doesn't include the workaround (#13817)
++FIPSversion = >3.0.0
++# Corrupted ciphertext
++# Note: disable the Bleichenbacher workaround to see if it fails
++Decrypt = RSA-2048
++Ctrl = rsa_pkcs1_implicit_rejection:0
++Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79
++Output = "Hello World"
++Result = KEYOP_ERROR
++
+ # OAEP padding
+ Decrypt = RSA-2048
+ Ctrl = rsa_padding_mode:oaep
+--
+2.34.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.17.bb b/meta/recipes-connectivity/openssl/openssl_3.0.17.bb
index ee0ab2e498..a50bd2edbf 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.17.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.17.bb
@@ -13,7 +13,13 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op
file://afalg.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
file://CVE-2024-41996.patch \
- "
+ file://CVE-2023-50781-1.patch \
+ file://CVE-2023-50781-2.patch \
+ file://CVE-2023-50781-3.patch \
+ file://CVE-2023-50781-4.patch \
+ file://CVE-2023-50781-5.patch \
+ file://CVE-2023-50781-6.patch \
+ "
SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 2/9] xserver-xorg: Fix for CVE-2025-49178
2025-08-26 13:44 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 1/9] openssl: fix CVE-2023-50781 Steve Sakoman
@ 2025-08-26 13:44 ` Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 3/9] xserver-xorg: Fix for CVE-2025-49179 Steve Sakoman
` (6 subsequent siblings)
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-08-26 13:44 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/d55c54cecb5e83eaa2d56bed5cc4461f9ba318c2
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../xserver-xorg/CVE-2025-49178.patch | 49 +++++++++++++++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 1 +
2 files changed, 50 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49178.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49178.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49178.patch
new file mode 100644
index 0000000000..ce3e2f415f
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49178.patch
@@ -0,0 +1,49 @@
+From d55c54cecb5e83eaa2d56bed5cc4461f9ba318c2 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 28 Apr 2025 10:46:03 +0200
+Subject: [PATCH] os: Account for bytes to ignore when sharing input buffer
+
+When reading requests from the clients, the input buffer might be shared
+and used between different clients.
+
+If a given client sends a full request with non-zero bytes to ignore,
+the bytes to ignore may still be non-zero even though the request is
+full, in which case the buffer could be shared with another client who's
+request will not be processed because of those bytes to ignore, leading
+to a possible hang of the other client request.
+
+To avoid the issue, make sure we have zero bytes to ignore left in the
+input request when sharing the input buffer with another client.
+
+CVE-2025-49178
+
+This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
+reported by Julian Suleder via ERNW Vulnerability Disclosure.
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/d55c54cecb5e83eaa2d56bed5cc4461f9ba318c2]
+CVE: CVE-2025-49178
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ os/io.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/os/io.c b/os/io.c
+index 3e39c10e6f..e7b76b9cea 100644
+--- a/os/io.c
++++ b/os/io.c
+@@ -441,7 +441,7 @@ ReadRequestFromClient(ClientPtr client)
+ */
+
+ gotnow -= needed;
+- if (!gotnow)
++ if (!gotnow && !oci->ignoreBytes)
+ AvailableInput = oc;
+ if (move_header) {
+ if (client->req_len < bytes_to_int32(sizeof(xBigReq) - sizeof(xReq))) {
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index 1fceec89f7..67e146bf97 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -40,6 +40,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://CVE-2025-49176-1.patch \
file://CVE-2025-49176-2.patch \
file://CVE-2025-49177.patch \
+ file://CVE-2025-49178.patch \
"
SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 3/9] xserver-xorg: Fix for CVE-2025-49179
2025-08-26 13:44 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 1/9] openssl: fix CVE-2023-50781 Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 2/9] xserver-xorg: Fix for CVE-2025-49178 Steve Sakoman
@ 2025-08-26 13:44 ` Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 4/9] xserver-xorg: Fix for CVE-2025-49180 Steve Sakoman
` (5 subsequent siblings)
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-08-26 13:44 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
import patch from debian to fix
CVE-2025-49179
Upstream-Status: Backport [import from debian xorg-server_21.1.7-3+deb12u10.diff.gz
Upstream commit https://gitlab.freedesktop.org/xorg/xserver/-/commit/2bde9ca49a8fd9a1e6697d5e7ef837870d66f5d4]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../xserver-xorg/CVE-2025-49179.patch | 67 +++++++++++++++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 1 +
2 files changed, 68 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49179.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49179.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49179.patch
new file mode 100644
index 0000000000..a3d9ccbe16
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49179.patch
@@ -0,0 +1,67 @@
+From 2bde9ca49a8fd9a1e6697d5e7ef837870d66f5d4 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 28 Apr 2025 11:47:15 +0200
+Subject: [PATCH] record: Check for overflow in
+ RecordSanityCheckRegisterClients()
+
+The RecordSanityCheckRegisterClients() checks for the request length,
+but does not check for integer overflow.
+
+A client might send a very large value for either the number of clients
+or the number of protocol ranges that will cause an integer overflow in
+the request length computation, defeating the check for request length.
+
+To avoid the issue, explicitly check the number of clients against the
+limit of clients (which is much lower than an maximum integer value) and
+the number of protocol ranges (multiplied by the record length) do not
+exceed the maximum integer value.
+
+This way, we ensure that the final computation for the request length
+will not overflow the maximum integer limit.
+
+CVE-2025-49179
+
+This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
+reported by Julian Suleder via ERNW Vulnerability Disclosure.
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024>
+
+Upstream-Status: Backport [import from debian xorg-server_21.1.7-3+deb12u10.diff.gz
+Upstream commit https://gitlab.freedesktop.org/xorg/xserver/-/commit/2bde9ca49a8fd9a1e6697d5e7ef837870d66f5d4]
+CVE: CVE-2025-49179
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ record/record.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/record/record.c b/record/record.c
+index e123867..d57be5b 100644
+--- a/record/record.c
++++ b/record/record.c
+@@ -45,6 +45,7 @@ and Jim Haggerty of Metheus.
+ #include "inputstr.h"
+ #include "eventconvert.h"
+ #include "scrnintstr.h"
++#include "opaque.h"
+
+ #include <stdio.h>
+ #include <assert.h>
+@@ -1298,6 +1299,13 @@ RecordSanityCheckRegisterClients(RecordContextPtr pContext, ClientPtr client,
+ int i;
+ XID recordingClient;
+
++ /* LimitClients is 2048 at max, way less that MAXINT */
++ if (stuff->nClients > LimitClients)
++ return BadValue;
++
++ if (stuff->nRanges > (MAXINT - 4 * stuff->nClients) / SIZEOF(xRecordRange))
++ return BadValue;
++
+ if (((client->req_len << 2) - SIZEOF(xRecordRegisterClientsReq)) !=
+ 4 * stuff->nClients + SIZEOF(xRecordRange) * stuff->nRanges)
+ return BadLength;
+--
+2.25.1
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index 67e146bf97..279351eff1 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -41,6 +41,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://CVE-2025-49176-2.patch \
file://CVE-2025-49177.patch \
file://CVE-2025-49178.patch \
+ file://CVE-2025-49179.patch \
"
SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 4/9] xserver-xorg: Fix for CVE-2025-49180
2025-08-26 13:44 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
` (2 preceding siblings ...)
2025-08-26 13:44 ` [OE-core][kirkstone 3/9] xserver-xorg: Fix for CVE-2025-49179 Steve Sakoman
@ 2025-08-26 13:44 ` Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 5/9] gstreamer1.0-plugins-base: fix CVE-2025-47807 Steve Sakoman
` (4 subsequent siblings)
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-08-26 13:44 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport from
https://gitlab.freedesktop.org/xorg/xserver/-/commit/3c3a4b767b16174d3213055947ea7f4f88e10ec6
& https://gitlab.freedesktop.org/xorg/xserver/-/commit/0235121c6a7a6eb247e2addb3b41ed6ef566853d
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../xserver-xorg/CVE-2025-49180-1.patch | 44 ++++++++++++++++
.../xserver-xorg/CVE-2025-49180-2.patch | 52 +++++++++++++++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 2 +
3 files changed, 98 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-2.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-1.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-1.patch
new file mode 100644
index 0000000000..9e4e016477
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-1.patch
@@ -0,0 +1,44 @@
+From 3c3a4b767b16174d3213055947ea7f4f88e10ec6 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Tue, 20 May 2025 15:18:19 +0200
+Subject: [PATCH] randr: Check for overflow in RRChangeProviderProperty()
+
+A client might send a request causing an integer overflow when computing
+the total size to allocate in RRChangeProviderProperty().
+
+To avoid the issue, check that total length in bytes won't exceed the
+maximum integer value.
+
+CVE-2025-49180
+
+This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
+reported by Julian Suleder via ERNW Vulnerability Disclosure.
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/3c3a4b767b16174d3213055947ea7f4f88e10ec6]
+CVE: CVE-2025-49180
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ randr/rrproviderproperty.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/randr/rrproviderproperty.c b/randr/rrproviderproperty.c
+index 69f66ed278..0c3dcd1bc5 100644
+--- a/randr/rrproviderproperty.c
++++ b/randr/rrproviderproperty.c
+@@ -182,7 +182,8 @@ RRChangeProviderProperty(RRProviderPtr provider, Atom property, Atom type,
+
+ if (mode == PropModeReplace || len > 0) {
+ void *new_data = NULL, *old_data = NULL;
+-
++ if (total_len > MAXINT / size_in_bytes)
++ return BadValue;
+ total_size = total_len * size_in_bytes;
+ new_value.data = (void *) malloc(total_size);
+ if (!new_value.data && total_size) {
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-2.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-2.patch
new file mode 100644
index 0000000000..94fda308a9
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-2.patch
@@ -0,0 +1,52 @@
+From 0235121c6a7a6eb247e2addb3b41ed6ef566853d Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 28 Apr 2025 14:59:46 +0200
+Subject: [PATCH] xfree86: Check for RandR provider functions
+
+Changing XRandR provider properties if the driver has set no provider
+function such as the modesetting driver will cause a NULL pointer
+dereference and a crash of the Xorg server.
+
+Related to CVE-2025-49180
+
+This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
+reported by Julian Suleder via ERNW Vulnerability Disclosure.
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/0235121c6a7a6eb247e2addb3b41ed6ef566853d]
+CVE: CVE-2025-49180
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ hw/xfree86/modes/xf86RandR12.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/hw/xfree86/modes/xf86RandR12.c b/hw/xfree86/modes/xf86RandR12.c
+index ddcf5e748a..bf33da377a 100644
+--- a/hw/xfree86/modes/xf86RandR12.c
++++ b/hw/xfree86/modes/xf86RandR12.c
+@@ -2146,7 +2146,8 @@ xf86RandR14ProviderSetProperty(ScreenPtr pScreen,
+ /* If we don't have any property handler, then we don't care what the
+ * user is setting properties to.
+ */
+- if (config->provider_funcs->set_property == NULL)
++ if (config->provider_funcs == NULL ||
++ config->provider_funcs->set_property == NULL)
+ return TRUE;
+
+ /*
+@@ -2164,7 +2165,8 @@ xf86RandR14ProviderGetProperty(ScreenPtr pScreen,
+ ScrnInfoPtr pScrn = xf86ScreenToScrn(pScreen);
+ xf86CrtcConfigPtr config = XF86_CRTC_CONFIG_PTR(pScrn);
+
+- if (config->provider_funcs->get_property == NULL)
++ if (config->provider_funcs == NULL ||
++ config->provider_funcs->get_property == NULL)
+ return TRUE;
+
+ /* Should be safe even w/o vtSema */
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index 279351eff1..a15669a260 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -42,6 +42,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://CVE-2025-49177.patch \
file://CVE-2025-49178.patch \
file://CVE-2025-49179.patch \
+ file://CVE-2025-49180-1.patch \
+ file://CVE-2025-49180-2.patch \
"
SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 5/9] gstreamer1.0-plugins-base: fix CVE-2025-47807
2025-08-26 13:44 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
` (3 preceding siblings ...)
2025-08-26 13:44 ` [OE-core][kirkstone 4/9] xserver-xorg: Fix for CVE-2025-49180 Steve Sakoman
@ 2025-08-26 13:44 ` Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 6/9] qemu: ignore CVE-2024-7730 Steve Sakoman
` (3 subsequent siblings)
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-08-26 13:44 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9e2238adc1cad1fba5aad23bc8c2a6c2a65794d2
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../CVE-2025-47807.patch | 49 +++++++++++++++++++
.../gstreamer1.0-plugins-base_1.20.7.bb | 1 +
2 files changed, 50 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47807.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47807.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47807.patch
new file mode 100644
index 0000000000..03a5d938b5
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47807.patch
@@ -0,0 +1,49 @@
+From 9e2238adc1cad1fba5aad23bc8c2a6c2a65794d2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 8 May 2025 09:14:15 +0300
+Subject: [PATCH] subparse: Check for valid UTF-8 before cleaning up lines and
+ check for regex replace errors
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4418
+Fixes CVE-2025-47807
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9132>
+
+CVE: CVE-2025-47807
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9e2238adc1cad1fba5aad23bc8c2a6c2a65794d2]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ gst/subparse/gstsubparse.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c
+index 81a7f65..5e8769c 100644
+--- a/gst/subparse/gstsubparse.c
++++ b/gst/subparse/gstsubparse.c
+@@ -666,6 +666,12 @@ subrip_unescape_formatting (gchar * txt, gconstpointer allowed_tags_ptr,
+ res = g_regex_replace (tag_regex, txt, strlen (txt), 0,
+ replace_pattern, 0, NULL);
+
++ /* Replacing can fail. Return an empty string in that case. */
++ if (!res) {
++ strcpy (txt, "");
++ return;
++ }
++
+ /* res will always be shorter than the input or identical, so this
+ * copy is OK */
+ strcpy (txt, res);
+@@ -1046,6 +1052,10 @@ parse_subrip (ParserState * state, const gchar * line)
+ g_string_append_c (state->buf, '\n');
+ g_string_append (state->buf, line);
+ if (strlen (line) == 0) {
++ if (!g_utf8_validate (state->buf->str, state->buf->len, NULL)) {
++ g_string_truncate (state->buf, 0);
++ return NULL;
++ }
+ ret = g_markup_escape_text (state->buf->str, state->buf->len);
+ g_string_truncate (state->buf, 0);
+ state->state = 0;
+--
+2.50.1
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.7.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.7.bb
index 05d58e83b0..6bffd2a872 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.7.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.7.bb
@@ -22,6 +22,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
file://CVE-2024-47835.patch \
file://CVE-2025-47806.patch \
file://CVE-2025-47808.patch \
+ file://CVE-2025-47807.patch \
"
SRC_URI[sha256sum] = "fde6696a91875095d82c1012b5777c28ba926047ffce08508e12c1d2c66f0057"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 6/9] qemu: ignore CVE-2024-7730
2025-08-26 13:44 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
` (4 preceding siblings ...)
2025-08-26 13:44 ` [OE-core][kirkstone 5/9] gstreamer1.0-plugins-base: fix CVE-2025-47807 Steve Sakoman
@ 2025-08-26 13:44 ` Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 7/9] glib-2.0: patch CVE-2025-7039 Steve Sakoman
` (2 subsequent siblings)
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-08-26 13:44 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
This CVE is for virtio-snd which was introduced in 8.2.0.
Therefore ignore this CVE for version 6.2.0.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/qemu/qemu.inc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index cae33459e6..1298514cd7 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -164,6 +164,9 @@ CVE_CHECK_IGNORE += "CVE-2022-36648"
# disputed: not an issue as per https://bugzilla.redhat.com/show_bug.cgi?id=2223985
CVE_CHECK_IGNORE += "CVE-2023-1386"
+# virtio-snd was implemented in 8.2.0, so version 6.2.0 is not yet affected
+CVE_CHECK_IGNORE += "CVE-2024-7730"
+
COMPATIBLE_HOST:mipsarchn32 = "null"
COMPATIBLE_HOST:mipsarchn64 = "null"
COMPATIBLE_HOST:riscv32 = "null"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 7/9] glib-2.0: patch CVE-2025-7039
2025-08-26 13:44 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
` (5 preceding siblings ...)
2025-08-26 13:44 ` [OE-core][kirkstone 6/9] qemu: ignore CVE-2024-7730 Steve Sakoman
@ 2025-08-26 13:44 ` Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 8/9] dpkg: patch CVE-2025-6297 Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 9/9] libarchive: patch regression of patch for CVE-2025-5918 Steve Sakoman
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-08-26 13:44 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commit per [1].
Also pick commit which changed the same code before to apply it cleanly.
[1] https://security-tracker.debian.org/tracker/CVE-2025-7039
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glib-2.0/glib-2.0/CVE-2025-7039-01.patch | 40 +++++++++++++++++
.../glib-2.0/glib-2.0/CVE-2025-7039-02.patch | 43 +++++++++++++++++++
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 2 +
3 files changed, 85 insertions(+)
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-01.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-02.patch
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-01.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-01.patch
new file mode 100644
index 0000000000..cb096fca42
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-01.patch
@@ -0,0 +1,40 @@
+From 285db475ecaa4d2cc39ce326b4c63aacb87ca6ad Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Tue, 22 Aug 2023 19:57:48 +0200
+Subject: [PATCH] glib/gfileutils.c: use 64 bits for value in get_tmp_file()
+
+On 32 bit systems 'long' value will overflow in 2038 and become negative.
+As it is used to index into letters array, and % operation preserves signs,
+data corruption will then occur.
+
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+
+CVE: CVE-2025-7039
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/285db475ecaa4d2cc39ce326b4c63aacb87ca6ad]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gfileutils.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/glib/gfileutils.c b/glib/gfileutils.c
+index 9646c696e..bd3cc179a 100644
+--- a/glib/gfileutils.c
++++ b/glib/gfileutils.c
+@@ -1475,7 +1475,7 @@ get_tmp_file (gchar *tmpl,
+ static const char letters[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+ static const int NLETTERS = sizeof (letters) - 1;
+- glong value;
++ gint64 value;
+ gint64 now_us;
+ static int counter = 0;
+
+@@ -1496,7 +1496,7 @@ get_tmp_file (gchar *tmpl,
+
+ for (count = 0; count < 100; value += 7777, ++count)
+ {
+- glong v = value;
++ gint64 v = value;
+
+ /* Fill in the random bits. */
+ XXXXXX[0] = letters[v % NLETTERS];
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-02.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-02.patch
new file mode 100644
index 0000000000..37e32fefc3
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-02.patch
@@ -0,0 +1,43 @@
+From 61e963284889ddb4544e6f1d5261c16120f6fcc3 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Tue, 1 Jul 2025 10:58:07 -0500
+Subject: [PATCH] gfileutils: fix computation of temporary file name
+
+We need to ensure that the value we use to index into the letters array
+is always positive.
+
+Fixes #3716
+
+CVE: CVE-2025-7039
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/61e963284889ddb4544e6f1d5261c16120f6fcc3]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gfileutils.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/glib/gfileutils.c b/glib/gfileutils.c
+index c7d3339d1..286b1b154 100644
+--- a/glib/gfileutils.c
++++ b/glib/gfileutils.c
+@@ -1475,9 +1475,9 @@ get_tmp_file (gchar *tmpl,
+ static const char letters[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+ static const int NLETTERS = sizeof (letters) - 1;
+- gint64 value;
+- gint64 now_us;
+- static int counter = 0;
++ guint64 value;
++ guint64 now_us;
++ static guint counter = 0;
+
+ g_return_val_if_fail (tmpl != NULL, -1);
+
+@@ -1496,7 +1496,7 @@ get_tmp_file (gchar *tmpl,
+
+ for (count = 0; count < 100; value += 7777, ++count)
+ {
+- gint64 v = value;
++ guint64 v = value;
+
+ /* Fill in the random bits. */
+ XXXXXX[0] = letters[v % NLETTERS];
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
index 31b6c1fe98..7ba52b5c79 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
@@ -62,6 +62,8 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
file://CVE-2025-3360-06.patch \
file://CVE-2025-4373-01.patch \
file://CVE-2025-4373-02.patch \
+ file://CVE-2025-7039-01.patch \
+ file://CVE-2025-7039-02.patch \
"
SRC_URI:append:class-native = " file://relocate-modules.patch"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 8/9] dpkg: patch CVE-2025-6297
2025-08-26 13:44 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
` (6 preceding siblings ...)
2025-08-26 13:44 ` [OE-core][kirkstone 7/9] glib-2.0: patch CVE-2025-7039 Steve Sakoman
@ 2025-08-26 13:44 ` Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 9/9] libarchive: patch regression of patch for CVE-2025-5918 Steve Sakoman
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-08-26 13:44 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commit per [1] from 1.22.x branch.
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-6297
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../dpkg/dpkg/CVE-2025-6297.patch | 125 ++++++++++++++++++
meta/recipes-devtools/dpkg/dpkg_1.21.4.bb | 1 +
2 files changed, 126 insertions(+)
create mode 100644 meta/recipes-devtools/dpkg/dpkg/CVE-2025-6297.patch
diff --git a/meta/recipes-devtools/dpkg/dpkg/CVE-2025-6297.patch b/meta/recipes-devtools/dpkg/dpkg/CVE-2025-6297.patch
new file mode 100644
index 0000000000..537f77643b
--- /dev/null
+++ b/meta/recipes-devtools/dpkg/dpkg/CVE-2025-6297.patch
@@ -0,0 +1,125 @@
+From 98c623c8d6814ae46a3b30ca22e584c77d47d86b Mon Sep 17 00:00:00 2001
+From: Guillem Jover <guillem@debian.org>
+Date: Sat, 7 Jun 2025 14:17:07 +0200
+Subject: [PATCH] dpkg-deb: Fix cleanup for control member with restricted
+ directories
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When extracting a control member into a temporary directory, which is
+documented as being a safe operation even on untrusted data, the code
+in charge of the temporary directory cleanup does not sanitize the
+directory permissions, which is then unable to perform the «rm -rf»
+when running as a non-root user, leaving temporary files behind.
+
+Given automated and repeated execution of dpkg-deb commands on
+adversarial .deb packages or with well compressible files, placed
+inside a directory with permissions not allowing removal by a non-root
+user, this can end up with a DoS scenario due to causing disk quota
+exhaustion or disk full conditions.
+
+This is considered a minor issue, given the required conditions to
+trigger a problem with it, but an issue non the less given the
+documented security guarantees of the command. This has been an
+issue since the initial commit introducing dpkg-deb in C.
+
+We use an existing string for the error message to avoid new strings
+needing translation for stable branches, which make the error message
+less descriptive than what would be ideal. This will be improved in
+git HEAD.
+
+Reported-by: zhutyra on HackerOne
+Fixes: CVE-2025-6297
+Stable-Candidate: 1.20.x 1.21.x 1.22.x
+(cherry picked from commit ed6bbd445dd8800308c67236ba35d08004c98e82)
+(cherry picked from commit 02ad0532bd490cbc95b344f670e622a38eecfbf6)
+(cherry picked from commit d8a76551e22abe76eefd7fef5c7f51f4118eb40e)
+
+CVE: CVE-2025-6297
+Upstream-Status: Backport [https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=98c623c8d6814ae46a3b30ca22e584c77d47d86b]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/at/deb-content.at | 32 ++++++++++++++++++++++++++++++++
+ src/deb/info.c | 20 ++++++++++++++++++++
+ 2 files changed, 52 insertions(+)
+
+diff --git a/src/at/deb-content.at b/src/at/deb-content.at
+index a192c9493..d48eed72b 100644
+--- a/src/at/deb-content.at
++++ b/src/at/deb-content.at
+@@ -127,3 +127,35 @@ newline'
+ ])
+
+ AT_CLEANUP
++
++AT_SETUP([dpkg-deb .deb extraction cleanup])
++AT_KEYWORDS([dpkg-deb deb extraction])
++
++DPKG_GEN_CONTROL([pkg-ctrl-dir-perms])
++AT_CHECK([
++dpkg-deb --root-owner-group -Znone -b pkg-ctrl-dir-perms
++DPKG_AR_EXTRACT([pkg-ctrl-dir-perms.deb])
++dpkg-deb -R pkg-ctrl-dir-perms.deb pkg-ctrl-dir-perms-bad
++mkdir -p pkg-ctrl-dir-perms-bad/DEBIAN/rx-subdir/inner
++touch pkg-ctrl-dir-perms-bad/DEBIAN/rx-subdir/inner/file
++chmod 0555 pkg-ctrl-dir-perms-bad/DEBIAN
++chmod 0555 pkg-ctrl-dir-perms-bad/DEBIAN/rx-subdir
++chmod 0555 pkg-ctrl-dir-perms-bad/DEBIAN/rx-subdir/inner
++$TAR cf control.tar --format=gnu --sort=name --mtime @0 --clamp-mtime --owner root:0 --group root:0 -C pkg-ctrl-dir-perms-bad/DEBIAN .
++DPKG_AR_GEN([pkg-ctrl-dir-perms.deb], [debian-binary control.tar data.tar])
++], [0], [dpkg-deb: building package 'pkg-ctrl-dir-perms' in 'pkg-ctrl-dir-perms.deb'.
++])
++AT_CHECK([
++dpkg-deb --ctrl-tarfile pkg-ctrl-dir-perms.deb | $TAR tvf -
++], [0], [dr-xr-xr-x root/root 0 1970-01-01 00:00 ./
++-rw-r--r-- root/root 176 1970-01-01 00:00 ./control
++dr-xr-xr-x root/root 0 1970-01-01 00:00 ./rx-subdir/
++dr-xr-xr-x root/root 0 1970-01-01 00:00 ./rx-subdir/inner/
++-rw-r--r-- root/root 0 1970-01-01 00:00 ./rx-subdir/inner/file
++])
++# Check that we can cleanup the temporarily extracted control.tar member.
++AT_CHECK([
++dpkg-deb -I pkg-ctrl-dir-perms.deb
++], [0], [ignore])
++
++AT_CLEANUP
+diff --git a/src/deb/info.c b/src/deb/info.c
+index f3d57e2ce..396ea4d14 100644
+--- a/src/deb/info.c
++++ b/src/deb/info.c
+@@ -45,14 +45,34 @@
+ #include <dpkg/pkg-format.h>
+ #include <dpkg/buffer.h>
+ #include <dpkg/path.h>
++#include <dpkg/treewalk.h>
+ #include <dpkg/options.h>
+
+ #include "dpkg-deb.h"
+
++static int
++cu_info_treewalk_fixup_dir(struct treenode *node)
++{
++ const char *nodename;
++
++ if (!S_ISDIR(treenode_get_mode(node)))
++ return 0;
++
++ nodename = treenode_get_pathname(node);
++ if (chmod(nodename, 0755) < 0)
++ ohshite(_("error setting permissions of '%.255s'"), nodename);
++
++ return 0;
++}
++
+ static void cu_info_prepare(int argc, void **argv) {
+ char *dir;
++ struct treewalk_funcs cu_info_treewalk_funcs = {
++ .visit = cu_info_treewalk_fixup_dir,
++ };
+
+ dir = argv[0];
++ treewalk(dir, TREEWALK_NONE, &cu_info_treewalk_funcs);
+ path_remove_tree(dir);
+ free(dir);
+ }
diff --git a/meta/recipes-devtools/dpkg/dpkg_1.21.4.bb b/meta/recipes-devtools/dpkg/dpkg_1.21.4.bb
index 7ef6233ee4..27e835a288 100644
--- a/meta/recipes-devtools/dpkg/dpkg_1.21.4.bb
+++ b/meta/recipes-devtools/dpkg/dpkg_1.21.4.bb
@@ -15,6 +15,7 @@ SRC_URI = "git://salsa.debian.org/dpkg-team/dpkg.git;protocol=https;branch=main
file://pager.patch \
file://0001-Add-support-for-riscv32-CPU.patch \
file://0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch \
+ file://CVE-2025-6297.patch \
"
SRC_URI:append:class-native = " file://0001-build.c-ignore-return-of-1-from-tar-cf.patch"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 9/9] libarchive: patch regression of patch for CVE-2025-5918
2025-08-26 13:44 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
` (7 preceding siblings ...)
2025-08-26 13:44 ` [OE-core][kirkstone 8/9] dpkg: patch CVE-2025-6297 Steve Sakoman
@ 2025-08-26 13:44 ` Steve Sakoman
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-08-26 13:44 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Picked commit per [1].
[1] https://security-tracker.debian.org/tracker/CVE-2025-5918
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...2025-5918.patch => CVE-2025-5918-01.patch} | 0
.../libarchive/CVE-2025-5918-02.patch | 51 +++++++++++++++++++
.../libarchive/libarchive_3.6.2.bb | 3 +-
3 files changed, 53 insertions(+), 1 deletion(-)
rename meta/recipes-extended/libarchive/libarchive/{CVE-2025-5918.patch => CVE-2025-5918-01.patch} (100%)
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-01.patch
similarity index 100%
rename from meta/recipes-extended/libarchive/libarchive/CVE-2025-5918.patch
rename to meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-01.patch
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch
new file mode 100644
index 0000000000..223cd01c0d
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch
@@ -0,0 +1,51 @@
+From 51b4c35bb38b7df4af24de7f103863dd79129b01 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Tue, 27 May 2025 17:09:12 +0200
+Subject: [PATCH] Fix FILE_skip regression
+
+The fseek* family of functions return 0 on success, not the new offset.
+This is only true for lseek.
+
+Fixes https://github.com/libarchive/libarchive/issues/2641
+Fixes dcbf1e0ededa95849f098d154a25876ed5754bcf
+
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+
+CVE: CVE-2025-5918
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/51b4c35bb38b7df4af24de7f103863dd79129b01]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ libarchive/archive_read_open_file.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/libarchive/archive_read_open_file.c b/libarchive/archive_read_open_file.c
+index 6ed18a0c..742923ab 100644
+--- a/libarchive/archive_read_open_file.c
++++ b/libarchive/archive_read_open_file.c
+@@ -133,7 +133,7 @@ FILE_skip(struct archive *a, void *client_data, int64_t request)
+ #else
+ long skip = (long)request;
+ #endif
+- int64_t old_offset, new_offset;
++ int64_t old_offset, new_offset = -1;
+ int skip_bits = sizeof(skip) * 8 - 1;
+
+ (void)a; /* UNUSED */
+@@ -171,11 +171,14 @@ FILE_skip(struct archive *a, void *client_data, int64_t request)
+ #ifdef __ANDROID__
+ new_offset = lseek(fileno(mine->f), skip, SEEK_CUR);
+ #elif HAVE__FSEEKI64
+- new_offset = _fseeki64(mine->f, skip, SEEK_CUR);
++ if (_fseeki64(mine->f, skip, SEEK_CUR) == 0)
++ new_offset = _ftelli64(mine->f);
+ #elif HAVE_FSEEKO
+- new_offset = fseeko(mine->f, skip, SEEK_CUR);
++ if (fseeko(mine->f, skip, SEEK_CUR) == 0)
++ new_offset = ftello(mine->f);
+ #else
+- new_offset = fseek(mine->f, skip, SEEK_CUR);
++ if (fseek(mine->f, skip, SEEK_CUR) == 0)
++ new_offset = ftell(mine->f);
+ #endif
+ if (new_offset >= 0)
+ return (new_offset - old_offset);
diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index bfd4df8ad1..65b4649147 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -41,7 +41,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
file://CVE-2025-5917.patch \
file://0001-FILE-seeking-support-2539.patch \
file://0001-Improve-lseek-handling-2564.patch \
- file://CVE-2025-5918.patch \
+ file://CVE-2025-5918-01.patch \
+ file://CVE-2025-5918-02.patch \
"
UPSTREAM_CHECK_URI = "http://libarchive.org/"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2025-09-03 16:14 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-09-03 16:14 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, September 5
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2309
The following changes since commit 36cf6bb39df081b27306d27b20155995b73e1a01:
Revert "sqlite3: patch CVE-2025-7458" (2025-09-01 08:18:45 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Deepak Rathore (1):
default-distrovars.inc: Fix CONNECTIVITY_CHECK_URIS redirect issue
Kyungjik Min (1):
pulseaudio: Add audio group explicitly
Mingli Yu (1):
vim: not adjust script pathnames for native scripts either
Peter Marko (2):
vim: upgrade 9.1.1198 -> 9.1.1652
sudo: remove devtool FIXME comment
Praveen Kumar (1):
git: fix CVE-2025-48384
Yogita Urade (3):
tiff: fix CVE-2024-13978
tiff: fix CVE-2025-8534
tiff: fix CVE-2025-8851
meta-selftest/files/static-group | 1 +
.../distro/include/default-distrovars.inc | 2 +-
meta/lib/oeqa/sdk/buildtools-cases/https.py | 4 +-
.../git/git/CVE-2025-48384.patch | 85 +++++++++++++++++++
meta/recipes-devtools/git/git_2.35.7.bb | 1 +
meta/recipes-extended/sudo/sudo_1.9.17p1.bb | 52 ------------
.../libtiff/tiff/CVE-2024-13978.patch | 47 ++++++++++
.../libtiff/tiff/CVE-2025-8534.patch | 60 +++++++++++++
.../libtiff/tiff/CVE-2025-8851.patch | 71 ++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 3 +
.../pulseaudio/pulseaudio.inc | 2 +-
...src-Makefile-improve-reproducibility.patch | 10 +--
.../vim/files/disable_acl_header_check.patch | 12 +--
.../vim/files/no-path-adjust.patch | 35 +++++---
meta/recipes-support/vim/vim.inc | 7 +-
15 files changed, 308 insertions(+), 84 deletions(-)
create mode 100644 meta/recipes-devtools/git/git/CVE-2025-48384.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8534.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8851.patch
--
2.43.0
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2025-11-25 20:54 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-11-25 20:54 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, November 27
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2776
The following changes since commit ff72b41a3f0bf1820405b8782f0d125cd10e3406:
oe-build-perf-report: relax metadata matching rules (2025-11-19 08:28:19 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Divya Chellam (3):
ruby: fix CVE-2024-35176
ruby: fix CVE-2024-39908
ruby: fix CVE-2024-41123
Gyorgy Sarvari (1):
flac: patch seeking bug
Peter Marko (3):
libarchive: patch 3.8.3 security issue 1
libarchive: patch 3.8.3 security issue 2
libarchive: patch CVE-2025-60753
Praveen Kumar (1):
python3: fix CVE-2025-6075
Vijay Anusuri (1):
python3-idna: Fix CVE-2024-3651
.../python/python3-idna/CVE-2024-3651.patch | 2484 +++++++++++++++++
.../python/python3-idna_3.3.bb | 2 +
.../python/python3/CVE-2025-6075.patch | 364 +++
.../python/python3_3.10.19.bb | 1 +
.../ruby/ruby/CVE-2024-35176.patch | 112 +
.../ruby/ruby/CVE-2024-39908-0001.patch | 46 +
.../ruby/ruby/CVE-2024-39908-0002.patch | 130 +
.../ruby/ruby/CVE-2024-39908-0003.patch | 46 +
.../ruby/ruby/CVE-2024-39908-0004.patch | 76 +
.../ruby/ruby/CVE-2024-39908-0005.patch | 87 +
.../ruby/ruby/CVE-2024-39908-0006.patch | 44 +
.../ruby/ruby/CVE-2024-39908-0007.patch | 44 +
.../ruby/ruby/CVE-2024-39908-0008.patch | 44 +
.../ruby/ruby/CVE-2024-39908-0009.patch | 36 +
.../ruby/ruby/CVE-2024-39908-0010.patch | 53 +
.../ruby/ruby/CVE-2024-39908-0011.patch | 35 +
.../ruby/ruby/CVE-2024-39908-0012.patch | 36 +
.../ruby/ruby/CVE-2024-41123-0001.patch | 44 +
.../ruby/ruby/CVE-2024-41123-0002.patch | 37 +
.../ruby/ruby/CVE-2024-41123-0003.patch | 55 +
.../ruby/ruby/CVE-2024-41123-0004.patch | 163 ++
.../ruby/ruby/CVE-2024-41123-0005.patch | 111 +
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 18 +
...ax-path-length-metadata-writing-2243.patch | 30 +
...request-2696-from-al3xtjames-mkstemp.patch | 28 +
...st-2749-from-KlaraSystems-des-tempdi.patch | 183 ++
...st-2753-from-KlaraSystems-des-temp-f.patch | 190 ++
...-request-2768-from-Commandoss-master.patch | 28 +
.../libarchive/CVE-2025-60753.patch | 76 +
.../libarchive/libarchive_3.6.2.bb | 6 +
.../flac/files/0001-Fix-seeking-bug.patch | 34 +
meta/recipes-multimedia/flac/flac_1.3.4.bb | 3 +-
32 files changed, 4645 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/python/python3-idna/CVE-2024-3651.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-6075.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-35176.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0001.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0002.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0003.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0004.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0006.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0008.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0009.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0010.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0011.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0012.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Fix-max-path-length-metadata-writing-2243.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2696-from-al3xtjames-mkstemp.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2768-from-Commandoss-master.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch
create mode 100644 meta/recipes-multimedia/flac/files/0001-Fix-seeking-bug.patch
--
2.43.0
^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2025-11-25 20:55 UTC | newest]
Thread overview: 22+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-26 13:44 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 1/9] openssl: fix CVE-2023-50781 Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 2/9] xserver-xorg: Fix for CVE-2025-49178 Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 3/9] xserver-xorg: Fix for CVE-2025-49179 Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 4/9] xserver-xorg: Fix for CVE-2025-49180 Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 5/9] gstreamer1.0-plugins-base: fix CVE-2025-47807 Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 6/9] qemu: ignore CVE-2024-7730 Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 7/9] glib-2.0: patch CVE-2025-7039 Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 8/9] dpkg: patch CVE-2025-6297 Steve Sakoman
2025-08-26 13:44 ` [OE-core][kirkstone 9/9] libarchive: patch regression of patch for CVE-2025-5918 Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-11-25 20:54 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
2025-09-03 16:14 Steve Sakoman
2025-08-19 20:49 Steve Sakoman
2025-07-04 15:28 Steve Sakoman
2024-12-17 20:54 Steve Sakoman
2024-06-22 11:57 Steve Sakoman
2024-04-03 3:46 Steve Sakoman
2024-03-07 23:37 Steve Sakoman
2023-06-20 15:37 Steve Sakoman
2023-01-17 14:08 Steve Sakoman
2022-11-13 14:12 Steve Sakoman
2022-05-23 13:59 Steve Sakoman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.