* [OE-core][kirkstone 0/9] Patch review
@ 2022-05-23 13:59 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-05-23 13:59 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by end
of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3692
The following changes since commit ec9e9497730f0a9c8ad3d696c8cdcec06267aacf:
base-passwd: Disable shell for default users (2022-05-16 13:59:44 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (1):
mmc-utils: upgrade to latest revision
Claudius Heine (1):
classes: rootfs-postcommands: add skip option to overlayfs_qa_check
Marta Rybczynska (1):
cve-check: Fix report generation
Richard Purdie (2):
staging: Fix rare sysroot corruption issue
selftest/imagefeatures/overlayfs: Always append to DISTRO_FEATURES
Robert Joslyn (1):
curl: Backport CVE fixes
Samuli Piippo (1):
binutils: Bump to latest 2.38 release branch
Steve Sakoman (1):
python3: fix reproducibility issue with python3-core
wangmy (1):
librepo: upgrade 1.14.2 -> 1.14.3
meta/classes/cve-check.bbclass | 18 +-
meta/classes/rootfs-postcommands.bbclass | 10 +-
meta/classes/staging.bbclass | 24 +
meta/lib/oeqa/selftest/cases/imagefeatures.py | 2 +-
meta/lib/oeqa/selftest/cases/overlayfs.py | 36 +-
.../binutils/binutils-2.38.inc | 2 +-
.../{librepo_1.14.2.bb => librepo_1.14.3.bb} | 2 +-
meta/recipes-devtools/mmc/mmc-utils_git.bb | 2 +-
.../recipes-devtools/python/python3_3.10.4.bb | 5 +
.../curl/curl/CVE-2022-22576.patch | 145 ++++++
.../curl/curl/CVE-2022-27774-1.patch | 45 ++
.../curl/curl/CVE-2022-27774-2.patch | 80 +++
.../curl/curl/CVE-2022-27774-3.patch | 83 ++++
.../curl/curl/CVE-2022-27774-4.patch | 35 ++
.../curl/curl/CVE-2022-27775.patch | 37 ++
.../curl/curl/CVE-2022-27776.patch | 115 +++++
.../curl/curl/CVE-2022-27779.patch | 42 ++
.../curl/curl/CVE-2022-27780.patch | 33 ++
.../curl/curl/CVE-2022-27781.patch | 43 ++
.../curl/curl/CVE-2022-27782-1.patch | 458 ++++++++++++++++++
.../curl/curl/CVE-2022-27782-2.patch | 71 +++
.../curl/curl/CVE-2022-30115.patch | 82 ++++
meta/recipes-support/curl/curl_7.82.0.bb | 16 +-
23 files changed, 1362 insertions(+), 24 deletions(-)
rename meta/recipes-devtools/librepo/{librepo_1.14.2.bb => librepo_1.14.3.bb} (94%)
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-22576.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-2.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-3.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-4.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27775.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27776.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27779.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27780.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27781.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-2.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-30115.patch
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2022-11-13 14:12 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2022-11-13 14:12 UTC (permalink / raw)
To: openembedded-core
Please review this set of patchesd for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4468
The following changes since commit 0c0723757fbba9a4b88c0f98477a18d1e220da2e:
mirrors.bbclass: use shallow tarball for binutils-native (2022-11-06 06:00:05 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (2):
lttng-modules: upgrade 2.13.4 -> 2.13.5
quilt: backport a patch to address grep 3.8 failures
Hitendra Prajapati (1):
QEMU: CVE-2022-3165 VNC: integer underflow in vnc_client_cut_text_ext
leads to CPU exhaustion
Michael Opdenacker (1):
create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED
Narpat Mali (1):
python3-mako: backport fix for CVE-2022-40023
Ross Burton (3):
pixman: backport fix for CVE-2022-44638
sanity: check for GNU tar specifically
qemu: add io_uring PACKAGECONFIG
ciarancourtney (1):
wic: swap partitions are not added to fstab
meta/classes/create-spdx.bbclass | 2 -
meta/classes/sanity.bbclass | 8 +
.../python/python3-mako/CVE-2022-40023.patch | 119 +++++++++++++++
.../python/python3-mako_1.1.6.bb | 2 +
meta/recipes-devtools/qemu/qemu.inc | 3 +-
.../qemu/qemu/CVE-2022-3165.patch | 61 ++++++++
meta/recipes-devtools/quilt/quilt.inc | 1 +
.../quilt/quilt/fix-grep-3.8.patch | 144 ++++++++++++++++++
.../xorg-lib/pixman/CVE-2022-44638.patch | 33 ++++
.../xorg-lib/pixman_0.40.0.bb | 1 +
.../lttng-modules/0001-fix-compaction.patch | 68 ---------
...c-fix-tracepoint-mm_page_alloc_zone_.patch | 106 -------------
...oduce-kfree_skb_reason-v5.15.58.v5.1.patch | 53 -------
...ags-parameter-from-aops-write_begin-.patch | 76 ---------
...Fix-type-of-cpu-in-trace-event-v5.19.patch | 124 ---------------
...ules_2.13.4.bb => lttng-modules_2.13.5.bb} | 7 +-
scripts/lib/wic/plugins/imager/direct.py | 2 +-
17 files changed, 373 insertions(+), 437 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3-mako/CVE-2022-40023.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch
create mode 100644 meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch
create mode 100644 meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch
rename meta/recipes-kernel/lttng/{lttng-modules_2.13.4.bb => lttng-modules_2.13.5.bb} (78%)
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2023-01-17 14:08 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2023-01-17 14:08 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4800
The following changes since commit 4760fac939a6204e3cb7dcd3699cd9a2508f9dee:
devtool: process local files only for the main branch (2023-01-12 04:56:26 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bhabu Bindu (1):
qemu: Fix CVE-2022-4144
Daniel Gomez (1):
gtk-icon-cache: Fix GTKIC_CMD if-else condition
KARN JYE LAU (1):
freetype:update mirror site.
Martin Jansa (1):
ffmpeg: refresh patches to apply cleanly
Narpat Mali (3):
python3-setuptools: fix for CVE-2022-40897
python3-wheel: fix for CVE-2022-40898
python3-git: fix for CVE-2022-24439
Yash Shinde (1):
glibc: stable 2.35 branch updates.
Yogita Urade (1):
libksba: fix CVE-2022-47629
meta/classes/gtk-icon-cache.bbclass | 2 +-
meta/recipes-core/glibc/glibc-version.inc | 2 +-
...-git-CVE-2022-24439-fix-from-PR-1518.patch | 97 ++++
...-git-CVE-2022-24439-fix-from-PR-1521.patch | 488 ++++++++++++++++++
.../python/python3-git_3.1.27.bb | 4 +
...-of-whitespace-to-search-backtrack.-.patch | 31 ++
.../python/python3-setuptools_59.5.0.bb | 1 +
...tential-DoS-attack-via-WHEEL_INFO_RE.patch | 32 ++
.../python/python3-wheel_0.37.1.bb | 4 +-
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2022-4144.patch | 99 ++++
.../freetype/freetype_2.11.1.bb | 2 +-
...c-stop-accessing-out-of-bounds-frame.patch | 19 +-
...c-stop-accessing-out-of-bounds-frame.patch | 7 +-
...-vp3-Add-missing-check-for-av_malloc.patch | 12 +-
...overflow-in-the-CRL-signature-parser.patch | 72 +++
meta/recipes-support/libksba/libksba_1.6.2.bb | 3 +-
17 files changed, 848 insertions(+), 28 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1518.patch
create mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1521.patch
create mode 100644 meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch
create mode 100644 meta/recipes-devtools/python/python3-wheel/0001-Fixed-potential-DoS-attack-via-WHEEL_INFO_RE.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
create mode 100644 meta/recipes-support/libksba/libksba/0001-Fix-an-integer-overflow-in-the-CRL-signature-parser.patch
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2023-06-20 15:37 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2023-06-20 15:37 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5492
The following changes since commit 0e17a5a4f0e3301bf78f77bb5ca4aaf3e4dbc7af:
Revert "ipk: Decode byte data to string in manifest handling" (2023-06-17 05:18:44 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (1):
nasm: fix CVE-2022-46457
Bruce Ashfield (1):
kernel: don't force PAHOLE=false
Chen Qi (1):
staging.bbclass: do not add extend_recipe_sysroot to prefuncs of
prepare_recipe_sysroot
Lorenzo Arena (1):
conf: add nice level to the hash config ignred variables
Martin Jansa (1):
go.bbclass: don't use test to check output from ls
Pavel Zhukov (1):
lib/terminal.py: Add urxvt terminal
Ranjitsinh Rathod (1):
kmscube: Correct DEPENDS to avoid overwrite
Thomas Roos (1):
oeqa/selftest/cases/devtool.py: skip all tests require folder a git
repo
Wang Mingyu (1):
iso-codes: upgrade 4.13.0 -> 4.15.0
meta/classes/go.bbclass | 2 +-
meta/classes/kernel.bbclass | 2 +-
meta/classes/staging.bbclass | 2 +-
meta/conf/bitbake.conf | 2 +-
meta/lib/oe/terminal.py | 4 ++
meta/lib/oeqa/selftest/cases/devtool.py | 8 +++
.../nasm/nasm/CVE-2022-46457.patch | 50 +++++++++++++++++++
meta/recipes-devtools/nasm/nasm_2.15.05.bb | 1 +
meta/recipes-graphics/kmscube/kmscube_git.bb | 3 +-
...so-codes_4.13.0.bb => iso-codes_4.15.0.bb} | 2 +-
10 files changed, 69 insertions(+), 7 deletions(-)
create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2022-46457.patch
rename meta/recipes-support/iso-codes/{iso-codes_4.13.0.bb => iso-codes_4.15.0.bb} (94%)
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2024-03-07 23:37 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2024-03-07 23:37 UTC (permalink / raw)
To: openembedded-core
Unfortunately this series of linux-yocto version bumps has caused a
number of issues with adding and resizing partitions. The problem was
introduced in 5.15.132 and has not been fixed in any of the subsequent
version bumps.
Bruce and have decided to revert this series until we have an acceptable fix.
Please have any comments back by end of day Monday, March 11.
The following changes since commit e5aae8a371717215a7d78459788ad67dfaefe37e:
golang: Fix CVE-2023-45289 & CVE-2023-45290 (2024-03-07 04:18:33 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Steve Sakoman (9):
Revert "linux-yocto/5.15: update CVE exclusions"
Revert "linux-yocto/5.15: update to v5.15.148"
Revert "linux-yocto/5.15: update CVE exclusions"
Revert "linux-yocto/5.15: update to v5.15.147"
Revert "linux-yocto/5.15: update CVE exclusions"
Revert "linux-yocto/5.15: update to v5.15.146"
Revert "linux-yocto/5.15: update to v5.15.145"
Revert "linux-yocto/5.15: update to v5.15.142"
Revert "linux-yocto/5.15: update to v5.15.141"
.../linux/cve-exclusion_5.15.inc | 372 ++----------------
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +-
4 files changed, 57 insertions(+), 353 deletions(-)
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2024-04-03 3:46 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2024-04-03 3:46 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, April 4
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6758
The following changes since commit 1b5405955c7c2579ed1f52522e2e177d0281fa33:
glibc: Fix subscript typos for get_nscd_addresses (2024-03-19 03:33:32 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Claus Stovgaard (1):
gcc: Backport sanitizer fix for 32-bit ALSR
Colin McAllister (1):
common-licenses: Backport missing license
Lee Chee Yang (2):
xwayland: fix CVE-2023-6816 CVE-2024-0408/0409
tiff: fix CVE-2023-52356 CVE-2023-6277
Meenali Gupta (1):
expat: fix CVE-2023-52425
Tan Wen Yan (1):
python3-urllib3: update to v1.26.18
Vijay Anusuri (2):
curl: backport Debian patch for CVE-2024-2398
qemu: Fix for CVE-2023-6683
aszh07 (1):
nghttp2: fix CVE-2023-44487
.../LGPL-3.0-with-zeromq-exception | 181 ++++
.../expat/expat/CVE-2023-52425-0001.patch | 40 +
.../expat/expat/CVE-2023-52425-0002.patch | 87 ++
.../expat/expat/CVE-2023-52425-0003.patch | 222 +++++
.../expat/expat/CVE-2023-52425-0004.patch | 42 +
.../expat/expat/CVE-2023-52425-0005.patch | 69 ++
.../expat/expat/CVE-2023-52425-0006.patch | 67 ++
.../expat/expat/CVE-2023-52425-0007.patch | 159 +++
.../expat/expat/CVE-2023-52425-0008.patch | 95 ++
.../expat/expat/CVE-2023-52425-0009.patch | 52 +
.../expat/expat/CVE-2023-52425-0010.patch | 111 +++
.../expat/expat/CVE-2023-52425-0011.patch | 89 ++
.../expat/expat/CVE-2023-52425-0012.patch | 87 ++
meta/recipes-core/expat/expat_2.5.0.bb | 12 +
meta/recipes-devtools/gcc/gcc-11.4.inc | 1 +
.../gcc/gcc/0031-gcc-sanitizers-fix.patch | 63 ++
..._1.26.17.bb => python3-urllib3_1.26.18.bb} | 2 +-
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2023-6683.patch | 92 ++
.../xwayland/xwayland/CVE-2023-6816.patch | 57 ++
.../xwayland/xwayland/CVE-2024-0408.patch | 65 ++
.../xwayland/xwayland/CVE-2024-0409.patch | 47 +
.../xwayland/xwayland_22.1.8.bb | 3 +
.../libtiff/tiff/CVE-2023-52356.patch | 54 +
.../libtiff/tiff/CVE-2023-6277-1.patch | 178 ++++
.../libtiff/tiff/CVE-2023-6277-2.patch | 151 +++
.../libtiff/tiff/CVE-2023-6277-3.patch | 46 +
.../libtiff/tiff/CVE-2023-6277-4.patch | 93 ++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 5 +
.../curl/curl/CVE-2024-2398.patch | 89 ++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
.../nghttp2/nghttp2/CVE-2023-44487.patch | 927 ++++++++++++++++++
.../recipes-support/nghttp2/nghttp2_1.47.0.bb | 1 +
33 files changed, 3188 insertions(+), 1 deletion(-)
create mode 100644 meta/files/common-licenses/LGPL-3.0-with-zeromq-exception
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0003.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0004.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0005.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0006.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0007.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0008.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0009.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0011.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0012.patch
create mode 100644 meta/recipes-devtools/gcc/gcc/0031-gcc-sanitizers-fix.patch
rename meta/recipes-devtools/python/{python3-urllib3_1.26.17.bb => python3-urllib3_1.26.18.bb} (86%)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2023-6816.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-0408.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-0409.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-1.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-2.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-3.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-4.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2024-2398.patch
create mode 100644 meta/recipes-support/nghttp2/nghttp2/CVE-2023-44487.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2024-06-22 11:57 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2024-06-22 11:57 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and hjave comments back by
end of day Tuesday, June 25
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7065
The following changes since commit ab2649ef6c83f0ae7cac554a72e6bea4dcda0e99:
build-appliance-image: Update to kirkstone head revision (2024-06-01 19:12:27 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Changqing Li (1):
man-pages: remove conflict pages
Deepthi Hemraj (1):
glibc: stable 2.35 branch updates
Khem Raj (1):
gobject-introspection: Do not hardcode objdump name
Peter Marko (1):
glib-2.0: patch CVE-2024-34397
Siddharth (1):
openssl: Upgrade 3.0.13 -> 3.0.14
Siddharth Doshi (1):
libxml2: Security fix for CVE-2024-34459
Thomas Perrot (1):
man-pages: add an alternative link name for crypt_r.3
Yogita Urade (2):
acpica: fix CVE-2024-24856
ruby: fix CVE-2024-27280
.../openssl/openssl/CVE-2024-2511.patch | 122 ---
.../openssl/openssl/CVE-2024-4603.patch | 180 ----
.../{openssl_3.0.13.bb => openssl_3.0.14.bb} | 4 +-
.../glib-2.0/glib-2.0/CVE-2024-34397_01.patch | 129 +++
.../glib-2.0/glib-2.0/CVE-2024-34397_02.patch | 62 ++
.../glib-2.0/glib-2.0/CVE-2024-34397_03.patch | 985 ++++++++++++++++++
.../glib-2.0/glib-2.0/CVE-2024-34397_04.patch | 253 +++++
.../glib-2.0/glib-2.0/CVE-2024-34397_05.patch | 88 ++
.../glib-2.0/glib-2.0/CVE-2024-34397_06.patch | 263 +++++
.../glib-2.0/glib-2.0/CVE-2024-34397_07.patch | 45 +
.../glib-2.0/glib-2.0/CVE-2024-34397_08.patch | 168 +++
.../glib-2.0/glib-2.0/CVE-2024-34397_09.patch | 81 ++
.../glib-2.0/glib-2.0/CVE-2024-34397_10.patch | 108 ++
.../glib-2.0/glib-2.0/CVE-2024-34397_11.patch | 133 +++
.../glib-2.0/glib-2.0/CVE-2024-34397_12.patch | 173 +++
.../glib-2.0/glib-2.0/CVE-2024-34397_13.patch | 513 +++++++++
.../glib-2.0/glib-2.0/CVE-2024-34397_14.patch | 75 ++
.../glib-2.0/glib-2.0/CVE-2024-34397_15.patch | 47 +
.../glib-2.0/glib-2.0/CVE-2024-34397_16.patch | 62 ++
.../glib-2.0/glib-2.0/CVE-2024-34397_17.patch | 121 +++
.../glib-2.0/glib-2.0/CVE-2024-34397_18.patch | 50 +
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 18 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../libxml/libxml2/CVE-2024-34459.patch | 30 +
meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 +
.../ruby/ruby/CVE-2024-27280.patch | 87 ++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
.../acpica/acpica/CVE-2024-24856.patch | 33 +
.../acpica/acpica_20211217.bb | 4 +-
.../man-pages/man-pages_5.13.bb | 12 +-
.../gobject-introspection_1.72.0.bb | 2 +-
31 files changed, 3536 insertions(+), 316 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.13.bb => openssl_3.0.14.bb} (98%)
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_01.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_02.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_03.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_04.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_05.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_06.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_07.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_08.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_09.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_10.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_11.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_12.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_13.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_14.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_15.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_16.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_17.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_18.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27280.patch
create mode 100644 meta/recipes-extended/acpica/acpica/CVE-2024-24856.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2024-12-17 20:54 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2024-12-17 20:54 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, December 19
Passed a-full on autobuilder:
https://valkyrie.yoctoproject.org/#/builders/29/builds/663
The following changes since commit b132b817f5931b290e5348dd4a17fbfdc5c6e2c4:
dbus: disable assertions and enable only modular tests (2024-12-10 05:38:29 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alex Kiernan (1):
base-passwd: Add the sgx group
Alexandre Belloni (1):
base-passwd: fix patchreview warning
Ernst Persson (1):
package.bbclass: Use shlex instead of deprecated pipes
Jiaying Song (1):
subversion: fix CVE-2024-46901
Louis Rannou (1):
base-passwd: add the wheel group
Peter Kjellerstedt (3):
base-passwd: Regenerate the patches
base-passwd: Update to 3.5.52
base-passwd: Update the status for two patches
Yogita Urade (1):
xserver-xorg: fix CVE-2024-9632
meta/classes/package.bbclass | 4 +-
.../0001-Add-a-shutdown-group.patch | 26 +++
.../0001-base-passwd-Add-the-sgx-group.patch | 30 ++++
...nstead-of-bin-bash-for-the-root-user.patch | 23 +++
...t-since-we-do-not-have-an-etc-shadow.patch | 21 +++
...put-group-for-the-dev-input-devices.patch} | 17 +-
.../{kvm.patch => 0005-Add-kvm-group.patch} | 2 +-
...ble-to-build-without-debconf-support.patch | 129 ++++++++++++++
...-to-disable-the-generation-of-the-do.patch | 46 +++++
.../base-passwd/0008-Add-wheel-group.patch | 20 +++
.../base-passwd/add_shutdown.patch | 19 ---
.../base-passwd/disable-docs.patch | 24 ---
.../base-passwd/disable-shell.patch | 57 -------
.../base-passwd/base-passwd/nobash.patch | 15 --
.../base-passwd/base-passwd/noshadow.patch | 14 --
...passwd_3.5.29.bb => base-passwd_3.5.52.bb} | 30 ++--
.../subversion/CVE-2024-46901.patch | 161 ++++++++++++++++++
.../subversion/subversion_1.14.2.bb | 3 +-
.../xserver-xorg/CVE-2024-9632.patch | 58 +++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 1 +
20 files changed, 547 insertions(+), 153 deletions(-)
create mode 100644 meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch
create mode 100644 meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch
create mode 100644 meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch
create mode 100644 meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch
rename meta/recipes-core/base-passwd/base-passwd/{input.patch => 0004-Add-an-input-group-for-the-dev-input-devices.patch} (42%)
rename meta/recipes-core/base-passwd/base-passwd/{kvm.patch => 0005-Add-kvm-group.patch} (88%)
create mode 100644 meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch
create mode 100644 meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch
create mode 100644 meta/recipes-core/base-passwd/base-passwd/0008-Add-wheel-group.patch
delete mode 100644 meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch
delete mode 100644 meta/recipes-core/base-passwd/base-passwd/disable-docs.patch
delete mode 100644 meta/recipes-core/base-passwd/base-passwd/disable-shell.patch
delete mode 100644 meta/recipes-core/base-passwd/base-passwd/nobash.patch
delete mode 100644 meta/recipes-core/base-passwd/base-passwd/noshadow.patch
rename meta/recipes-core/base-passwd/{base-passwd_3.5.29.bb => base-passwd_3.5.52.bb} (79%)
create mode 100644 meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-9632.patch
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2025-07-04 15:28 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-07-04 15:28 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, July 8
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1949
The following changes since commit 75e54301c5076eb0454aee33c870adf078f563fd:
build-appliance-image: Update to kirkstone head revision (2025-06-27 08:10:04 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (6):
xwayland: fix CVE-2025-49175
xwayland: fix CVE-2025-49176
xwayland: fix CVE-2025-49177
xwayland: fix CVE-2025-49178
xwayland: fix CVE-2025-49178
xwayland: fix CVE-2025-49180
Chen Qi (1):
systemd: backport patches to fix CVE-2025-4598
Colin Pinnell McAllister (1):
libarchive: Fix CVE-2025-5914
Yogita Urade (1):
python3-urllib3: fix CVE-2025-50181
.../systemd/systemd/CVE-2025-4598-0001.patch | 92 ++++++++
.../systemd/systemd/CVE-2025-4598-0002.patch | 106 +++++++++
.../systemd/systemd/CVE-2025-4598-0003.patch | 144 ++++++++++++
.../systemd/systemd/CVE-2025-4598-0004.patch | 36 +++
meta/recipes-core/systemd/systemd_250.14.bb | 4 +
.../python3-urllib3/CVE-2025-50181.patch | 214 ++++++++++++++++++
.../python/python3-urllib3_1.26.18.bb | 4 +
.../libarchive/libarchive/CVE-2025-5914.patch | 46 ++++
.../libarchive/libarchive_3.6.2.bb | 1 +
.../xwayland/xwayland/CVE-2025-49175.patch | 92 ++++++++
.../xwayland/CVE-2025-49176-0001.patch | 93 ++++++++
.../xwayland/CVE-2025-49176-0002.patch | 38 ++++
.../xwayland/xwayland/CVE-2025-49177.patch | 55 +++++
.../xwayland/xwayland/CVE-2025-49178.patch | 50 ++++
.../xwayland/xwayland/CVE-2025-49179.patch | 69 ++++++
.../xwayland/xwayland/CVE-2025-49180.patch | 45 ++++
.../xwayland/xwayland_22.1.8.bb | 7 +
17 files changed, 1096 insertions(+)
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0001.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0002.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0003.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0004.patch
create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-50181.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-5914.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49175.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49176-0001.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49176-0002.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49177.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49178.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49179.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49180.patch
--
2.43.0
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2025-08-19 20:49 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-08-19 20:49 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Thursday, August 21
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2236
The following changes since commit 3d1c037a7cb7858a4e3c33a94f5d343a81aac5f7:
go-helloworld: fix license (2025-08-12 09:57:24 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Dan McGregor (1):
systemd: Fix manpage build after CVE-2025-4598
Hitendra Prajapati (3):
gstreamer1.0-plugins-base: fix CVE-2025-47806 & CVE-2025-47808
gstreamer1.0-plugins-good: fix CVE-2025-47183 & CVE-2025-47219
git: fix CVE-2025-27614-CVE-2025-27613-CVE-2025-46334-CVE-2025-46835
Peter Marko (1):
glib-2.0: ignore CVE-2025-4056
Vijay Anusuri (3):
xserver-xorg: Fix for CVE-2025-49175
xserver-xorg: Fix for CVE-2025-49176
xserver-xorg: Fix for CVE-2025-49177
Youngseok Jeong (1):
libubootenv: backport patch to fix unknown type name 'size_t'
...-Include-cstddef-in-the-header-for-C.patch | 27 +
meta/recipes-bsp/u-boot/libubootenv_0.3.2.bb | 6 +-
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 3 +
.../systemd/systemd/CVE-2025-4598-0003.patch | 7 +-
...-27613-CVE-2025-46334-CVE-2025-46835.patch | 2500 +++++++++++++++++
meta/recipes-devtools/git/git_2.35.7.bb | 1 +
.../xserver-xorg/CVE-2025-49175.patch | 91 +
.../xserver-xorg/CVE-2025-49176-1.patch | 92 +
.../xserver-xorg/CVE-2025-49176-2.patch | 37 +
.../xserver-xorg/CVE-2025-49177.patch | 54 +
.../xorg-xserver/xserver-xorg_21.1.8.bb | 4 +
.../CVE-2025-47806.patch | 50 +
.../CVE-2025-47808.patch | 36 +
.../gstreamer1.0-plugins-base_1.20.7.bb | 2 +
.../CVE-2025-47183-001.patch | 151 +
.../CVE-2025-47183-002.patch | 80 +
.../CVE-2025-47219.patch | 40 +
.../gstreamer1.0-plugins-good_1.20.7.bb | 3 +
18 files changed, 3179 insertions(+), 5 deletions(-)
create mode 100644 meta/recipes-bsp/u-boot/files/0001-Include-cstddef-in-the-header-for-C.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2025-27614-CVE-2025-27613-CVE-2025-46334-CVE-2025-46835.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49175.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49176-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49176-2.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49177.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47806.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47808.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-001.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-002.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch
--
2.43.0
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2025-08-26 13:44 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-08-26 13:44 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, August 28
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2267
The following changes since commit e401a16d8e26d25cec95fcea98d6530036cffca1:
libubootenv: backport patch to fix unknown type name 'size_t' (2025-08-19 10:14:55 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Hitendra Prajapati (1):
gstreamer1.0-plugins-base: fix CVE-2025-47807
Jiaying Song (1):
openssl: fix CVE-2023-50781
Peter Marko (4):
qemu: ignore CVE-2024-7730
glib-2.0: patch CVE-2025-7039
dpkg: patch CVE-2025-6297
libarchive: patch regression of patch for CVE-2025-5918
Vijay Anusuri (3):
xserver-xorg: Fix for CVE-2025-49178
xserver-xorg: Fix for CVE-2025-49179
xserver-xorg: Fix for CVE-2025-49180
.../openssl/openssl/CVE-2023-50781-1.patch | 618 ++++++++++++++++++
.../openssl/openssl/CVE-2023-50781-2.patch | 358 ++++++++++
.../openssl/openssl/CVE-2023-50781-3.patch | 41 ++
.../openssl/openssl/CVE-2023-50781-4.patch | 441 +++++++++++++
.../openssl/openssl/CVE-2023-50781-5.patch | 284 ++++++++
.../openssl/openssl/CVE-2023-50781-6.patch | 57 ++
.../openssl/openssl_3.0.17.bb | 8 +-
.../glib-2.0/glib-2.0/CVE-2025-7039-01.patch | 40 ++
.../glib-2.0/glib-2.0/CVE-2025-7039-02.patch | 43 ++
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 2 +
.../dpkg/dpkg/CVE-2025-6297.patch | 125 ++++
meta/recipes-devtools/dpkg/dpkg_1.21.4.bb | 1 +
meta/recipes-devtools/qemu/qemu.inc | 3 +
...2025-5918.patch => CVE-2025-5918-01.patch} | 0
.../libarchive/CVE-2025-5918-02.patch | 51 ++
.../libarchive/libarchive_3.6.2.bb | 3 +-
.../xserver-xorg/CVE-2025-49178.patch | 49 ++
.../xserver-xorg/CVE-2025-49179.patch | 67 ++
.../xserver-xorg/CVE-2025-49180-1.patch | 44 ++
.../xserver-xorg/CVE-2025-49180-2.patch | 52 ++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 4 +
.../CVE-2025-47807.patch | 49 ++
.../gstreamer1.0-plugins-base_1.20.7.bb | 1 +
23 files changed, 2339 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-1.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-2.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-3.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-4.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-5.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-6.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-01.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-02.patch
create mode 100644 meta/recipes-devtools/dpkg/dpkg/CVE-2025-6297.patch
rename meta/recipes-extended/libarchive/libarchive/{CVE-2025-5918.patch => CVE-2025-5918-01.patch} (100%)
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49178.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49179.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-2.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47807.patch
--
2.43.0
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2025-09-03 16:14 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-09-03 16:14 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, September 5
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2309
The following changes since commit 36cf6bb39df081b27306d27b20155995b73e1a01:
Revert "sqlite3: patch CVE-2025-7458" (2025-09-01 08:18:45 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Deepak Rathore (1):
default-distrovars.inc: Fix CONNECTIVITY_CHECK_URIS redirect issue
Kyungjik Min (1):
pulseaudio: Add audio group explicitly
Mingli Yu (1):
vim: not adjust script pathnames for native scripts either
Peter Marko (2):
vim: upgrade 9.1.1198 -> 9.1.1652
sudo: remove devtool FIXME comment
Praveen Kumar (1):
git: fix CVE-2025-48384
Yogita Urade (3):
tiff: fix CVE-2024-13978
tiff: fix CVE-2025-8534
tiff: fix CVE-2025-8851
meta-selftest/files/static-group | 1 +
.../distro/include/default-distrovars.inc | 2 +-
meta/lib/oeqa/sdk/buildtools-cases/https.py | 4 +-
.../git/git/CVE-2025-48384.patch | 85 +++++++++++++++++++
meta/recipes-devtools/git/git_2.35.7.bb | 1 +
meta/recipes-extended/sudo/sudo_1.9.17p1.bb | 52 ------------
.../libtiff/tiff/CVE-2024-13978.patch | 47 ++++++++++
.../libtiff/tiff/CVE-2025-8534.patch | 60 +++++++++++++
.../libtiff/tiff/CVE-2025-8851.patch | 71 ++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 3 +
.../pulseaudio/pulseaudio.inc | 2 +-
...src-Makefile-improve-reproducibility.patch | 10 +--
.../vim/files/disable_acl_header_check.patch | 12 +--
.../vim/files/no-path-adjust.patch | 35 +++++---
meta/recipes-support/vim/vim.inc | 7 +-
15 files changed, 308 insertions(+), 84 deletions(-)
create mode 100644 meta/recipes-devtools/git/git/CVE-2025-48384.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8534.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8851.patch
--
2.43.0
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 0/9] Patch review
@ 2025-11-25 20:54 Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 1/9] python3-idna: Fix CVE-2024-3651 Steve Sakoman
` (8 more replies)
0 siblings, 9 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-11-25 20:54 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, November 27
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2776
The following changes since commit ff72b41a3f0bf1820405b8782f0d125cd10e3406:
oe-build-perf-report: relax metadata matching rules (2025-11-19 08:28:19 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Divya Chellam (3):
ruby: fix CVE-2024-35176
ruby: fix CVE-2024-39908
ruby: fix CVE-2024-41123
Gyorgy Sarvari (1):
flac: patch seeking bug
Peter Marko (3):
libarchive: patch 3.8.3 security issue 1
libarchive: patch 3.8.3 security issue 2
libarchive: patch CVE-2025-60753
Praveen Kumar (1):
python3: fix CVE-2025-6075
Vijay Anusuri (1):
python3-idna: Fix CVE-2024-3651
.../python/python3-idna/CVE-2024-3651.patch | 2484 +++++++++++++++++
.../python/python3-idna_3.3.bb | 2 +
.../python/python3/CVE-2025-6075.patch | 364 +++
.../python/python3_3.10.19.bb | 1 +
.../ruby/ruby/CVE-2024-35176.patch | 112 +
.../ruby/ruby/CVE-2024-39908-0001.patch | 46 +
.../ruby/ruby/CVE-2024-39908-0002.patch | 130 +
.../ruby/ruby/CVE-2024-39908-0003.patch | 46 +
.../ruby/ruby/CVE-2024-39908-0004.patch | 76 +
.../ruby/ruby/CVE-2024-39908-0005.patch | 87 +
.../ruby/ruby/CVE-2024-39908-0006.patch | 44 +
.../ruby/ruby/CVE-2024-39908-0007.patch | 44 +
.../ruby/ruby/CVE-2024-39908-0008.patch | 44 +
.../ruby/ruby/CVE-2024-39908-0009.patch | 36 +
.../ruby/ruby/CVE-2024-39908-0010.patch | 53 +
.../ruby/ruby/CVE-2024-39908-0011.patch | 35 +
.../ruby/ruby/CVE-2024-39908-0012.patch | 36 +
.../ruby/ruby/CVE-2024-41123-0001.patch | 44 +
.../ruby/ruby/CVE-2024-41123-0002.patch | 37 +
.../ruby/ruby/CVE-2024-41123-0003.patch | 55 +
.../ruby/ruby/CVE-2024-41123-0004.patch | 163 ++
.../ruby/ruby/CVE-2024-41123-0005.patch | 111 +
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 18 +
...ax-path-length-metadata-writing-2243.patch | 30 +
...request-2696-from-al3xtjames-mkstemp.patch | 28 +
...st-2749-from-KlaraSystems-des-tempdi.patch | 183 ++
...st-2753-from-KlaraSystems-des-temp-f.patch | 190 ++
...-request-2768-from-Commandoss-master.patch | 28 +
.../libarchive/CVE-2025-60753.patch | 76 +
.../libarchive/libarchive_3.6.2.bb | 6 +
.../flac/files/0001-Fix-seeking-bug.patch | 34 +
meta/recipes-multimedia/flac/flac_1.3.4.bb | 3 +-
32 files changed, 4645 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/python/python3-idna/CVE-2024-3651.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-6075.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-35176.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0001.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0002.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0003.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0004.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0006.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0008.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0009.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0010.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0011.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0012.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Fix-max-path-length-metadata-writing-2243.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2696-from-al3xtjames-mkstemp.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2768-from-Commandoss-master.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch
create mode 100644 meta/recipes-multimedia/flac/files/0001-Fix-seeking-bug.patch
--
2.43.0
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 1/9] python3-idna: Fix CVE-2024-3651
2025-11-25 20:54 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
@ 2025-11-25 20:54 ` Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 2/9] ruby: fix CVE-2024-35176 Steve Sakoman
` (7 subsequent siblings)
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-11-25 20:54 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
import patch from debian to fix
CVE-2024-3651
Upstream-Status: Backport [import from debian 3.3-1+deb12u1
Upstream commit
https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../python/python3-idna/CVE-2024-3651.patch | 2484 +++++++++++++++++
.../python/python3-idna_3.3.bb | 2 +
2 files changed, 2486 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3-idna/CVE-2024-3651.patch
diff --git a/meta/recipes-devtools/python/python3-idna/CVE-2024-3651.patch b/meta/recipes-devtools/python/python3-idna/CVE-2024-3651.patch
new file mode 100644
index 0000000000..c96e13b35b
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-idna/CVE-2024-3651.patch
@@ -0,0 +1,2484 @@
+From: Kim Davies <kim@cynosure.com.au>
+Date: Mon, 1 Apr 2024 20:24:57 -0700
+Subject: More efficient resolution of joiner contexts
+
+In some pathological cases, this would out eligibility under
+CONTEXTJ rules much faster.
+
+Generated idna/idnadata.py (and idna/uts46data.py) files were updated
+with `tools/idna-data --dir idna --no-cache --version 14.0.0 make-libdata`.
+
+Origin: https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7
+Bug: https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h
+Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2274779
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2024-3651
+Bug-Debian: https://bugs.debian.org/1069127
+
+Upstream-Status: Backport [import from debian 3.3-1+deb12u1
+Upstream commit https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7]
+CVE: CVE-2024-3651
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ idna/core.py | 16 +-
+ idna/idnadata.py | 2162 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
+ tools/idna-data | 13 +-
+ 3 files changed, 2124 insertions(+), 67 deletions(-)
+
+diff --git a/idna/core.py b/idna/core.py
+index 55ab967..c6aa30a 100644
+--- a/idna/core.py
++++ b/idna/core.py
+@@ -150,9 +150,11 @@ def valid_contextj(label: str, pos: int) -> bool:
+ joining_type = idnadata.joining_types.get(ord(label[i]))
+ if joining_type == ord('T'):
+ continue
+- if joining_type in [ord('L'), ord('D')]:
++ elif joining_type in [ord('L'), ord('D')]:
+ ok = True
+ break
++ else:
++ break
+
+ if not ok:
+ return False
+@@ -162,9 +164,11 @@ def valid_contextj(label: str, pos: int) -> bool:
+ joining_type = idnadata.joining_types.get(ord(label[i]))
+ if joining_type == ord('T'):
+ continue
+- if joining_type in [ord('R'), ord('D')]:
++ elif joining_type in [ord('R'), ord('D')]:
+ ok = True
+ break
++ else:
++ break
+ return ok
+
+ if cp_value == 0x200d:
+@@ -236,12 +240,8 @@ def check_label(label: Union[str, bytes, bytearray]) -> None:
+ if intranges_contain(cp_value, idnadata.codepoint_classes['PVALID']):
+ continue
+ elif intranges_contain(cp_value, idnadata.codepoint_classes['CONTEXTJ']):
+- try:
+- if not valid_contextj(label, pos):
+- raise InvalidCodepointContext('Joiner {} not allowed at position {} in {}'.format(
+- _unot(cp_value), pos+1, repr(label)))
+- except ValueError:
+- raise IDNAError('Unknown codepoint adjacent to joiner {} at position {} in {}'.format(
++ if not valid_contextj(label, pos):
++ raise InvalidCodepointContext('Joiner {} not allowed at position {} in {}'.format(
+ _unot(cp_value), pos+1, repr(label)))
+ elif intranges_contain(cp_value, idnadata.codepoint_classes['CONTEXTO']):
+ if not valid_contexto(label, pos):
+diff --git a/idna/idnadata.py b/idna/idnadata.py
+index 1b5805d..ab77625 100644
+--- a/idna/idnadata.py
++++ b/idna/idnadata.py
+@@ -97,16 +97,190 @@ scripts = {
+ ),
+ }
+ joining_types = {
+- 0x600: 85,
+- 0x601: 85,
+- 0x602: 85,
+- 0x603: 85,
+- 0x604: 85,
+- 0x605: 85,
+- 0x608: 85,
+- 0x60b: 85,
++ 0xad: 84,
++ 0x300: 84,
++ 0x301: 84,
++ 0x302: 84,
++ 0x303: 84,
++ 0x304: 84,
++ 0x305: 84,
++ 0x306: 84,
++ 0x307: 84,
++ 0x308: 84,
++ 0x309: 84,
++ 0x30a: 84,
++ 0x30b: 84,
++ 0x30c: 84,
++ 0x30d: 84,
++ 0x30e: 84,
++ 0x30f: 84,
++ 0x310: 84,
++ 0x311: 84,
++ 0x312: 84,
++ 0x313: 84,
++ 0x314: 84,
++ 0x315: 84,
++ 0x316: 84,
++ 0x317: 84,
++ 0x318: 84,
++ 0x319: 84,
++ 0x31a: 84,
++ 0x31b: 84,
++ 0x31c: 84,
++ 0x31d: 84,
++ 0x31e: 84,
++ 0x31f: 84,
++ 0x320: 84,
++ 0x321: 84,
++ 0x322: 84,
++ 0x323: 84,
++ 0x324: 84,
++ 0x325: 84,
++ 0x326: 84,
++ 0x327: 84,
++ 0x328: 84,
++ 0x329: 84,
++ 0x32a: 84,
++ 0x32b: 84,
++ 0x32c: 84,
++ 0x32d: 84,
++ 0x32e: 84,
++ 0x32f: 84,
++ 0x330: 84,
++ 0x331: 84,
++ 0x332: 84,
++ 0x333: 84,
++ 0x334: 84,
++ 0x335: 84,
++ 0x336: 84,
++ 0x337: 84,
++ 0x338: 84,
++ 0x339: 84,
++ 0x33a: 84,
++ 0x33b: 84,
++ 0x33c: 84,
++ 0x33d: 84,
++ 0x33e: 84,
++ 0x33f: 84,
++ 0x340: 84,
++ 0x341: 84,
++ 0x342: 84,
++ 0x343: 84,
++ 0x344: 84,
++ 0x345: 84,
++ 0x346: 84,
++ 0x347: 84,
++ 0x348: 84,
++ 0x349: 84,
++ 0x34a: 84,
++ 0x34b: 84,
++ 0x34c: 84,
++ 0x34d: 84,
++ 0x34e: 84,
++ 0x34f: 84,
++ 0x350: 84,
++ 0x351: 84,
++ 0x352: 84,
++ 0x353: 84,
++ 0x354: 84,
++ 0x355: 84,
++ 0x356: 84,
++ 0x357: 84,
++ 0x358: 84,
++ 0x359: 84,
++ 0x35a: 84,
++ 0x35b: 84,
++ 0x35c: 84,
++ 0x35d: 84,
++ 0x35e: 84,
++ 0x35f: 84,
++ 0x360: 84,
++ 0x361: 84,
++ 0x362: 84,
++ 0x363: 84,
++ 0x364: 84,
++ 0x365: 84,
++ 0x366: 84,
++ 0x367: 84,
++ 0x368: 84,
++ 0x369: 84,
++ 0x36a: 84,
++ 0x36b: 84,
++ 0x36c: 84,
++ 0x36d: 84,
++ 0x36e: 84,
++ 0x36f: 84,
++ 0x483: 84,
++ 0x484: 84,
++ 0x485: 84,
++ 0x486: 84,
++ 0x487: 84,
++ 0x488: 84,
++ 0x489: 84,
++ 0x591: 84,
++ 0x592: 84,
++ 0x593: 84,
++ 0x594: 84,
++ 0x595: 84,
++ 0x596: 84,
++ 0x597: 84,
++ 0x598: 84,
++ 0x599: 84,
++ 0x59a: 84,
++ 0x59b: 84,
++ 0x59c: 84,
++ 0x59d: 84,
++ 0x59e: 84,
++ 0x59f: 84,
++ 0x5a0: 84,
++ 0x5a1: 84,
++ 0x5a2: 84,
++ 0x5a3: 84,
++ 0x5a4: 84,
++ 0x5a5: 84,
++ 0x5a6: 84,
++ 0x5a7: 84,
++ 0x5a8: 84,
++ 0x5a9: 84,
++ 0x5aa: 84,
++ 0x5ab: 84,
++ 0x5ac: 84,
++ 0x5ad: 84,
++ 0x5ae: 84,
++ 0x5af: 84,
++ 0x5b0: 84,
++ 0x5b1: 84,
++ 0x5b2: 84,
++ 0x5b3: 84,
++ 0x5b4: 84,
++ 0x5b5: 84,
++ 0x5b6: 84,
++ 0x5b7: 84,
++ 0x5b8: 84,
++ 0x5b9: 84,
++ 0x5ba: 84,
++ 0x5bb: 84,
++ 0x5bc: 84,
++ 0x5bd: 84,
++ 0x5bf: 84,
++ 0x5c1: 84,
++ 0x5c2: 84,
++ 0x5c4: 84,
++ 0x5c5: 84,
++ 0x5c7: 84,
++ 0x610: 84,
++ 0x611: 84,
++ 0x612: 84,
++ 0x613: 84,
++ 0x614: 84,
++ 0x615: 84,
++ 0x616: 84,
++ 0x617: 84,
++ 0x618: 84,
++ 0x619: 84,
++ 0x61a: 84,
++ 0x61c: 84,
+ 0x620: 68,
+- 0x621: 85,
+ 0x622: 82,
+ 0x623: 82,
+ 0x624: 82,
+@@ -148,12 +322,33 @@ joining_types = {
+ 0x648: 82,
+ 0x649: 68,
+ 0x64a: 68,
++ 0x64b: 84,
++ 0x64c: 84,
++ 0x64d: 84,
++ 0x64e: 84,
++ 0x64f: 84,
++ 0x650: 84,
++ 0x651: 84,
++ 0x652: 84,
++ 0x653: 84,
++ 0x654: 84,
++ 0x655: 84,
++ 0x656: 84,
++ 0x657: 84,
++ 0x658: 84,
++ 0x659: 84,
++ 0x65a: 84,
++ 0x65b: 84,
++ 0x65c: 84,
++ 0x65d: 84,
++ 0x65e: 84,
++ 0x65f: 84,
+ 0x66e: 68,
+ 0x66f: 68,
++ 0x670: 84,
+ 0x671: 82,
+ 0x672: 82,
+ 0x673: 82,
+- 0x674: 85,
+ 0x675: 82,
+ 0x676: 82,
+ 0x677: 82,
+@@ -250,7 +445,25 @@ joining_types = {
+ 0x6d2: 82,
+ 0x6d3: 82,
+ 0x6d5: 82,
+- 0x6dd: 85,
++ 0x6d6: 84,
++ 0x6d7: 84,
++ 0x6d8: 84,
++ 0x6d9: 84,
++ 0x6da: 84,
++ 0x6db: 84,
++ 0x6dc: 84,
++ 0x6df: 84,
++ 0x6e0: 84,
++ 0x6e1: 84,
++ 0x6e2: 84,
++ 0x6e3: 84,
++ 0x6e4: 84,
++ 0x6e7: 84,
++ 0x6e8: 84,
++ 0x6ea: 84,
++ 0x6eb: 84,
++ 0x6ec: 84,
++ 0x6ed: 84,
+ 0x6ee: 82,
+ 0x6ef: 82,
+ 0x6fa: 68,
+@@ -259,6 +472,7 @@ joining_types = {
+ 0x6ff: 68,
+ 0x70f: 84,
+ 0x710: 82,
++ 0x711: 84,
+ 0x712: 68,
+ 0x713: 68,
+ 0x714: 68,
+@@ -289,6 +503,33 @@ joining_types = {
+ 0x72d: 68,
+ 0x72e: 68,
+ 0x72f: 82,
++ 0x730: 84,
++ 0x731: 84,
++ 0x732: 84,
++ 0x733: 84,
++ 0x734: 84,
++ 0x735: 84,
++ 0x736: 84,
++ 0x737: 84,
++ 0x738: 84,
++ 0x739: 84,
++ 0x73a: 84,
++ 0x73b: 84,
++ 0x73c: 84,
++ 0x73d: 84,
++ 0x73e: 84,
++ 0x73f: 84,
++ 0x740: 84,
++ 0x741: 84,
++ 0x742: 84,
++ 0x743: 84,
++ 0x744: 84,
++ 0x745: 84,
++ 0x746: 84,
++ 0x747: 84,
++ 0x748: 84,
++ 0x749: 84,
++ 0x74a: 84,
+ 0x74d: 82,
+ 0x74e: 68,
+ 0x74f: 68,
+@@ -340,6 +581,17 @@ joining_types = {
+ 0x77d: 68,
+ 0x77e: 68,
+ 0x77f: 68,
++ 0x7a6: 84,
++ 0x7a7: 84,
++ 0x7a8: 84,
++ 0x7a9: 84,
++ 0x7aa: 84,
++ 0x7ab: 84,
++ 0x7ac: 84,
++ 0x7ad: 84,
++ 0x7ae: 84,
++ 0x7af: 84,
++ 0x7b0: 84,
+ 0x7ca: 68,
+ 0x7cb: 68,
+ 0x7cc: 68,
+@@ -373,7 +625,38 @@ joining_types = {
+ 0x7e8: 68,
+ 0x7e9: 68,
+ 0x7ea: 68,
++ 0x7eb: 84,
++ 0x7ec: 84,
++ 0x7ed: 84,
++ 0x7ee: 84,
++ 0x7ef: 84,
++ 0x7f0: 84,
++ 0x7f1: 84,
++ 0x7f2: 84,
++ 0x7f3: 84,
+ 0x7fa: 67,
++ 0x7fd: 84,
++ 0x816: 84,
++ 0x817: 84,
++ 0x818: 84,
++ 0x819: 84,
++ 0x81b: 84,
++ 0x81c: 84,
++ 0x81d: 84,
++ 0x81e: 84,
++ 0x81f: 84,
++ 0x820: 84,
++ 0x821: 84,
++ 0x822: 84,
++ 0x823: 84,
++ 0x825: 84,
++ 0x826: 84,
++ 0x827: 84,
++ 0x829: 84,
++ 0x82a: 84,
++ 0x82b: 84,
++ 0x82c: 84,
++ 0x82d: 84,
+ 0x840: 82,
+ 0x841: 68,
+ 0x842: 68,
+@@ -399,13 +682,14 @@ joining_types = {
+ 0x856: 82,
+ 0x857: 82,
+ 0x858: 82,
++ 0x859: 84,
++ 0x85a: 84,
++ 0x85b: 84,
+ 0x860: 68,
+- 0x861: 85,
+ 0x862: 68,
+ 0x863: 68,
+ 0x864: 68,
+ 0x865: 68,
+- 0x866: 85,
+ 0x867: 82,
+ 0x868: 68,
+ 0x869: 82,
+@@ -433,16 +717,20 @@ joining_types = {
+ 0x884: 67,
+ 0x885: 67,
+ 0x886: 68,
+- 0x887: 85,
+- 0x888: 85,
+ 0x889: 68,
+ 0x88a: 68,
+ 0x88b: 68,
+ 0x88c: 68,
+ 0x88d: 68,
+ 0x88e: 82,
+- 0x890: 85,
+- 0x891: 85,
++ 0x898: 84,
++ 0x899: 84,
++ 0x89a: 84,
++ 0x89b: 84,
++ 0x89c: 84,
++ 0x89d: 84,
++ 0x89e: 84,
++ 0x89f: 84,
+ 0x8a0: 68,
+ 0x8a1: 68,
+ 0x8a2: 68,
+@@ -456,7 +744,6 @@ joining_types = {
+ 0x8aa: 82,
+ 0x8ab: 82,
+ 0x8ac: 82,
+- 0x8ad: 85,
+ 0x8ae: 82,
+ 0x8af: 68,
+ 0x8b0: 68,
+@@ -484,11 +771,356 @@ joining_types = {
+ 0x8c6: 68,
+ 0x8c7: 68,
+ 0x8c8: 68,
+- 0x8e2: 85,
+- 0x1806: 85,
++ 0x8ca: 84,
++ 0x8cb: 84,
++ 0x8cc: 84,
++ 0x8cd: 84,
++ 0x8ce: 84,
++ 0x8cf: 84,
++ 0x8d0: 84,
++ 0x8d1: 84,
++ 0x8d2: 84,
++ 0x8d3: 84,
++ 0x8d4: 84,
++ 0x8d5: 84,
++ 0x8d6: 84,
++ 0x8d7: 84,
++ 0x8d8: 84,
++ 0x8d9: 84,
++ 0x8da: 84,
++ 0x8db: 84,
++ 0x8dc: 84,
++ 0x8dd: 84,
++ 0x8de: 84,
++ 0x8df: 84,
++ 0x8e0: 84,
++ 0x8e1: 84,
++ 0x8e3: 84,
++ 0x8e4: 84,
++ 0x8e5: 84,
++ 0x8e6: 84,
++ 0x8e7: 84,
++ 0x8e8: 84,
++ 0x8e9: 84,
++ 0x8ea: 84,
++ 0x8eb: 84,
++ 0x8ec: 84,
++ 0x8ed: 84,
++ 0x8ee: 84,
++ 0x8ef: 84,
++ 0x8f0: 84,
++ 0x8f1: 84,
++ 0x8f2: 84,
++ 0x8f3: 84,
++ 0x8f4: 84,
++ 0x8f5: 84,
++ 0x8f6: 84,
++ 0x8f7: 84,
++ 0x8f8: 84,
++ 0x8f9: 84,
++ 0x8fa: 84,
++ 0x8fb: 84,
++ 0x8fc: 84,
++ 0x8fd: 84,
++ 0x8fe: 84,
++ 0x8ff: 84,
++ 0x900: 84,
++ 0x901: 84,
++ 0x902: 84,
++ 0x93a: 84,
++ 0x93c: 84,
++ 0x941: 84,
++ 0x942: 84,
++ 0x943: 84,
++ 0x944: 84,
++ 0x945: 84,
++ 0x946: 84,
++ 0x947: 84,
++ 0x948: 84,
++ 0x94d: 84,
++ 0x951: 84,
++ 0x952: 84,
++ 0x953: 84,
++ 0x954: 84,
++ 0x955: 84,
++ 0x956: 84,
++ 0x957: 84,
++ 0x962: 84,
++ 0x963: 84,
++ 0x981: 84,
++ 0x9bc: 84,
++ 0x9c1: 84,
++ 0x9c2: 84,
++ 0x9c3: 84,
++ 0x9c4: 84,
++ 0x9cd: 84,
++ 0x9e2: 84,
++ 0x9e3: 84,
++ 0x9fe: 84,
++ 0xa01: 84,
++ 0xa02: 84,
++ 0xa3c: 84,
++ 0xa41: 84,
++ 0xa42: 84,
++ 0xa47: 84,
++ 0xa48: 84,
++ 0xa4b: 84,
++ 0xa4c: 84,
++ 0xa4d: 84,
++ 0xa51: 84,
++ 0xa70: 84,
++ 0xa71: 84,
++ 0xa75: 84,
++ 0xa81: 84,
++ 0xa82: 84,
++ 0xabc: 84,
++ 0xac1: 84,
++ 0xac2: 84,
++ 0xac3: 84,
++ 0xac4: 84,
++ 0xac5: 84,
++ 0xac7: 84,
++ 0xac8: 84,
++ 0xacd: 84,
++ 0xae2: 84,
++ 0xae3: 84,
++ 0xafa: 84,
++ 0xafb: 84,
++ 0xafc: 84,
++ 0xafd: 84,
++ 0xafe: 84,
++ 0xaff: 84,
++ 0xb01: 84,
++ 0xb3c: 84,
++ 0xb3f: 84,
++ 0xb41: 84,
++ 0xb42: 84,
++ 0xb43: 84,
++ 0xb44: 84,
++ 0xb4d: 84,
++ 0xb55: 84,
++ 0xb56: 84,
++ 0xb62: 84,
++ 0xb63: 84,
++ 0xb82: 84,
++ 0xbc0: 84,
++ 0xbcd: 84,
++ 0xc00: 84,
++ 0xc04: 84,
++ 0xc3c: 84,
++ 0xc3e: 84,
++ 0xc3f: 84,
++ 0xc40: 84,
++ 0xc46: 84,
++ 0xc47: 84,
++ 0xc48: 84,
++ 0xc4a: 84,
++ 0xc4b: 84,
++ 0xc4c: 84,
++ 0xc4d: 84,
++ 0xc55: 84,
++ 0xc56: 84,
++ 0xc62: 84,
++ 0xc63: 84,
++ 0xc81: 84,
++ 0xcbc: 84,
++ 0xcbf: 84,
++ 0xcc6: 84,
++ 0xccc: 84,
++ 0xccd: 84,
++ 0xce2: 84,
++ 0xce3: 84,
++ 0xd00: 84,
++ 0xd01: 84,
++ 0xd3b: 84,
++ 0xd3c: 84,
++ 0xd41: 84,
++ 0xd42: 84,
++ 0xd43: 84,
++ 0xd44: 84,
++ 0xd4d: 84,
++ 0xd62: 84,
++ 0xd63: 84,
++ 0xd81: 84,
++ 0xdca: 84,
++ 0xdd2: 84,
++ 0xdd3: 84,
++ 0xdd4: 84,
++ 0xdd6: 84,
++ 0xe31: 84,
++ 0xe34: 84,
++ 0xe35: 84,
++ 0xe36: 84,
++ 0xe37: 84,
++ 0xe38: 84,
++ 0xe39: 84,
++ 0xe3a: 84,
++ 0xe47: 84,
++ 0xe48: 84,
++ 0xe49: 84,
++ 0xe4a: 84,
++ 0xe4b: 84,
++ 0xe4c: 84,
++ 0xe4d: 84,
++ 0xe4e: 84,
++ 0xeb1: 84,
++ 0xeb4: 84,
++ 0xeb5: 84,
++ 0xeb6: 84,
++ 0xeb7: 84,
++ 0xeb8: 84,
++ 0xeb9: 84,
++ 0xeba: 84,
++ 0xebb: 84,
++ 0xebc: 84,
++ 0xec8: 84,
++ 0xec9: 84,
++ 0xeca: 84,
++ 0xecb: 84,
++ 0xecc: 84,
++ 0xecd: 84,
++ 0xf18: 84,
++ 0xf19: 84,
++ 0xf35: 84,
++ 0xf37: 84,
++ 0xf39: 84,
++ 0xf71: 84,
++ 0xf72: 84,
++ 0xf73: 84,
++ 0xf74: 84,
++ 0xf75: 84,
++ 0xf76: 84,
++ 0xf77: 84,
++ 0xf78: 84,
++ 0xf79: 84,
++ 0xf7a: 84,
++ 0xf7b: 84,
++ 0xf7c: 84,
++ 0xf7d: 84,
++ 0xf7e: 84,
++ 0xf80: 84,
++ 0xf81: 84,
++ 0xf82: 84,
++ 0xf83: 84,
++ 0xf84: 84,
++ 0xf86: 84,
++ 0xf87: 84,
++ 0xf8d: 84,
++ 0xf8e: 84,
++ 0xf8f: 84,
++ 0xf90: 84,
++ 0xf91: 84,
++ 0xf92: 84,
++ 0xf93: 84,
++ 0xf94: 84,
++ 0xf95: 84,
++ 0xf96: 84,
++ 0xf97: 84,
++ 0xf99: 84,
++ 0xf9a: 84,
++ 0xf9b: 84,
++ 0xf9c: 84,
++ 0xf9d: 84,
++ 0xf9e: 84,
++ 0xf9f: 84,
++ 0xfa0: 84,
++ 0xfa1: 84,
++ 0xfa2: 84,
++ 0xfa3: 84,
++ 0xfa4: 84,
++ 0xfa5: 84,
++ 0xfa6: 84,
++ 0xfa7: 84,
++ 0xfa8: 84,
++ 0xfa9: 84,
++ 0xfaa: 84,
++ 0xfab: 84,
++ 0xfac: 84,
++ 0xfad: 84,
++ 0xfae: 84,
++ 0xfaf: 84,
++ 0xfb0: 84,
++ 0xfb1: 84,
++ 0xfb2: 84,
++ 0xfb3: 84,
++ 0xfb4: 84,
++ 0xfb5: 84,
++ 0xfb6: 84,
++ 0xfb7: 84,
++ 0xfb8: 84,
++ 0xfb9: 84,
++ 0xfba: 84,
++ 0xfbb: 84,
++ 0xfbc: 84,
++ 0xfc6: 84,
++ 0x102d: 84,
++ 0x102e: 84,
++ 0x102f: 84,
++ 0x1030: 84,
++ 0x1032: 84,
++ 0x1033: 84,
++ 0x1034: 84,
++ 0x1035: 84,
++ 0x1036: 84,
++ 0x1037: 84,
++ 0x1039: 84,
++ 0x103a: 84,
++ 0x103d: 84,
++ 0x103e: 84,
++ 0x1058: 84,
++ 0x1059: 84,
++ 0x105e: 84,
++ 0x105f: 84,
++ 0x1060: 84,
++ 0x1071: 84,
++ 0x1072: 84,
++ 0x1073: 84,
++ 0x1074: 84,
++ 0x1082: 84,
++ 0x1085: 84,
++ 0x1086: 84,
++ 0x108d: 84,
++ 0x109d: 84,
++ 0x135d: 84,
++ 0x135e: 84,
++ 0x135f: 84,
++ 0x1712: 84,
++ 0x1713: 84,
++ 0x1714: 84,
++ 0x1732: 84,
++ 0x1733: 84,
++ 0x1752: 84,
++ 0x1753: 84,
++ 0x1772: 84,
++ 0x1773: 84,
++ 0x17b4: 84,
++ 0x17b5: 84,
++ 0x17b7: 84,
++ 0x17b8: 84,
++ 0x17b9: 84,
++ 0x17ba: 84,
++ 0x17bb: 84,
++ 0x17bc: 84,
++ 0x17bd: 84,
++ 0x17c6: 84,
++ 0x17c9: 84,
++ 0x17ca: 84,
++ 0x17cb: 84,
++ 0x17cc: 84,
++ 0x17cd: 84,
++ 0x17ce: 84,
++ 0x17cf: 84,
++ 0x17d0: 84,
++ 0x17d1: 84,
++ 0x17d2: 84,
++ 0x17d3: 84,
++ 0x17dd: 84,
+ 0x1807: 68,
+ 0x180a: 67,
+- 0x180e: 85,
++ 0x180b: 84,
++ 0x180c: 84,
++ 0x180d: 84,
++ 0x180f: 84,
+ 0x1820: 68,
+ 0x1821: 68,
+ 0x1822: 68,
+@@ -578,11 +1210,6 @@ joining_types = {
+ 0x1876: 68,
+ 0x1877: 68,
+ 0x1878: 68,
+- 0x1880: 85,
+- 0x1881: 85,
+- 0x1882: 85,
+- 0x1883: 85,
+- 0x1884: 85,
+ 0x1885: 84,
+ 0x1886: 84,
+ 0x1887: 68,
+@@ -619,14 +1246,339 @@ joining_types = {
+ 0x18a6: 68,
+ 0x18a7: 68,
+ 0x18a8: 68,
++ 0x18a9: 84,
+ 0x18aa: 68,
+- 0x200c: 85,
++ 0x1920: 84,
++ 0x1921: 84,
++ 0x1922: 84,
++ 0x1927: 84,
++ 0x1928: 84,
++ 0x1932: 84,
++ 0x1939: 84,
++ 0x193a: 84,
++ 0x193b: 84,
++ 0x1a17: 84,
++ 0x1a18: 84,
++ 0x1a1b: 84,
++ 0x1a56: 84,
++ 0x1a58: 84,
++ 0x1a59: 84,
++ 0x1a5a: 84,
++ 0x1a5b: 84,
++ 0x1a5c: 84,
++ 0x1a5d: 84,
++ 0x1a5e: 84,
++ 0x1a60: 84,
++ 0x1a62: 84,
++ 0x1a65: 84,
++ 0x1a66: 84,
++ 0x1a67: 84,
++ 0x1a68: 84,
++ 0x1a69: 84,
++ 0x1a6a: 84,
++ 0x1a6b: 84,
++ 0x1a6c: 84,
++ 0x1a73: 84,
++ 0x1a74: 84,
++ 0x1a75: 84,
++ 0x1a76: 84,
++ 0x1a77: 84,
++ 0x1a78: 84,
++ 0x1a79: 84,
++ 0x1a7a: 84,
++ 0x1a7b: 84,
++ 0x1a7c: 84,
++ 0x1a7f: 84,
++ 0x1ab0: 84,
++ 0x1ab1: 84,
++ 0x1ab2: 84,
++ 0x1ab3: 84,
++ 0x1ab4: 84,
++ 0x1ab5: 84,
++ 0x1ab6: 84,
++ 0x1ab7: 84,
++ 0x1ab8: 84,
++ 0x1ab9: 84,
++ 0x1aba: 84,
++ 0x1abb: 84,
++ 0x1abc: 84,
++ 0x1abd: 84,
++ 0x1abe: 84,
++ 0x1abf: 84,
++ 0x1ac0: 84,
++ 0x1ac1: 84,
++ 0x1ac2: 84,
++ 0x1ac3: 84,
++ 0x1ac4: 84,
++ 0x1ac5: 84,
++ 0x1ac6: 84,
++ 0x1ac7: 84,
++ 0x1ac8: 84,
++ 0x1ac9: 84,
++ 0x1aca: 84,
++ 0x1acb: 84,
++ 0x1acc: 84,
++ 0x1acd: 84,
++ 0x1ace: 84,
++ 0x1b00: 84,
++ 0x1b01: 84,
++ 0x1b02: 84,
++ 0x1b03: 84,
++ 0x1b34: 84,
++ 0x1b36: 84,
++ 0x1b37: 84,
++ 0x1b38: 84,
++ 0x1b39: 84,
++ 0x1b3a: 84,
++ 0x1b3c: 84,
++ 0x1b42: 84,
++ 0x1b6b: 84,
++ 0x1b6c: 84,
++ 0x1b6d: 84,
++ 0x1b6e: 84,
++ 0x1b6f: 84,
++ 0x1b70: 84,
++ 0x1b71: 84,
++ 0x1b72: 84,
++ 0x1b73: 84,
++ 0x1b80: 84,
++ 0x1b81: 84,
++ 0x1ba2: 84,
++ 0x1ba3: 84,
++ 0x1ba4: 84,
++ 0x1ba5: 84,
++ 0x1ba8: 84,
++ 0x1ba9: 84,
++ 0x1bab: 84,
++ 0x1bac: 84,
++ 0x1bad: 84,
++ 0x1be6: 84,
++ 0x1be8: 84,
++ 0x1be9: 84,
++ 0x1bed: 84,
++ 0x1bef: 84,
++ 0x1bf0: 84,
++ 0x1bf1: 84,
++ 0x1c2c: 84,
++ 0x1c2d: 84,
++ 0x1c2e: 84,
++ 0x1c2f: 84,
++ 0x1c30: 84,
++ 0x1c31: 84,
++ 0x1c32: 84,
++ 0x1c33: 84,
++ 0x1c36: 84,
++ 0x1c37: 84,
++ 0x1cd0: 84,
++ 0x1cd1: 84,
++ 0x1cd2: 84,
++ 0x1cd4: 84,
++ 0x1cd5: 84,
++ 0x1cd6: 84,
++ 0x1cd7: 84,
++ 0x1cd8: 84,
++ 0x1cd9: 84,
++ 0x1cda: 84,
++ 0x1cdb: 84,
++ 0x1cdc: 84,
++ 0x1cdd: 84,
++ 0x1cde: 84,
++ 0x1cdf: 84,
++ 0x1ce0: 84,
++ 0x1ce2: 84,
++ 0x1ce3: 84,
++ 0x1ce4: 84,
++ 0x1ce5: 84,
++ 0x1ce6: 84,
++ 0x1ce7: 84,
++ 0x1ce8: 84,
++ 0x1ced: 84,
++ 0x1cf4: 84,
++ 0x1cf8: 84,
++ 0x1cf9: 84,
++ 0x1dc0: 84,
++ 0x1dc1: 84,
++ 0x1dc2: 84,
++ 0x1dc3: 84,
++ 0x1dc4: 84,
++ 0x1dc5: 84,
++ 0x1dc6: 84,
++ 0x1dc7: 84,
++ 0x1dc8: 84,
++ 0x1dc9: 84,
++ 0x1dca: 84,
++ 0x1dcb: 84,
++ 0x1dcc: 84,
++ 0x1dcd: 84,
++ 0x1dce: 84,
++ 0x1dcf: 84,
++ 0x1dd0: 84,
++ 0x1dd1: 84,
++ 0x1dd2: 84,
++ 0x1dd3: 84,
++ 0x1dd4: 84,
++ 0x1dd5: 84,
++ 0x1dd6: 84,
++ 0x1dd7: 84,
++ 0x1dd8: 84,
++ 0x1dd9: 84,
++ 0x1dda: 84,
++ 0x1ddb: 84,
++ 0x1ddc: 84,
++ 0x1ddd: 84,
++ 0x1dde: 84,
++ 0x1ddf: 84,
++ 0x1de0: 84,
++ 0x1de1: 84,
++ 0x1de2: 84,
++ 0x1de3: 84,
++ 0x1de4: 84,
++ 0x1de5: 84,
++ 0x1de6: 84,
++ 0x1de7: 84,
++ 0x1de8: 84,
++ 0x1de9: 84,
++ 0x1dea: 84,
++ 0x1deb: 84,
++ 0x1dec: 84,
++ 0x1ded: 84,
++ 0x1dee: 84,
++ 0x1def: 84,
++ 0x1df0: 84,
++ 0x1df1: 84,
++ 0x1df2: 84,
++ 0x1df3: 84,
++ 0x1df4: 84,
++ 0x1df5: 84,
++ 0x1df6: 84,
++ 0x1df7: 84,
++ 0x1df8: 84,
++ 0x1df9: 84,
++ 0x1dfa: 84,
++ 0x1dfb: 84,
++ 0x1dfc: 84,
++ 0x1dfd: 84,
++ 0x1dfe: 84,
++ 0x1dff: 84,
++ 0x200b: 84,
+ 0x200d: 67,
+- 0x202f: 85,
+- 0x2066: 85,
+- 0x2067: 85,
+- 0x2068: 85,
+- 0x2069: 85,
++ 0x200e: 84,
++ 0x200f: 84,
++ 0x202a: 84,
++ 0x202b: 84,
++ 0x202c: 84,
++ 0x202d: 84,
++ 0x202e: 84,
++ 0x2060: 84,
++ 0x2061: 84,
++ 0x2062: 84,
++ 0x2063: 84,
++ 0x2064: 84,
++ 0x206a: 84,
++ 0x206b: 84,
++ 0x206c: 84,
++ 0x206d: 84,
++ 0x206e: 84,
++ 0x206f: 84,
++ 0x20d0: 84,
++ 0x20d1: 84,
++ 0x20d2: 84,
++ 0x20d3: 84,
++ 0x20d4: 84,
++ 0x20d5: 84,
++ 0x20d6: 84,
++ 0x20d7: 84,
++ 0x20d8: 84,
++ 0x20d9: 84,
++ 0x20da: 84,
++ 0x20db: 84,
++ 0x20dc: 84,
++ 0x20dd: 84,
++ 0x20de: 84,
++ 0x20df: 84,
++ 0x20e0: 84,
++ 0x20e1: 84,
++ 0x20e2: 84,
++ 0x20e3: 84,
++ 0x20e4: 84,
++ 0x20e5: 84,
++ 0x20e6: 84,
++ 0x20e7: 84,
++ 0x20e8: 84,
++ 0x20e9: 84,
++ 0x20ea: 84,
++ 0x20eb: 84,
++ 0x20ec: 84,
++ 0x20ed: 84,
++ 0x20ee: 84,
++ 0x20ef: 84,
++ 0x20f0: 84,
++ 0x2cef: 84,
++ 0x2cf0: 84,
++ 0x2cf1: 84,
++ 0x2d7f: 84,
++ 0x2de0: 84,
++ 0x2de1: 84,
++ 0x2de2: 84,
++ 0x2de3: 84,
++ 0x2de4: 84,
++ 0x2de5: 84,
++ 0x2de6: 84,
++ 0x2de7: 84,
++ 0x2de8: 84,
++ 0x2de9: 84,
++ 0x2dea: 84,
++ 0x2deb: 84,
++ 0x2dec: 84,
++ 0x2ded: 84,
++ 0x2dee: 84,
++ 0x2def: 84,
++ 0x2df0: 84,
++ 0x2df1: 84,
++ 0x2df2: 84,
++ 0x2df3: 84,
++ 0x2df4: 84,
++ 0x2df5: 84,
++ 0x2df6: 84,
++ 0x2df7: 84,
++ 0x2df8: 84,
++ 0x2df9: 84,
++ 0x2dfa: 84,
++ 0x2dfb: 84,
++ 0x2dfc: 84,
++ 0x2dfd: 84,
++ 0x2dfe: 84,
++ 0x2dff: 84,
++ 0x302a: 84,
++ 0x302b: 84,
++ 0x302c: 84,
++ 0x302d: 84,
++ 0x3099: 84,
++ 0x309a: 84,
++ 0xa66f: 84,
++ 0xa670: 84,
++ 0xa671: 84,
++ 0xa672: 84,
++ 0xa674: 84,
++ 0xa675: 84,
++ 0xa676: 84,
++ 0xa677: 84,
++ 0xa678: 84,
++ 0xa679: 84,
++ 0xa67a: 84,
++ 0xa67b: 84,
++ 0xa67c: 84,
++ 0xa67d: 84,
++ 0xa69e: 84,
++ 0xa69f: 84,
++ 0xa6f0: 84,
++ 0xa6f1: 84,
++ 0xa802: 84,
++ 0xa806: 84,
++ 0xa80b: 84,
++ 0xa825: 84,
++ 0xa826: 84,
++ 0xa82c: 84,
+ 0xa840: 68,
+ 0xa841: 68,
+ 0xa842: 68,
+@@ -678,20 +1630,151 @@ joining_types = {
+ 0xa870: 68,
+ 0xa871: 68,
+ 0xa872: 76,
+- 0xa873: 85,
++ 0xa8c4: 84,
++ 0xa8c5: 84,
++ 0xa8e0: 84,
++ 0xa8e1: 84,
++ 0xa8e2: 84,
++ 0xa8e3: 84,
++ 0xa8e4: 84,
++ 0xa8e5: 84,
++ 0xa8e6: 84,
++ 0xa8e7: 84,
++ 0xa8e8: 84,
++ 0xa8e9: 84,
++ 0xa8ea: 84,
++ 0xa8eb: 84,
++ 0xa8ec: 84,
++ 0xa8ed: 84,
++ 0xa8ee: 84,
++ 0xa8ef: 84,
++ 0xa8f0: 84,
++ 0xa8f1: 84,
++ 0xa8ff: 84,
++ 0xa926: 84,
++ 0xa927: 84,
++ 0xa928: 84,
++ 0xa929: 84,
++ 0xa92a: 84,
++ 0xa92b: 84,
++ 0xa92c: 84,
++ 0xa92d: 84,
++ 0xa947: 84,
++ 0xa948: 84,
++ 0xa949: 84,
++ 0xa94a: 84,
++ 0xa94b: 84,
++ 0xa94c: 84,
++ 0xa94d: 84,
++ 0xa94e: 84,
++ 0xa94f: 84,
++ 0xa950: 84,
++ 0xa951: 84,
++ 0xa980: 84,
++ 0xa981: 84,
++ 0xa982: 84,
++ 0xa9b3: 84,
++ 0xa9b6: 84,
++ 0xa9b7: 84,
++ 0xa9b8: 84,
++ 0xa9b9: 84,
++ 0xa9bc: 84,
++ 0xa9bd: 84,
++ 0xa9e5: 84,
++ 0xaa29: 84,
++ 0xaa2a: 84,
++ 0xaa2b: 84,
++ 0xaa2c: 84,
++ 0xaa2d: 84,
++ 0xaa2e: 84,
++ 0xaa31: 84,
++ 0xaa32: 84,
++ 0xaa35: 84,
++ 0xaa36: 84,
++ 0xaa43: 84,
++ 0xaa4c: 84,
++ 0xaa7c: 84,
++ 0xaab0: 84,
++ 0xaab2: 84,
++ 0xaab3: 84,
++ 0xaab4: 84,
++ 0xaab7: 84,
++ 0xaab8: 84,
++ 0xaabe: 84,
++ 0xaabf: 84,
++ 0xaac1: 84,
++ 0xaaec: 84,
++ 0xaaed: 84,
++ 0xaaf6: 84,
++ 0xabe5: 84,
++ 0xabe8: 84,
++ 0xabed: 84,
++ 0xfb1e: 84,
++ 0xfe00: 84,
++ 0xfe01: 84,
++ 0xfe02: 84,
++ 0xfe03: 84,
++ 0xfe04: 84,
++ 0xfe05: 84,
++ 0xfe06: 84,
++ 0xfe07: 84,
++ 0xfe08: 84,
++ 0xfe09: 84,
++ 0xfe0a: 84,
++ 0xfe0b: 84,
++ 0xfe0c: 84,
++ 0xfe0d: 84,
++ 0xfe0e: 84,
++ 0xfe0f: 84,
++ 0xfe20: 84,
++ 0xfe21: 84,
++ 0xfe22: 84,
++ 0xfe23: 84,
++ 0xfe24: 84,
++ 0xfe25: 84,
++ 0xfe26: 84,
++ 0xfe27: 84,
++ 0xfe28: 84,
++ 0xfe29: 84,
++ 0xfe2a: 84,
++ 0xfe2b: 84,
++ 0xfe2c: 84,
++ 0xfe2d: 84,
++ 0xfe2e: 84,
++ 0xfe2f: 84,
++ 0xfeff: 84,
++ 0xfff9: 84,
++ 0xfffa: 84,
++ 0xfffb: 84,
++ 0x101fd: 84,
++ 0x102e0: 84,
++ 0x10376: 84,
++ 0x10377: 84,
++ 0x10378: 84,
++ 0x10379: 84,
++ 0x1037a: 84,
++ 0x10a01: 84,
++ 0x10a02: 84,
++ 0x10a03: 84,
++ 0x10a05: 84,
++ 0x10a06: 84,
++ 0x10a0c: 84,
++ 0x10a0d: 84,
++ 0x10a0e: 84,
++ 0x10a0f: 84,
++ 0x10a38: 84,
++ 0x10a39: 84,
++ 0x10a3a: 84,
++ 0x10a3f: 84,
+ 0x10ac0: 68,
+ 0x10ac1: 68,
+ 0x10ac2: 68,
+ 0x10ac3: 68,
+ 0x10ac4: 68,
+ 0x10ac5: 82,
+- 0x10ac6: 85,
+ 0x10ac7: 82,
+- 0x10ac8: 85,
+ 0x10ac9: 82,
+ 0x10aca: 82,
+- 0x10acb: 85,
+- 0x10acc: 85,
+ 0x10acd: 76,
+ 0x10ace: 82,
+ 0x10acf: 82,
+@@ -713,9 +1796,9 @@ joining_types = {
+ 0x10adf: 68,
+ 0x10ae0: 68,
+ 0x10ae1: 82,
+- 0x10ae2: 85,
+- 0x10ae3: 85,
+ 0x10ae4: 82,
++ 0x10ae5: 84,
++ 0x10ae6: 84,
+ 0x10aeb: 68,
+ 0x10aec: 68,
+ 0x10aed: 68,
+@@ -745,7 +1828,6 @@ joining_types = {
+ 0x10bac: 82,
+ 0x10bad: 68,
+ 0x10bae: 68,
+- 0x10baf: 85,
+ 0x10d00: 76,
+ 0x10d01: 68,
+ 0x10d02: 68,
+@@ -782,6 +1864,12 @@ joining_types = {
+ 0x10d21: 68,
+ 0x10d22: 82,
+ 0x10d23: 68,
++ 0x10d24: 84,
++ 0x10d25: 84,
++ 0x10d26: 84,
++ 0x10d27: 84,
++ 0x10eab: 84,
++ 0x10eac: 84,
+ 0x10f30: 68,
+ 0x10f31: 68,
+ 0x10f32: 68,
+@@ -803,7 +1891,17 @@ joining_types = {
+ 0x10f42: 68,
+ 0x10f43: 68,
+ 0x10f44: 68,
+- 0x10f45: 85,
++ 0x10f46: 84,
++ 0x10f47: 84,
++ 0x10f48: 84,
++ 0x10f49: 84,
++ 0x10f4a: 84,
++ 0x10f4b: 84,
++ 0x10f4c: 84,
++ 0x10f4d: 84,
++ 0x10f4e: 84,
++ 0x10f4f: 84,
++ 0x10f50: 84,
+ 0x10f51: 68,
+ 0x10f52: 68,
+ 0x10f53: 68,
+@@ -826,14 +1924,16 @@ joining_types = {
+ 0x10f7f: 68,
+ 0x10f80: 68,
+ 0x10f81: 68,
++ 0x10f82: 84,
++ 0x10f83: 84,
++ 0x10f84: 84,
++ 0x10f85: 84,
+ 0x10fb0: 68,
+- 0x10fb1: 85,
+ 0x10fb2: 68,
+ 0x10fb3: 68,
+ 0x10fb4: 82,
+ 0x10fb5: 82,
+ 0x10fb6: 82,
+- 0x10fb7: 85,
+ 0x10fb8: 68,
+ 0x10fb9: 82,
+ 0x10fba: 82,
+@@ -842,20 +1942,630 @@ joining_types = {
+ 0x10fbd: 82,
+ 0x10fbe: 68,
+ 0x10fbf: 68,
+- 0x10fc0: 85,
+ 0x10fc1: 68,
+ 0x10fc2: 82,
+ 0x10fc3: 82,
+ 0x10fc4: 68,
+- 0x10fc5: 85,
+- 0x10fc6: 85,
+- 0x10fc7: 85,
+- 0x10fc8: 85,
+ 0x10fc9: 82,
+ 0x10fca: 68,
+ 0x10fcb: 76,
+- 0x110bd: 85,
+- 0x110cd: 85,
++ 0x11001: 84,
++ 0x11038: 84,
++ 0x11039: 84,
++ 0x1103a: 84,
++ 0x1103b: 84,
++ 0x1103c: 84,
++ 0x1103d: 84,
++ 0x1103e: 84,
++ 0x1103f: 84,
++ 0x11040: 84,
++ 0x11041: 84,
++ 0x11042: 84,
++ 0x11043: 84,
++ 0x11044: 84,
++ 0x11045: 84,
++ 0x11046: 84,
++ 0x11070: 84,
++ 0x11073: 84,
++ 0x11074: 84,
++ 0x1107f: 84,
++ 0x11080: 84,
++ 0x11081: 84,
++ 0x110b3: 84,
++ 0x110b4: 84,
++ 0x110b5: 84,
++ 0x110b6: 84,
++ 0x110b9: 84,
++ 0x110ba: 84,
++ 0x110c2: 84,
++ 0x11100: 84,
++ 0x11101: 84,
++ 0x11102: 84,
++ 0x11127: 84,
++ 0x11128: 84,
++ 0x11129: 84,
++ 0x1112a: 84,
++ 0x1112b: 84,
++ 0x1112d: 84,
++ 0x1112e: 84,
++ 0x1112f: 84,
++ 0x11130: 84,
++ 0x11131: 84,
++ 0x11132: 84,
++ 0x11133: 84,
++ 0x11134: 84,
++ 0x11173: 84,
++ 0x11180: 84,
++ 0x11181: 84,
++ 0x111b6: 84,
++ 0x111b7: 84,
++ 0x111b8: 84,
++ 0x111b9: 84,
++ 0x111ba: 84,
++ 0x111bb: 84,
++ 0x111bc: 84,
++ 0x111bd: 84,
++ 0x111be: 84,
++ 0x111c9: 84,
++ 0x111ca: 84,
++ 0x111cb: 84,
++ 0x111cc: 84,
++ 0x111cf: 84,
++ 0x1122f: 84,
++ 0x11230: 84,
++ 0x11231: 84,
++ 0x11234: 84,
++ 0x11236: 84,
++ 0x11237: 84,
++ 0x1123e: 84,
++ 0x112df: 84,
++ 0x112e3: 84,
++ 0x112e4: 84,
++ 0x112e5: 84,
++ 0x112e6: 84,
++ 0x112e7: 84,
++ 0x112e8: 84,
++ 0x112e9: 84,
++ 0x112ea: 84,
++ 0x11300: 84,
++ 0x11301: 84,
++ 0x1133b: 84,
++ 0x1133c: 84,
++ 0x11340: 84,
++ 0x11366: 84,
++ 0x11367: 84,
++ 0x11368: 84,
++ 0x11369: 84,
++ 0x1136a: 84,
++ 0x1136b: 84,
++ 0x1136c: 84,
++ 0x11370: 84,
++ 0x11371: 84,
++ 0x11372: 84,
++ 0x11373: 84,
++ 0x11374: 84,
++ 0x11438: 84,
++ 0x11439: 84,
++ 0x1143a: 84,
++ 0x1143b: 84,
++ 0x1143c: 84,
++ 0x1143d: 84,
++ 0x1143e: 84,
++ 0x1143f: 84,
++ 0x11442: 84,
++ 0x11443: 84,
++ 0x11444: 84,
++ 0x11446: 84,
++ 0x1145e: 84,
++ 0x114b3: 84,
++ 0x114b4: 84,
++ 0x114b5: 84,
++ 0x114b6: 84,
++ 0x114b7: 84,
++ 0x114b8: 84,
++ 0x114ba: 84,
++ 0x114bf: 84,
++ 0x114c0: 84,
++ 0x114c2: 84,
++ 0x114c3: 84,
++ 0x115b2: 84,
++ 0x115b3: 84,
++ 0x115b4: 84,
++ 0x115b5: 84,
++ 0x115bc: 84,
++ 0x115bd: 84,
++ 0x115bf: 84,
++ 0x115c0: 84,
++ 0x115dc: 84,
++ 0x115dd: 84,
++ 0x11633: 84,
++ 0x11634: 84,
++ 0x11635: 84,
++ 0x11636: 84,
++ 0x11637: 84,
++ 0x11638: 84,
++ 0x11639: 84,
++ 0x1163a: 84,
++ 0x1163d: 84,
++ 0x1163f: 84,
++ 0x11640: 84,
++ 0x116ab: 84,
++ 0x116ad: 84,
++ 0x116b0: 84,
++ 0x116b1: 84,
++ 0x116b2: 84,
++ 0x116b3: 84,
++ 0x116b4: 84,
++ 0x116b5: 84,
++ 0x116b7: 84,
++ 0x1171d: 84,
++ 0x1171e: 84,
++ 0x1171f: 84,
++ 0x11722: 84,
++ 0x11723: 84,
++ 0x11724: 84,
++ 0x11725: 84,
++ 0x11727: 84,
++ 0x11728: 84,
++ 0x11729: 84,
++ 0x1172a: 84,
++ 0x1172b: 84,
++ 0x1182f: 84,
++ 0x11830: 84,
++ 0x11831: 84,
++ 0x11832: 84,
++ 0x11833: 84,
++ 0x11834: 84,
++ 0x11835: 84,
++ 0x11836: 84,
++ 0x11837: 84,
++ 0x11839: 84,
++ 0x1183a: 84,
++ 0x1193b: 84,
++ 0x1193c: 84,
++ 0x1193e: 84,
++ 0x11943: 84,
++ 0x119d4: 84,
++ 0x119d5: 84,
++ 0x119d6: 84,
++ 0x119d7: 84,
++ 0x119da: 84,
++ 0x119db: 84,
++ 0x119e0: 84,
++ 0x11a01: 84,
++ 0x11a02: 84,
++ 0x11a03: 84,
++ 0x11a04: 84,
++ 0x11a05: 84,
++ 0x11a06: 84,
++ 0x11a07: 84,
++ 0x11a08: 84,
++ 0x11a09: 84,
++ 0x11a0a: 84,
++ 0x11a33: 84,
++ 0x11a34: 84,
++ 0x11a35: 84,
++ 0x11a36: 84,
++ 0x11a37: 84,
++ 0x11a38: 84,
++ 0x11a3b: 84,
++ 0x11a3c: 84,
++ 0x11a3d: 84,
++ 0x11a3e: 84,
++ 0x11a47: 84,
++ 0x11a51: 84,
++ 0x11a52: 84,
++ 0x11a53: 84,
++ 0x11a54: 84,
++ 0x11a55: 84,
++ 0x11a56: 84,
++ 0x11a59: 84,
++ 0x11a5a: 84,
++ 0x11a5b: 84,
++ 0x11a8a: 84,
++ 0x11a8b: 84,
++ 0x11a8c: 84,
++ 0x11a8d: 84,
++ 0x11a8e: 84,
++ 0x11a8f: 84,
++ 0x11a90: 84,
++ 0x11a91: 84,
++ 0x11a92: 84,
++ 0x11a93: 84,
++ 0x11a94: 84,
++ 0x11a95: 84,
++ 0x11a96: 84,
++ 0x11a98: 84,
++ 0x11a99: 84,
++ 0x11c30: 84,
++ 0x11c31: 84,
++ 0x11c32: 84,
++ 0x11c33: 84,
++ 0x11c34: 84,
++ 0x11c35: 84,
++ 0x11c36: 84,
++ 0x11c38: 84,
++ 0x11c39: 84,
++ 0x11c3a: 84,
++ 0x11c3b: 84,
++ 0x11c3c: 84,
++ 0x11c3d: 84,
++ 0x11c3f: 84,
++ 0x11c92: 84,
++ 0x11c93: 84,
++ 0x11c94: 84,
++ 0x11c95: 84,
++ 0x11c96: 84,
++ 0x11c97: 84,
++ 0x11c98: 84,
++ 0x11c99: 84,
++ 0x11c9a: 84,
++ 0x11c9b: 84,
++ 0x11c9c: 84,
++ 0x11c9d: 84,
++ 0x11c9e: 84,
++ 0x11c9f: 84,
++ 0x11ca0: 84,
++ 0x11ca1: 84,
++ 0x11ca2: 84,
++ 0x11ca3: 84,
++ 0x11ca4: 84,
++ 0x11ca5: 84,
++ 0x11ca6: 84,
++ 0x11ca7: 84,
++ 0x11caa: 84,
++ 0x11cab: 84,
++ 0x11cac: 84,
++ 0x11cad: 84,
++ 0x11cae: 84,
++ 0x11caf: 84,
++ 0x11cb0: 84,
++ 0x11cb2: 84,
++ 0x11cb3: 84,
++ 0x11cb5: 84,
++ 0x11cb6: 84,
++ 0x11d31: 84,
++ 0x11d32: 84,
++ 0x11d33: 84,
++ 0x11d34: 84,
++ 0x11d35: 84,
++ 0x11d36: 84,
++ 0x11d3a: 84,
++ 0x11d3c: 84,
++ 0x11d3d: 84,
++ 0x11d3f: 84,
++ 0x11d40: 84,
++ 0x11d41: 84,
++ 0x11d42: 84,
++ 0x11d43: 84,
++ 0x11d44: 84,
++ 0x11d45: 84,
++ 0x11d47: 84,
++ 0x11d90: 84,
++ 0x11d91: 84,
++ 0x11d95: 84,
++ 0x11d97: 84,
++ 0x11ef3: 84,
++ 0x11ef4: 84,
++ 0x13430: 84,
++ 0x13431: 84,
++ 0x13432: 84,
++ 0x13433: 84,
++ 0x13434: 84,
++ 0x13435: 84,
++ 0x13436: 84,
++ 0x13437: 84,
++ 0x13438: 84,
++ 0x16af0: 84,
++ 0x16af1: 84,
++ 0x16af2: 84,
++ 0x16af3: 84,
++ 0x16af4: 84,
++ 0x16b30: 84,
++ 0x16b31: 84,
++ 0x16b32: 84,
++ 0x16b33: 84,
++ 0x16b34: 84,
++ 0x16b35: 84,
++ 0x16b36: 84,
++ 0x16f4f: 84,
++ 0x16f8f: 84,
++ 0x16f90: 84,
++ 0x16f91: 84,
++ 0x16f92: 84,
++ 0x16fe4: 84,
++ 0x1bc9d: 84,
++ 0x1bc9e: 84,
++ 0x1bca0: 84,
++ 0x1bca1: 84,
++ 0x1bca2: 84,
++ 0x1bca3: 84,
++ 0x1cf00: 84,
++ 0x1cf01: 84,
++ 0x1cf02: 84,
++ 0x1cf03: 84,
++ 0x1cf04: 84,
++ 0x1cf05: 84,
++ 0x1cf06: 84,
++ 0x1cf07: 84,
++ 0x1cf08: 84,
++ 0x1cf09: 84,
++ 0x1cf0a: 84,
++ 0x1cf0b: 84,
++ 0x1cf0c: 84,
++ 0x1cf0d: 84,
++ 0x1cf0e: 84,
++ 0x1cf0f: 84,
++ 0x1cf10: 84,
++ 0x1cf11: 84,
++ 0x1cf12: 84,
++ 0x1cf13: 84,
++ 0x1cf14: 84,
++ 0x1cf15: 84,
++ 0x1cf16: 84,
++ 0x1cf17: 84,
++ 0x1cf18: 84,
++ 0x1cf19: 84,
++ 0x1cf1a: 84,
++ 0x1cf1b: 84,
++ 0x1cf1c: 84,
++ 0x1cf1d: 84,
++ 0x1cf1e: 84,
++ 0x1cf1f: 84,
++ 0x1cf20: 84,
++ 0x1cf21: 84,
++ 0x1cf22: 84,
++ 0x1cf23: 84,
++ 0x1cf24: 84,
++ 0x1cf25: 84,
++ 0x1cf26: 84,
++ 0x1cf27: 84,
++ 0x1cf28: 84,
++ 0x1cf29: 84,
++ 0x1cf2a: 84,
++ 0x1cf2b: 84,
++ 0x1cf2c: 84,
++ 0x1cf2d: 84,
++ 0x1cf30: 84,
++ 0x1cf31: 84,
++ 0x1cf32: 84,
++ 0x1cf33: 84,
++ 0x1cf34: 84,
++ 0x1cf35: 84,
++ 0x1cf36: 84,
++ 0x1cf37: 84,
++ 0x1cf38: 84,
++ 0x1cf39: 84,
++ 0x1cf3a: 84,
++ 0x1cf3b: 84,
++ 0x1cf3c: 84,
++ 0x1cf3d: 84,
++ 0x1cf3e: 84,
++ 0x1cf3f: 84,
++ 0x1cf40: 84,
++ 0x1cf41: 84,
++ 0x1cf42: 84,
++ 0x1cf43: 84,
++ 0x1cf44: 84,
++ 0x1cf45: 84,
++ 0x1cf46: 84,
++ 0x1d167: 84,
++ 0x1d168: 84,
++ 0x1d169: 84,
++ 0x1d173: 84,
++ 0x1d174: 84,
++ 0x1d175: 84,
++ 0x1d176: 84,
++ 0x1d177: 84,
++ 0x1d178: 84,
++ 0x1d179: 84,
++ 0x1d17a: 84,
++ 0x1d17b: 84,
++ 0x1d17c: 84,
++ 0x1d17d: 84,
++ 0x1d17e: 84,
++ 0x1d17f: 84,
++ 0x1d180: 84,
++ 0x1d181: 84,
++ 0x1d182: 84,
++ 0x1d185: 84,
++ 0x1d186: 84,
++ 0x1d187: 84,
++ 0x1d188: 84,
++ 0x1d189: 84,
++ 0x1d18a: 84,
++ 0x1d18b: 84,
++ 0x1d1aa: 84,
++ 0x1d1ab: 84,
++ 0x1d1ac: 84,
++ 0x1d1ad: 84,
++ 0x1d242: 84,
++ 0x1d243: 84,
++ 0x1d244: 84,
++ 0x1da00: 84,
++ 0x1da01: 84,
++ 0x1da02: 84,
++ 0x1da03: 84,
++ 0x1da04: 84,
++ 0x1da05: 84,
++ 0x1da06: 84,
++ 0x1da07: 84,
++ 0x1da08: 84,
++ 0x1da09: 84,
++ 0x1da0a: 84,
++ 0x1da0b: 84,
++ 0x1da0c: 84,
++ 0x1da0d: 84,
++ 0x1da0e: 84,
++ 0x1da0f: 84,
++ 0x1da10: 84,
++ 0x1da11: 84,
++ 0x1da12: 84,
++ 0x1da13: 84,
++ 0x1da14: 84,
++ 0x1da15: 84,
++ 0x1da16: 84,
++ 0x1da17: 84,
++ 0x1da18: 84,
++ 0x1da19: 84,
++ 0x1da1a: 84,
++ 0x1da1b: 84,
++ 0x1da1c: 84,
++ 0x1da1d: 84,
++ 0x1da1e: 84,
++ 0x1da1f: 84,
++ 0x1da20: 84,
++ 0x1da21: 84,
++ 0x1da22: 84,
++ 0x1da23: 84,
++ 0x1da24: 84,
++ 0x1da25: 84,
++ 0x1da26: 84,
++ 0x1da27: 84,
++ 0x1da28: 84,
++ 0x1da29: 84,
++ 0x1da2a: 84,
++ 0x1da2b: 84,
++ 0x1da2c: 84,
++ 0x1da2d: 84,
++ 0x1da2e: 84,
++ 0x1da2f: 84,
++ 0x1da30: 84,
++ 0x1da31: 84,
++ 0x1da32: 84,
++ 0x1da33: 84,
++ 0x1da34: 84,
++ 0x1da35: 84,
++ 0x1da36: 84,
++ 0x1da3b: 84,
++ 0x1da3c: 84,
++ 0x1da3d: 84,
++ 0x1da3e: 84,
++ 0x1da3f: 84,
++ 0x1da40: 84,
++ 0x1da41: 84,
++ 0x1da42: 84,
++ 0x1da43: 84,
++ 0x1da44: 84,
++ 0x1da45: 84,
++ 0x1da46: 84,
++ 0x1da47: 84,
++ 0x1da48: 84,
++ 0x1da49: 84,
++ 0x1da4a: 84,
++ 0x1da4b: 84,
++ 0x1da4c: 84,
++ 0x1da4d: 84,
++ 0x1da4e: 84,
++ 0x1da4f: 84,
++ 0x1da50: 84,
++ 0x1da51: 84,
++ 0x1da52: 84,
++ 0x1da53: 84,
++ 0x1da54: 84,
++ 0x1da55: 84,
++ 0x1da56: 84,
++ 0x1da57: 84,
++ 0x1da58: 84,
++ 0x1da59: 84,
++ 0x1da5a: 84,
++ 0x1da5b: 84,
++ 0x1da5c: 84,
++ 0x1da5d: 84,
++ 0x1da5e: 84,
++ 0x1da5f: 84,
++ 0x1da60: 84,
++ 0x1da61: 84,
++ 0x1da62: 84,
++ 0x1da63: 84,
++ 0x1da64: 84,
++ 0x1da65: 84,
++ 0x1da66: 84,
++ 0x1da67: 84,
++ 0x1da68: 84,
++ 0x1da69: 84,
++ 0x1da6a: 84,
++ 0x1da6b: 84,
++ 0x1da6c: 84,
++ 0x1da75: 84,
++ 0x1da84: 84,
++ 0x1da9b: 84,
++ 0x1da9c: 84,
++ 0x1da9d: 84,
++ 0x1da9e: 84,
++ 0x1da9f: 84,
++ 0x1daa1: 84,
++ 0x1daa2: 84,
++ 0x1daa3: 84,
++ 0x1daa4: 84,
++ 0x1daa5: 84,
++ 0x1daa6: 84,
++ 0x1daa7: 84,
++ 0x1daa8: 84,
++ 0x1daa9: 84,
++ 0x1daaa: 84,
++ 0x1daab: 84,
++ 0x1daac: 84,
++ 0x1daad: 84,
++ 0x1daae: 84,
++ 0x1daaf: 84,
++ 0x1e000: 84,
++ 0x1e001: 84,
++ 0x1e002: 84,
++ 0x1e003: 84,
++ 0x1e004: 84,
++ 0x1e005: 84,
++ 0x1e006: 84,
++ 0x1e008: 84,
++ 0x1e009: 84,
++ 0x1e00a: 84,
++ 0x1e00b: 84,
++ 0x1e00c: 84,
++ 0x1e00d: 84,
++ 0x1e00e: 84,
++ 0x1e00f: 84,
++ 0x1e010: 84,
++ 0x1e011: 84,
++ 0x1e012: 84,
++ 0x1e013: 84,
++ 0x1e014: 84,
++ 0x1e015: 84,
++ 0x1e016: 84,
++ 0x1e017: 84,
++ 0x1e018: 84,
++ 0x1e01b: 84,
++ 0x1e01c: 84,
++ 0x1e01d: 84,
++ 0x1e01e: 84,
++ 0x1e01f: 84,
++ 0x1e020: 84,
++ 0x1e021: 84,
++ 0x1e023: 84,
++ 0x1e024: 84,
++ 0x1e026: 84,
++ 0x1e027: 84,
++ 0x1e028: 84,
++ 0x1e029: 84,
++ 0x1e02a: 84,
++ 0x1e130: 84,
++ 0x1e131: 84,
++ 0x1e132: 84,
++ 0x1e133: 84,
++ 0x1e134: 84,
++ 0x1e135: 84,
++ 0x1e136: 84,
++ 0x1e2ae: 84,
++ 0x1e2ec: 84,
++ 0x1e2ed: 84,
++ 0x1e2ee: 84,
++ 0x1e2ef: 84,
++ 0x1e8d0: 84,
++ 0x1e8d1: 84,
++ 0x1e8d2: 84,
++ 0x1e8d3: 84,
++ 0x1e8d4: 84,
++ 0x1e8d5: 84,
++ 0x1e8d6: 84,
+ 0x1e900: 68,
+ 0x1e901: 68,
+ 0x1e902: 68,
+@@ -924,7 +2634,351 @@ joining_types = {
+ 0x1e941: 68,
+ 0x1e942: 68,
+ 0x1e943: 68,
++ 0x1e944: 84,
++ 0x1e945: 84,
++ 0x1e946: 84,
++ 0x1e947: 84,
++ 0x1e948: 84,
++ 0x1e949: 84,
++ 0x1e94a: 84,
+ 0x1e94b: 84,
++ 0xe0001: 84,
++ 0xe0020: 84,
++ 0xe0021: 84,
++ 0xe0022: 84,
++ 0xe0023: 84,
++ 0xe0024: 84,
++ 0xe0025: 84,
++ 0xe0026: 84,
++ 0xe0027: 84,
++ 0xe0028: 84,
++ 0xe0029: 84,
++ 0xe002a: 84,
++ 0xe002b: 84,
++ 0xe002c: 84,
++ 0xe002d: 84,
++ 0xe002e: 84,
++ 0xe002f: 84,
++ 0xe0030: 84,
++ 0xe0031: 84,
++ 0xe0032: 84,
++ 0xe0033: 84,
++ 0xe0034: 84,
++ 0xe0035: 84,
++ 0xe0036: 84,
++ 0xe0037: 84,
++ 0xe0038: 84,
++ 0xe0039: 84,
++ 0xe003a: 84,
++ 0xe003b: 84,
++ 0xe003c: 84,
++ 0xe003d: 84,
++ 0xe003e: 84,
++ 0xe003f: 84,
++ 0xe0040: 84,
++ 0xe0041: 84,
++ 0xe0042: 84,
++ 0xe0043: 84,
++ 0xe0044: 84,
++ 0xe0045: 84,
++ 0xe0046: 84,
++ 0xe0047: 84,
++ 0xe0048: 84,
++ 0xe0049: 84,
++ 0xe004a: 84,
++ 0xe004b: 84,
++ 0xe004c: 84,
++ 0xe004d: 84,
++ 0xe004e: 84,
++ 0xe004f: 84,
++ 0xe0050: 84,
++ 0xe0051: 84,
++ 0xe0052: 84,
++ 0xe0053: 84,
++ 0xe0054: 84,
++ 0xe0055: 84,
++ 0xe0056: 84,
++ 0xe0057: 84,
++ 0xe0058: 84,
++ 0xe0059: 84,
++ 0xe005a: 84,
++ 0xe005b: 84,
++ 0xe005c: 84,
++ 0xe005d: 84,
++ 0xe005e: 84,
++ 0xe005f: 84,
++ 0xe0060: 84,
++ 0xe0061: 84,
++ 0xe0062: 84,
++ 0xe0063: 84,
++ 0xe0064: 84,
++ 0xe0065: 84,
++ 0xe0066: 84,
++ 0xe0067: 84,
++ 0xe0068: 84,
++ 0xe0069: 84,
++ 0xe006a: 84,
++ 0xe006b: 84,
++ 0xe006c: 84,
++ 0xe006d: 84,
++ 0xe006e: 84,
++ 0xe006f: 84,
++ 0xe0070: 84,
++ 0xe0071: 84,
++ 0xe0072: 84,
++ 0xe0073: 84,
++ 0xe0074: 84,
++ 0xe0075: 84,
++ 0xe0076: 84,
++ 0xe0077: 84,
++ 0xe0078: 84,
++ 0xe0079: 84,
++ 0xe007a: 84,
++ 0xe007b: 84,
++ 0xe007c: 84,
++ 0xe007d: 84,
++ 0xe007e: 84,
++ 0xe007f: 84,
++ 0xe0100: 84,
++ 0xe0101: 84,
++ 0xe0102: 84,
++ 0xe0103: 84,
++ 0xe0104: 84,
++ 0xe0105: 84,
++ 0xe0106: 84,
++ 0xe0107: 84,
++ 0xe0108: 84,
++ 0xe0109: 84,
++ 0xe010a: 84,
++ 0xe010b: 84,
++ 0xe010c: 84,
++ 0xe010d: 84,
++ 0xe010e: 84,
++ 0xe010f: 84,
++ 0xe0110: 84,
++ 0xe0111: 84,
++ 0xe0112: 84,
++ 0xe0113: 84,
++ 0xe0114: 84,
++ 0xe0115: 84,
++ 0xe0116: 84,
++ 0xe0117: 84,
++ 0xe0118: 84,
++ 0xe0119: 84,
++ 0xe011a: 84,
++ 0xe011b: 84,
++ 0xe011c: 84,
++ 0xe011d: 84,
++ 0xe011e: 84,
++ 0xe011f: 84,
++ 0xe0120: 84,
++ 0xe0121: 84,
++ 0xe0122: 84,
++ 0xe0123: 84,
++ 0xe0124: 84,
++ 0xe0125: 84,
++ 0xe0126: 84,
++ 0xe0127: 84,
++ 0xe0128: 84,
++ 0xe0129: 84,
++ 0xe012a: 84,
++ 0xe012b: 84,
++ 0xe012c: 84,
++ 0xe012d: 84,
++ 0xe012e: 84,
++ 0xe012f: 84,
++ 0xe0130: 84,
++ 0xe0131: 84,
++ 0xe0132: 84,
++ 0xe0133: 84,
++ 0xe0134: 84,
++ 0xe0135: 84,
++ 0xe0136: 84,
++ 0xe0137: 84,
++ 0xe0138: 84,
++ 0xe0139: 84,
++ 0xe013a: 84,
++ 0xe013b: 84,
++ 0xe013c: 84,
++ 0xe013d: 84,
++ 0xe013e: 84,
++ 0xe013f: 84,
++ 0xe0140: 84,
++ 0xe0141: 84,
++ 0xe0142: 84,
++ 0xe0143: 84,
++ 0xe0144: 84,
++ 0xe0145: 84,
++ 0xe0146: 84,
++ 0xe0147: 84,
++ 0xe0148: 84,
++ 0xe0149: 84,
++ 0xe014a: 84,
++ 0xe014b: 84,
++ 0xe014c: 84,
++ 0xe014d: 84,
++ 0xe014e: 84,
++ 0xe014f: 84,
++ 0xe0150: 84,
++ 0xe0151: 84,
++ 0xe0152: 84,
++ 0xe0153: 84,
++ 0xe0154: 84,
++ 0xe0155: 84,
++ 0xe0156: 84,
++ 0xe0157: 84,
++ 0xe0158: 84,
++ 0xe0159: 84,
++ 0xe015a: 84,
++ 0xe015b: 84,
++ 0xe015c: 84,
++ 0xe015d: 84,
++ 0xe015e: 84,
++ 0xe015f: 84,
++ 0xe0160: 84,
++ 0xe0161: 84,
++ 0xe0162: 84,
++ 0xe0163: 84,
++ 0xe0164: 84,
++ 0xe0165: 84,
++ 0xe0166: 84,
++ 0xe0167: 84,
++ 0xe0168: 84,
++ 0xe0169: 84,
++ 0xe016a: 84,
++ 0xe016b: 84,
++ 0xe016c: 84,
++ 0xe016d: 84,
++ 0xe016e: 84,
++ 0xe016f: 84,
++ 0xe0170: 84,
++ 0xe0171: 84,
++ 0xe0172: 84,
++ 0xe0173: 84,
++ 0xe0174: 84,
++ 0xe0175: 84,
++ 0xe0176: 84,
++ 0xe0177: 84,
++ 0xe0178: 84,
++ 0xe0179: 84,
++ 0xe017a: 84,
++ 0xe017b: 84,
++ 0xe017c: 84,
++ 0xe017d: 84,
++ 0xe017e: 84,
++ 0xe017f: 84,
++ 0xe0180: 84,
++ 0xe0181: 84,
++ 0xe0182: 84,
++ 0xe0183: 84,
++ 0xe0184: 84,
++ 0xe0185: 84,
++ 0xe0186: 84,
++ 0xe0187: 84,
++ 0xe0188: 84,
++ 0xe0189: 84,
++ 0xe018a: 84,
++ 0xe018b: 84,
++ 0xe018c: 84,
++ 0xe018d: 84,
++ 0xe018e: 84,
++ 0xe018f: 84,
++ 0xe0190: 84,
++ 0xe0191: 84,
++ 0xe0192: 84,
++ 0xe0193: 84,
++ 0xe0194: 84,
++ 0xe0195: 84,
++ 0xe0196: 84,
++ 0xe0197: 84,
++ 0xe0198: 84,
++ 0xe0199: 84,
++ 0xe019a: 84,
++ 0xe019b: 84,
++ 0xe019c: 84,
++ 0xe019d: 84,
++ 0xe019e: 84,
++ 0xe019f: 84,
++ 0xe01a0: 84,
++ 0xe01a1: 84,
++ 0xe01a2: 84,
++ 0xe01a3: 84,
++ 0xe01a4: 84,
++ 0xe01a5: 84,
++ 0xe01a6: 84,
++ 0xe01a7: 84,
++ 0xe01a8: 84,
++ 0xe01a9: 84,
++ 0xe01aa: 84,
++ 0xe01ab: 84,
++ 0xe01ac: 84,
++ 0xe01ad: 84,
++ 0xe01ae: 84,
++ 0xe01af: 84,
++ 0xe01b0: 84,
++ 0xe01b1: 84,
++ 0xe01b2: 84,
++ 0xe01b3: 84,
++ 0xe01b4: 84,
++ 0xe01b5: 84,
++ 0xe01b6: 84,
++ 0xe01b7: 84,
++ 0xe01b8: 84,
++ 0xe01b9: 84,
++ 0xe01ba: 84,
++ 0xe01bb: 84,
++ 0xe01bc: 84,
++ 0xe01bd: 84,
++ 0xe01be: 84,
++ 0xe01bf: 84,
++ 0xe01c0: 84,
++ 0xe01c1: 84,
++ 0xe01c2: 84,
++ 0xe01c3: 84,
++ 0xe01c4: 84,
++ 0xe01c5: 84,
++ 0xe01c6: 84,
++ 0xe01c7: 84,
++ 0xe01c8: 84,
++ 0xe01c9: 84,
++ 0xe01ca: 84,
++ 0xe01cb: 84,
++ 0xe01cc: 84,
++ 0xe01cd: 84,
++ 0xe01ce: 84,
++ 0xe01cf: 84,
++ 0xe01d0: 84,
++ 0xe01d1: 84,
++ 0xe01d2: 84,
++ 0xe01d3: 84,
++ 0xe01d4: 84,
++ 0xe01d5: 84,
++ 0xe01d6: 84,
++ 0xe01d7: 84,
++ 0xe01d8: 84,
++ 0xe01d9: 84,
++ 0xe01da: 84,
++ 0xe01db: 84,
++ 0xe01dc: 84,
++ 0xe01dd: 84,
++ 0xe01de: 84,
++ 0xe01df: 84,
++ 0xe01e0: 84,
++ 0xe01e1: 84,
++ 0xe01e2: 84,
++ 0xe01e3: 84,
++ 0xe01e4: 84,
++ 0xe01e5: 84,
++ 0xe01e6: 84,
++ 0xe01e7: 84,
++ 0xe01e8: 84,
++ 0xe01e9: 84,
++ 0xe01ea: 84,
++ 0xe01eb: 84,
++ 0xe01ec: 84,
++ 0xe01ed: 84,
++ 0xe01ee: 84,
++ 0xe01ef: 84,
+ }
+ codepoint_classes = {
+ 'PVALID': (
+@@ -1831,7 +3885,6 @@ codepoint_classes = {
+ 0xa7d50000a7d6,
+ 0xa7d70000a7d8,
+ 0xa7d90000a7da,
+- 0xa7f20000a7f5,
+ 0xa7f60000a7f8,
+ 0xa7fa0000a828,
+ 0xa82c0000a82d,
+@@ -1859,7 +3912,7 @@ codepoint_classes = {
+ 0xab200000ab27,
+ 0xab280000ab2f,
+ 0xab300000ab5b,
+- 0xab600000ab6a,
++ 0xab600000ab69,
+ 0xabc00000abeb,
+ 0xabec0000abee,
+ 0xabf00000abfa,
+@@ -1904,9 +3957,7 @@ codepoint_classes = {
+ 0x1060000010737,
+ 0x1074000010756,
+ 0x1076000010768,
+- 0x1078000010786,
+- 0x10787000107b1,
+- 0x107b2000107bb,
++ 0x1078000010781,
+ 0x1080000010806,
+ 0x1080800010809,
+ 0x1080a00010836,
+@@ -2115,7 +4166,6 @@ codepoint_classes = {
+ 0x1e8d00001e8d7,
+ 0x1e9220001e94c,
+ 0x1e9500001e95a,
+- 0x1fbf00001fbfa,
+ 0x200000002a6e0,
+ 0x2a7000002b739,
+ 0x2b7400002b81e,
+diff --git a/tools/idna-data b/tools/idna-data
+index f5572a8..9fe004a 100755
+--- a/tools/idna-data
++++ b/tools/idna-data
+@@ -238,11 +238,18 @@ class UnicodeData(object):
+ def _load_arabicshaping(self):
+
+ self.ucd_as = {}
+- f_as = self._ucdfile('ArabicShaping.txt')
++ f_as = self._ucdfile('extracted/DerivedJoiningType.txt')
+ for line in f_as.splitlines():
+- result = re.match(r'^(?P<cp>[0-9A-F]{4,6})\s*;\s*.*?\s*;\s*(?P<jt>\S+)\s*;', line)
++ result = re.match(
++ r'^(?P<start>[0-9A-F]{4,6})(|\.\.(?P<end>[0-9A-F]{4,6}))\s*;\s*(?P<jt>\S+)\s*(|\#.*)$',
++ line)
+ if result:
+- self.ucd_as[int(result.group('cp'), 16)] = result.group('jt')
++ if result.group('end'):
++ for i in hexrange(result.group('start'), result.group('end')):
++ self.ucd_as[i] = result.group('jt')
++ else:
++ i = hexvalue(result.group('start'))
++ self.ucd_as[i] = result.group('jt')
+
+ def _load_scripts(self):
+
diff --git a/meta/recipes-devtools/python/python3-idna_3.3.bb b/meta/recipes-devtools/python/python3-idna_3.3.bb
index ee92f44fd5..c5d88259bf 100644
--- a/meta/recipes-devtools/python/python3-idna_3.3.bb
+++ b/meta/recipes-devtools/python/python3-idna_3.3.bb
@@ -5,6 +5,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=239668a7c6066d9e0c5382e9c8c6c0e1"
SRC_URI[sha256sum] = "9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"
+SRC_URI += " file://CVE-2024-3651.patch"
+
inherit pypi setuptools3
# Remove bundled egg-info
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 2/9] ruby: fix CVE-2024-35176
2025-11-25 20:54 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 1/9] python3-idna: Fix CVE-2024-3651 Steve Sakoman
@ 2025-11-25 20:54 ` Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 3/9] ruby: fix CVE-2024-39908 Steve Sakoman
` (6 subsequent siblings)
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-11-25 20:54 UTC (permalink / raw)
To: openembedded-core
From: Divya Chellam <divya.chellam@windriver.com>
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a
denial of service vulnerability when it parses an XML that has many
`<`s in an attribute value. Those who need to parse untrusted XMLs
may be impacted to this vulnerability. The REXML gem 3.2.7 or later
include the patch to fix this vulnerability. As a workaround, don't
parse untrusted XMLs.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-35176
Upstream-patch:
https://github.com/ruby/rexml/commit/4325835f92f3f142ebd91a3fdba4e1f1ab7f1cfb
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ruby/ruby/CVE-2024-35176.patch | 112 ++++++++++++++++++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
2 files changed, 113 insertions(+)
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-35176.patch
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-35176.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-35176.patch
new file mode 100644
index 0000000000..83fa3fa4e7
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-35176.patch
@@ -0,0 +1,112 @@
+From 4325835f92f3f142ebd91a3fdba4e1f1ab7f1cfb Mon Sep 17 00:00:00 2001
+From: Nobuyoshi Nakada <nobu@ruby-lang.org>
+Date: Thu, 16 May 2024 11:26:51 +0900
+Subject: [PATCH] Read quoted attributes in chunks (#126)
+
+CVE: CVE-2024-35176
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/4325835f92f3f142ebd91a3fdba4e1f1ab7f1cfb]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .../lib/rexml/parsers/baseparser.rb | 20 ++++++-------
+ .bundle/gems/rexml-3.2.5/lib/rexml/source.rb | 29 +++++++++++++++----
+ 2 files changed, 34 insertions(+), 15 deletions(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index b97beb3..eab942d 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -675,17 +675,17 @@ module REXML
+ message = "Missing attribute equal: <#{name}>"
+ raise REXML::ParseException.new(message, @source)
+ end
+- unless match = @source.match(/(['"])(.*?)\1\s*/um, true)
+- if match = @source.match(/(['"])/, true)
+- message =
+- "Missing attribute value end quote: <#{name}>: <#{match[1]}>"
+- raise REXML::ParseException.new(message, @source)
+- else
+- message = "Missing attribute value start quote: <#{name}>"
+- raise REXML::ParseException.new(message, @source)
+- end
++ unless match = @source.match(/(['"])/, true)
++ message = "Missing attribute value start quote: <#{name}>"
++ raise REXML::ParseException.new(message, @source)
++ end
++ quote = match[1]
++ value = @source.read_until(quote)
++ unless value.chomp!(quote)
++ message = "Missing attribute value end quote: <#{name}>: <#{quote}>"
++ raise REXML::ParseException.new(message, @source)
+ end
+- value = match[2]
++ @source.match(/\s*/um, true)
+ if prefix == "xmlns"
+ if local_part == "xml"
+ if value != "http://www.w3.org/XML/1998/namespace"
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+index 4111d1d..7132147 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+@@ -65,7 +65,11 @@ module REXML
+ encoding_updated
+ end
+
+- def read
++ def read(term = nil)
++ end
++
++ def read_until(term)
++ @scanner.scan_until(Regexp.union(term)) or @scanner.rest
+ end
+
+ def match(pattern, cons=false)
+@@ -151,9 +155,9 @@ module REXML
+ end
+ end
+
+- def read
++ def read(term = nil)
+ begin
+- @scanner << readline
++ @scanner << readline(term)
+ true
+ rescue Exception, NameError
+ @source = nil
+@@ -161,6 +165,21 @@ module REXML
+ end
+ end
+
++ def read_until(term)
++ pattern = Regexp.union(term)
++ data = []
++ begin
++ until str = @scanner.scan_until(pattern)
++ @scanner << readline(term)
++ end
++ rescue EOFError
++ @scanner.rest
++ else
++ read if @scanner.eos? and !@source.eof?
++ str
++ end
++ end
++
+ def match( pattern, cons=false )
+ read if @scanner.eos? && @source
+ while true
+@@ -205,8 +224,8 @@ module REXML
+ end
+
+ private
+- def readline
+- str = @source.readline(@line_break)
++ def readline(term = nil)
++ str = @source.readline(term || @line_break)
+ if @pending_buffer
+ if str.nil?
+ str = @pending_buffer
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
index 19641e5a51..6a381b2e40 100644
--- a/meta/recipes-devtools/ruby/ruby_3.1.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
@@ -53,6 +53,7 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
file://CVE-2024-43398-0003.patch \
file://CVE-2025-27221-0001.patch \
file://CVE-2025-27221-0002.patch \
+ file://CVE-2024-35176.patch \
"
UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 3/9] ruby: fix CVE-2024-39908
2025-11-25 20:54 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 1/9] python3-idna: Fix CVE-2024-3651 Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 2/9] ruby: fix CVE-2024-35176 Steve Sakoman
@ 2025-11-25 20:54 ` Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 4/9] ruby: fix CVE-2024-41123 Steve Sakoman
` (5 subsequent siblings)
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-11-25 20:54 UTC (permalink / raw)
To: openembedded-core
From: Divya Chellam <divya.chellam@windriver.com>
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some
DoS vulnerabilities when it parses an XML that has many specific characters
such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be
impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the
patches to fix these vulnerabilities. Users are advised to upgrade. Users
unable to upgrade should avoid parsing untrusted XML strings.
Reference:
https://security-tracker.debian.org/tracker/CVE-2024-39908
Upstream-patches:
https://github.com/ruby/rexml/commit/f1df7d13b3e57a5e059273d2f0870163c08d7420
https://github.com/ruby/rexml/commit/d146162e9a61574499d10428bc0065754cd26601
https://github.com/ruby/rexml/commit/b5bf109a599ea733663150e99c09eb44046b41dd
https://github.com/ruby/rexml/commit/b8a5f4cd5c8fe29c65d7a00e67170223d9d2b50e
https://github.com/ruby/rexml/commit/0af55fa49d4c9369f90f239a9571edab800ed36e
https://github.com/ruby/rexml/commit/c1b64c174ec2e8ca2174c51332670e3be30c865f
https://github.com/ruby/rexml/commit/9f1415a2616c77cad44a176eee90e8457b4774b6
https://github.com/ruby/rexml/commit/c33ea498102be65082940e8b7d6d31cb2c6e6ee2
https://github.com/ruby/rexml/commit/a79ac8b4b42a9efabe33a0be31bd82d33fd50347
https://github.com/ruby/rexml/commit/67efb5951ed09dbb575c375b130a1e469f437d1f
https://github.com/ruby/rexml/commit/1f1e6e9b40bf339894e843dfd679c2fb1a5ddbf2
https://github.com/ruby/rexml/commit/910e5a2b487cb5a30989884a39f9cad2cc499cfc
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ruby/ruby/CVE-2024-39908-0001.patch | 46 +++++++
.../ruby/ruby/CVE-2024-39908-0002.patch | 130 ++++++++++++++++++
.../ruby/ruby/CVE-2024-39908-0003.patch | 46 +++++++
.../ruby/ruby/CVE-2024-39908-0004.patch | 76 ++++++++++
.../ruby/ruby/CVE-2024-39908-0005.patch | 87 ++++++++++++
.../ruby/ruby/CVE-2024-39908-0006.patch | 44 ++++++
.../ruby/ruby/CVE-2024-39908-0007.patch | 44 ++++++
.../ruby/ruby/CVE-2024-39908-0008.patch | 44 ++++++
.../ruby/ruby/CVE-2024-39908-0009.patch | 36 +++++
.../ruby/ruby/CVE-2024-39908-0010.patch | 53 +++++++
.../ruby/ruby/CVE-2024-39908-0011.patch | 35 +++++
.../ruby/ruby/CVE-2024-39908-0012.patch | 36 +++++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 12 ++
13 files changed, 689 insertions(+)
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0001.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0002.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0003.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0004.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0006.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0008.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0009.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0010.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0011.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0012.patch
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0001.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0001.patch
new file mode 100644
index 0000000000..44d3e1dffe
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0001.patch
@@ -0,0 +1,46 @@
+From f1df7d13b3e57a5e059273d2f0870163c08d7420 Mon Sep 17 00:00:00 2001
+From: Sutou Kouhei <kou@clear-code.com>
+Date: Mon, 20 May 2024 12:17:27 +0900
+Subject: [PATCH] Add support for old strscan
+
+Fix GH-132
+
+If we support old strscan, users can also use strscan installed as a
+default gem.
+
+Reported by Adam. Thanks!!!
+
+CVE: CVE-2024-39908
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/f1df7d13b3e57a5e059273d2f0870163c08d7420]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .../gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index eab942d..8ea8b43 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -7,6 +7,17 @@ require "strscan"
+
+ module REXML
+ module Parsers
++ if StringScanner::Version < "3.0.8"
++ module StringScannerCaptures
++ refine StringScanner do
++ def captures
++ values_at(*(1...size))
++ end
++ end
++ end
++ using StringScannerCaptures
++ end
++
+ # = Using the Pull Parser
+ # <em>This API is experimental, and subject to change.</em>
+ # parser = PullParser.new( "<a>text<b att='val'/>txet</a>" )
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0002.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0002.patch
new file mode 100644
index 0000000000..25a9e70891
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0002.patch
@@ -0,0 +1,130 @@
+From d146162e9a61574499d10428bc0065754cd26601 Mon Sep 17 00:00:00 2001
+From: NAITOH Jun <naitoh@gmail.com>
+Date: Mon, 4 Mar 2024 05:24:53 +0900
+Subject: [PATCH] Remove `Source#string=` method (#117)
+
+We want to just change scan pointer.
+
+https://github.com/ruby/rexml/pull/114#discussion_r1501773803
+> I want to just change scan pointer (`StringScanner#pos=`) instead of
+changing `@scanner.string`.
+
+CVE: CVE-2024-39908
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/d146162e9a61574499d10428bc0065754cd26601]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .../lib/rexml/parsers/baseparser.rb | 19 +++++++++++--------
+ .bundle/gems/rexml-3.2.5/lib/rexml/source.rb | 8 ++++++--
+ 2 files changed, 17 insertions(+), 10 deletions(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 8ea8b43..81415a8 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -231,8 +231,9 @@ module REXML
+ #STDERR.puts @source.encoding
+ #STDERR.puts "BUFFER = #{@source.buffer.inspect}"
+ if @document_status == nil
++ start_position = @source.position
+ if @source.match("<?", true)
+- return process_instruction
++ return process_instruction(start_position)
+ elsif @source.match("<!", true)
+ if @source.match("--", true)
+ return [ :comment, @source.match(/(.*?)-->/um, true)[1] ]
+@@ -244,7 +245,7 @@ module REXML
+ else
+ message = "#{base_error_message}: invalid name"
+ end
+- @source.string = "<!DOCTYPE" + @source.buffer
++ @source.position = start_position
+ raise REXML::ParseException.new(message, @source)
+ end
+ name = parse_name(base_error_message)
+@@ -285,6 +286,7 @@ module REXML
+ end
+ if @document_status == :in_doctype
+ @source.match(/\s*/um, true) # skip spaces
++ start_position = @source.position
+ if @source.match("<!", true)
+ if @source.match("ELEMENT", true)
+ md = @source.match(/(.*?)>/um, true)
+@@ -344,7 +346,7 @@ module REXML
+ else
+ message = "#{base_error_message}: invalid name"
+ end
+- @source.string = " <!NOTATION" + @source.buffer
++ @source.position = start_position
+ raise REXML::ParseException.new(message, @source)
+ end
+ name = parse_name(base_error_message)
+@@ -374,6 +376,7 @@ module REXML
+ @source.match(/\s*/um, true)
+ end
+ begin
++ start_position = @source.position
+ if @source.match("<", true)
+ if @source.match("/", true)
+ @namespaces_restore_stack.pop
+@@ -386,7 +389,7 @@ module REXML
+ if md.nil? or last_tag != md[1]
+ message = "Missing end tag for '#{last_tag}'"
+ message += " (got '#{md[1]}')" if md
+- @source.string = "</" + @source.buffer if md.nil?
++ @source.position = start_position if md.nil?
+ raise REXML::ParseException.new(message, @source)
+ end
+ return [ :end_element, last_tag ]
+@@ -410,12 +413,12 @@ module REXML
+ raise REXML::ParseException.new( "Declarations can only occur "+
+ "in the doctype declaration.", @source)
+ elsif @source.match("?", true)
+- return process_instruction
++ return process_instruction(start_position)
+ else
+ # Get the next tag
+ md = @source.match(TAG_PATTERN, true)
+ unless md
+- @source.string = "<" + @source.buffer
++ @source.position = start_position
+ raise REXML::ParseException.new("malformed XML: missing tag start", @source)
+ end
+ tag = md[1]
+@@ -641,11 +644,11 @@ module REXML
+ end
+ end
+
+- def process_instruction
++ def process_instruction(start_position)
+ match_data = @source.match(INSTRUCTION_END, true)
+ unless match_data
+ message = "Invalid processing instruction node"
+- @source.string = "<?" + @source.buffer
++ @source.position = start_position
+ raise REXML::ParseException.new(message, @source)
+ end
+ if @document_status.nil? and match_data[1] == "xml"
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+index 7132147..b20cc4f 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+@@ -80,8 +80,12 @@ module REXML
+ end
+ end
+
+- def string=(string)
+- @scanner.string = string
++ def position
++ @scanner.pos
++ end
++
++ def position=(pos)
++ @scanner.pos = pos
+ end
+
+ # @return true if the Source is exhausted
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0003.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0003.patch
new file mode 100644
index 0000000000..4208555c3c
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0003.patch
@@ -0,0 +1,46 @@
+From b5bf109a599ea733663150e99c09eb44046b41dd Mon Sep 17 00:00:00 2001
+From: Hiroya Fujinami <make.just.on@gmail.com>
+Date: Thu, 13 Jun 2024 15:12:32 +0900
+Subject: [PATCH] Add a "malformed comment" check for top-level comments (#145)
+
+This check was missing. Therefore, `REXML::Document.new("<!--")` raised
+the ``undefined method `[]' for nil`` error, for example.
+
+This PR also adds tests for "malformed comment" checks.
+
+---------
+
+Co-authored-by: Sutou Kouhei <kou@cozmixng.org>
+
+CVE: CVE-2024-39908
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/b5bf109a599ea733663150e99c09eb44046b41dd]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 81415a8..49c313c 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -236,7 +236,14 @@ module REXML
+ return process_instruction(start_position)
+ elsif @source.match("<!", true)
+ if @source.match("--", true)
+- return [ :comment, @source.match(/(.*?)-->/um, true)[1] ]
++ md = @source.match(/(.*?)-->/um, true)
++ if md.nil?
++ raise REXML::ParseException.new("Unclosed comment", @source)
++ end
++ if /--|-\z/.match?(md[1])
++ raise REXML::ParseException.new("Malformed comment", @source)
++ end
++ return [ :comment, md[1] ]
+ elsif @source.match("DOCTYPE", true)
+ base_error_message = "Malformed DOCTYPE"
+ unless @source.match(/\s+/um, true)
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0004.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0004.patch
new file mode 100644
index 0000000000..11a4c1ca54
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0004.patch
@@ -0,0 +1,76 @@
+From b8a5f4cd5c8fe29c65d7a00e67170223d9d2b50e Mon Sep 17 00:00:00 2001
+From: Watson <watson1978@gmail.com>
+Date: Tue, 16 Jul 2024 10:48:53 +0900
+Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
+ inside `<?xml` (#170)
+
+A `<` is treated as a string delimiter.
+In certain cases, if `<` is used in succession, read and match are
+repeated, which slows down the process. Therefore, the following is used
+to read ahead to a specific part of the string in advance.
+
+CVE: CVE-2024-39908
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/b8a5f4cd5c8fe29c65d7a00e67170223d9d2b50e]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 3 ++-
+ .bundle/gems/rexml-3.2.5/lib/rexml/source.rb | 6 +++---
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 49c313c..767e134 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -125,6 +125,7 @@ module REXML
+
+ module Private
+ INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
++ INSTRUCTION_TERM = "?>"
+ TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
+ CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
+ ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
+@@ -652,7 +653,7 @@ module REXML
+ end
+
+ def process_instruction(start_position)
+- match_data = @source.match(INSTRUCTION_END, true)
++ match_data = @source.match(Private::INSTRUCTION_END, true, term: Private::INSTRUCTION_TERM)
+ unless match_data
+ message = "Invalid processing instruction node"
+ @source.position = start_position
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+index b20cc4f..08a035c 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+@@ -72,7 +72,7 @@ module REXML
+ @scanner.scan_until(Regexp.union(term)) or @scanner.rest
+ end
+
+- def match(pattern, cons=false)
++ def match(pattern, cons=false, term: nil)
+ if cons
+ @scanner.scan(pattern).nil? ? nil : @scanner
+ else
+@@ -184,7 +184,7 @@ module REXML
+ end
+ end
+
+- def match( pattern, cons=false )
++ def match( pattern, cons=false, term: nil )
+ read if @scanner.eos? && @source
+ while true
+ if cons
+@@ -195,7 +195,7 @@ module REXML
+ break if md
+ return nil if pattern.is_a?(String) && pattern.bytesize <= @scanner.rest_size
+ return nil if @source.nil?
+- return nil unless read
++ return nil unless read(term)
+ end
+
+ md.nil? ? nil : @scanner
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch
new file mode 100644
index 0000000000..0726927865
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch
@@ -0,0 +1,87 @@
+From 0af55fa49d4c9369f90f239a9571edab800ed36e Mon Sep 17 00:00:00 2001
+From: Watson <watson1978@gmail.com>
+Date: Tue, 16 Jul 2024 10:57:39 +0900
+Subject: [PATCH] Fix ReDoS caused by very large character references using
+ repeated 0s (#169)
+
+This patch will fix the ReDoS that is caused by large string of 0s on a
+character reference (like `�...`).
+
+This is occurred in Ruby 3.1 or earlier.
+
+CVE: CVE-2024-39908
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/0af55fa49d4c9369f90f239a9571edab800ed36e]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/text.rb | 48 +++++++++++++++-------
+ 1 file changed, 34 insertions(+), 14 deletions(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb
+index 050b09c..0957d70 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb
+@@ -151,25 +151,45 @@ module REXML
+ end
+ end
+
+- # context sensitive
+- string.scan(pattern) do
+- if $1[-1] != ?;
+- raise "Illegal character #{$1.inspect} in raw string #{string.inspect}"
+- elsif $1[0] == ?&
+- if $5 and $5[0] == ?#
+- case ($5[1] == ?x ? $5[2..-1].to_i(16) : $5[1..-1].to_i)
+- when *VALID_CHAR
++ pos = 0
++ while (index = string.index(/<|&/, pos))
++ if string[index] == "<"
++ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
++ end
++
++ unless (end_index = string.index(/[^\s];/, index + 1))
++ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
++ end
++
++ value = string[(index + 1)..end_index]
++ if /\s/.match?(value)
++ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
++ end
++
++ if value[0] == "#"
++ character_reference = value[1..-1]
++
++ unless (/\A(\d+|x[0-9a-fA-F]+)\z/.match?(character_reference))
++ if character_reference[0] == "x" || character_reference[-1] == "x"
++ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
+ else
+- raise "Illegal character #{$1.inspect} in raw string #{string.inspect}"
++ raise "Illegal character #{string.inspect} in raw string #{string.inspect}"
+ end
+- # FIXME: below can't work but this needs API change.
+- # elsif @parent and $3 and !SUBSTITUTES.include?($1)
+- # if !doctype or !doctype.entities.has_key?($3)
+- # raise "Undeclared entity '#{$1}' in raw string \"#{string}\""
+- # end
+ end
++
++ case (character_reference[0] == "x" ? character_reference[1..-1].to_i(16) : character_reference[0..-1].to_i)
++ when *VALID_CHAR
++ else
++ raise "Illegal character #{string.inspect} in raw string #{string.inspect}"
++ end
++ elsif !(/\A#{Entity::NAME}\z/um.match?(value))
++ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
+ end
++
++ pos = end_index + 1
+ end
++
++ string
+ end
+
+ def node_type
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0006.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0006.patch
new file mode 100644
index 0000000000..9d78112edd
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0006.patch
@@ -0,0 +1,44 @@
+From c1b64c174ec2e8ca2174c51332670e3be30c865f Mon Sep 17 00:00:00 2001
+From: Watson <watson1978@gmail.com>
+Date: Tue, 16 Jul 2024 10:57:50 +0900
+Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
+ inside comments (#171)
+
+A `<` is treated as a string delimiter.
+In certain cases, if `<` is used in succession, read and match are
+repeated, which slows down the process. Therefore, the following is used
+to read ahead to a specific part of the string in advance.
+
+CVE: CVE-2024-39908
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/c1b64c174ec2e8ca2174c51332670e3be30c865f]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 767e134..81753ad 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -126,6 +126,7 @@ module REXML
+ module Private
+ INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
+ INSTRUCTION_TERM = "?>"
++ COMMENT_TERM = "-->"
+ TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
+ CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
+ ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
+@@ -237,7 +238,7 @@ module REXML
+ return process_instruction(start_position)
+ elsif @source.match("<!", true)
+ if @source.match("--", true)
+- md = @source.match(/(.*?)-->/um, true)
++ md = @source.match(/(.*?)-->/um, true, term: Private::COMMENT_TERM)
+ if md.nil?
+ raise REXML::ParseException.new("Unclosed comment", @source)
+ end
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch
new file mode 100644
index 0000000000..bb2325bbbd
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch
@@ -0,0 +1,44 @@
+From 9f1415a2616c77cad44a176eee90e8457b4774b6 Mon Sep 17 00:00:00 2001
+From: Watson <watson1978@gmail.com>
+Date: Tue, 16 Jul 2024 11:04:40 +0900
+Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
+ inside `CDATA [ PAYLOAD ]` (#172)
+
+A `<` is treated as a string delimiter.
+In certain cases, if `<` is used in succession, read and match are
+repeated, which slows down the process. Therefore, the following is used
+to read ahead to a specific part of the string in advance.
+
+CVE: CVE-2024-39908
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/9f1415a2616c77cad44a176eee90e8457b4774b6]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 81753ad..c907f8c 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -127,6 +127,7 @@ module REXML
+ INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
+ INSTRUCTION_TERM = "?>"
+ COMMENT_TERM = "-->"
++ CDATA_TERM = "]]>"
+ TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
+ CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
+ ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
+@@ -416,7 +417,7 @@ module REXML
+
+ return [ :comment, md[1] ] if md
+ else
+- md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true)
++ md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true, term: Private::CDATA_TERM)
+ return [ :cdata, md[1] ] if md
+ end
+ raise REXML::ParseException.new( "Declarations can only occur "+
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0008.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0008.patch
new file mode 100644
index 0000000000..e9413ba2c0
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0008.patch
@@ -0,0 +1,44 @@
+From c33ea498102be65082940e8b7d6d31cb2c6e6ee2 Mon Sep 17 00:00:00 2001
+From: Watson <watson1978@gmail.com>
+Date: Tue, 16 Jul 2024 11:11:17 +0900
+Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
+ after ` <!DOCTYPE name` (#173)
+
+A `<` is treated as a string delimiter.
+In certain cases, if `<` is used in succession, read and match are
+repeated, which slows down the process. Therefore, the following is used
+to read ahead to a specific part of the string in advance.
+
+CVE: CVE-2024-39908
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/c33ea498102be65082940e8b7d6d31cb2c6e6ee2]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index c907f8c..5391e0a 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -128,6 +128,7 @@ module REXML
+ INSTRUCTION_TERM = "?>"
+ COMMENT_TERM = "-->"
+ CDATA_TERM = "]]>"
++ DOCTYPE_TERM = "]>"
+ TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
+ CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
+ ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
+@@ -375,7 +376,7 @@ module REXML
+ end
+ return [ :comment, md[1] ] if md
+ end
+- elsif match = @source.match(/(%.*?;)\s*/um, true)
++ elsif match = @source.match(/(%.*?;)\s*/um, true, term: Private::DOCTYPE_TERM)
+ return [ :externalentity, match[1] ]
+ elsif @source.match(/\]\s*>/um, true)
+ @document_status = :after_doctype
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0009.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0009.patch
new file mode 100644
index 0000000000..1de0551879
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0009.patch
@@ -0,0 +1,36 @@
+From a79ac8b4b42a9efabe33a0be31bd82d33fd50347 Mon Sep 17 00:00:00 2001
+From: Watson <watson1978@gmail.com>
+Date: Tue, 16 Jul 2024 11:18:11 +0900
+Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
+ inside `<!DOCTYPE root [<!-- PAYLOAD -->]>` (#174)
+
+A `<` is treated as a string delimiter.
+In certain cases, if `<` is used in succession, read and match are
+repeated, which slows down the process. Therefore, the following is used
+to read ahead to a specific part of the string in advance.
+
+CVE: CVE-2024-39908
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/a79ac8b4b42a9efabe33a0be31bd82d33fd50347]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 5391e0a..c22b632 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -369,7 +369,7 @@ module REXML
+ raise REXML::ParseException.new(message, @source)
+ end
+ return [:notationdecl, name, *id]
+- elsif md = @source.match(/--(.*?)-->/um, true)
++ elsif md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM)
+ case md[1]
+ when /--/, /-\z/
+ raise REXML::ParseException.new("Malformed comment", @source)
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0010.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0010.patch
new file mode 100644
index 0000000000..a46ba171de
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0010.patch
@@ -0,0 +1,53 @@
+From 67efb5951ed09dbb575c375b130a1e469f437d1f Mon Sep 17 00:00:00 2001
+From: Watson <watson1978@gmail.com>
+Date: Tue, 16 Jul 2024 11:26:57 +0900
+Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
+ inside `<!DOCTYPE name [<!ENTITY>]>` (#175)
+
+A `<` is treated as a string delimiter.
+In certain cases, if `<` is used in succession, read and match are
+repeated, which slows down the process. Therefore, the following is used
+to read ahead to a specific part of the string in advance.
+
+CVE: CVE-2024-39908
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/67efb5951ed09dbb575c375b130a1e469f437d1f]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index c22b632..c4de254 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -124,11 +124,15 @@ module REXML
+ }
+
+ module Private
+- INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
++ # Terminal requires two or more letters.
+ INSTRUCTION_TERM = "?>"
+ COMMENT_TERM = "-->"
+ CDATA_TERM = "]]>"
+ DOCTYPE_TERM = "]>"
++ # Read to the end of DOCTYPE because there is no proper ENTITY termination
++ ENTITY_TERM = DOCTYPE_TERM
++
++ INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
+ TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
+ CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
+ ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
+@@ -304,7 +308,7 @@ module REXML
+ raise REXML::ParseException.new( "Bad ELEMENT declaration!", @source ) if md.nil?
+ return [ :elementdecl, "<!ELEMENT" + md[1] ]
+ elsif @source.match("ENTITY", true)
+- match = [:entitydecl, *@source.match(ENTITYDECL_PATTERN, true).captures.compact]
++ match = [:entitydecl, *@source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM).captures.compact]
+ ref = false
+ if match[1] == '%'
+ ref = true
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0011.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0011.patch
new file mode 100644
index 0000000000..505007af9a
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0011.patch
@@ -0,0 +1,35 @@
+From 1f1e6e9b40bf339894e843dfd679c2fb1a5ddbf2 Mon Sep 17 00:00:00 2001
+From: Watson <watson1978@gmail.com>
+Date: Tue, 16 Jul 2024 11:35:41 +0900
+Subject: [PATCH] Fix ReDoS by using repeated space characters inside
+ `<!DOCTYPE name [<!ATTLIST>]>` (#176)
+
+Fix performance by removing unnecessary spaces.
+
+This is occurred in Ruby 3.1 or earlier.
+
+CVE: CVE-2024-39908
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/1f1e6e9b40bf339894e843dfd679c2fb1a5ddbf2]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index c4de254..a9b1b44 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -340,7 +340,7 @@ module REXML
+ contents = md[0]
+
+ pairs = {}
+- values = md[0].scan( ATTDEF_RE )
++ values = md[0].strip.scan( ATTDEF_RE )
+ values.each do |attdef|
+ unless attdef[3] == "#IMPLIED"
+ attdef.compact!
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0012.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0012.patch
new file mode 100644
index 0000000000..5a7cbe18dc
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0012.patch
@@ -0,0 +1,36 @@
+From 910e5a2b487cb5a30989884a39f9cad2cc499cfc Mon Sep 17 00:00:00 2001
+From: Watson <watson1978@gmail.com>
+Date: Tue, 16 Jul 2024 11:36:05 +0900
+Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
+ inside `<xml><!-- --></xml>` (#177)
+
+A `<` is treated as a string delimiter.
+In certain cases, if `<` is used in succession, read and match are
+repeated, which slows down the process. Therefore, the following is used
+to read ahead to a specific part of the string in advance.
+
+CVE: CVE-2024-39908
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/910e5a2b487cb5a30989884a39f9cad2cc499cfc]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index a9b1b44..4864ba1 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -413,7 +413,7 @@ module REXML
+ #STDERR.puts "SOURCE BUFFER = #{source.buffer}, #{source.buffer.size}"
+ raise REXML::ParseException.new("Malformed node", @source) unless md
+ if md[0][0] == ?-
+- md = @source.match(/--(.*?)-->/um, true)
++ md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM)
+
+ case md[1]
+ when /--/, /-\z/
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
index 6a381b2e40..f967cc6948 100644
--- a/meta/recipes-devtools/ruby/ruby_3.1.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
@@ -54,6 +54,18 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
file://CVE-2025-27221-0001.patch \
file://CVE-2025-27221-0002.patch \
file://CVE-2024-35176.patch \
+ file://CVE-2024-39908-0001.patch \
+ file://CVE-2024-39908-0002.patch \
+ file://CVE-2024-39908-0003.patch \
+ file://CVE-2024-39908-0004.patch \
+ file://CVE-2024-39908-0005.patch \
+ file://CVE-2024-39908-0006.patch \
+ file://CVE-2024-39908-0007.patch \
+ file://CVE-2024-39908-0008.patch \
+ file://CVE-2024-39908-0009.patch \
+ file://CVE-2024-39908-0010.patch \
+ file://CVE-2024-39908-0011.patch \
+ file://CVE-2024-39908-0012.patch \
"
UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 4/9] ruby: fix CVE-2024-41123
2025-11-25 20:54 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
` (2 preceding siblings ...)
2025-11-25 20:54 ` [OE-core][kirkstone 3/9] ruby: fix CVE-2024-39908 Steve Sakoman
@ 2025-11-25 20:54 ` Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 5/9] python3: fix CVE-2025-6075 Steve Sakoman
` (4 subsequent siblings)
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-11-25 20:54 UTC (permalink / raw)
To: openembedded-core
From: Divya Chellam <divya.chellam@windriver.com>
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS
vulnerabilities when it parses an XML that has many specific characters
such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later
include the patches to fix these vulnerabilities.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41123
Upstream-patches:
https://github.com/ruby/rexml/commit/2c39c91a65d69357cfbc35dd8079b3606d86bb70
https://github.com/ruby/rexml/commit/4444a04ece4c02a7bd51e8c75623f22dc12d882b
https://github.com/ruby/rexml/commit/ebc3e85bfa2796fb4922c1932760bec8390ff87c
https://github.com/ruby/rexml/commit/6cac15d45864c8d70904baa5cbfcc97181000960
https://github.com/ruby/rexml/commit/e2546e6ecade16b04c9ee528e5be8509fe16c2d6
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ruby/ruby/CVE-2024-41123-0001.patch | 44 +++++
.../ruby/ruby/CVE-2024-41123-0002.patch | 37 ++++
.../ruby/ruby/CVE-2024-41123-0003.patch | 55 ++++++
.../ruby/ruby/CVE-2024-41123-0004.patch | 163 ++++++++++++++++++
.../ruby/ruby/CVE-2024-41123-0005.patch | 111 ++++++++++++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 5 +
6 files changed, 415 insertions(+)
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch
new file mode 100644
index 0000000000..c9d7ed2626
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch
@@ -0,0 +1,44 @@
+From 2c39c91a65d69357cfbc35dd8079b3606d86bb70 Mon Sep 17 00:00:00 2001
+From: Watson <watson1978@gmail.com>
+Date: Fri, 19 Jul 2024 17:15:15 +0900
+Subject: [PATCH] Fix method scope in test in order to invoke the tests
+ properly and fix exception message (#182)
+
+This PR includes following two fixes.
+
+1. The `test_empty` and `test_linear_performance_gt` were defined as
+private method. Seems that test-unit runner does not invoke private
+methods even if the methods have `test_` prefix.
+2. When parse malformed entity declaration, the exception might have the
+message about `NoMethodError`. The proper exception message will be
+contained by this fix.
+
+CVE: CVE-2024-41123
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/2c39c91a65d69357cfbc35dd8079b3606d86bb70]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 4864ba1..451fbf8 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -308,7 +308,11 @@ module REXML
+ raise REXML::ParseException.new( "Bad ELEMENT declaration!", @source ) if md.nil?
+ return [ :elementdecl, "<!ELEMENT" + md[1] ]
+ elsif @source.match("ENTITY", true)
+- match = [:entitydecl, *@source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM).captures.compact]
++ match_data = @source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM)
++ unless match_data
++ raise REXML::ParseException.new("Malformed entity declaration", @source)
++ end
++ match = [:entitydecl, *match_data.captures.compact]
+ ref = false
+ if match[1] == '%'
+ ref = true
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch
new file mode 100644
index 0000000000..6c6c81d7f1
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch
@@ -0,0 +1,37 @@
+From 4444a04ece4c02a7bd51e8c75623f22dc12d882b Mon Sep 17 00:00:00 2001
+From: Sutou Kouhei <kou@clear-code.com>
+Date: Sun, 2 Jun 2024 16:59:16 +0900
+Subject: [PATCH] Add missing encode for custom term
+
+CVE: CVE-2024-41123
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/4444a04ece4c02a7bd51e8c75623f22dc12d882b]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/source.rb | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+index 08a035c..7be430a 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+@@ -160,6 +160,7 @@ module REXML
+ end
+
+ def read(term = nil)
++ term = encode(term) if term
+ begin
+ @scanner << readline(term)
+ true
+@@ -171,6 +172,7 @@ module REXML
+
+ def read_until(term)
+ pattern = Regexp.union(term)
++ term = encode(term)
+ data = []
+ begin
+ until str = @scanner.scan_until(pattern)
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch
new file mode 100644
index 0000000000..d31b77efbf
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch
@@ -0,0 +1,55 @@
+From ebc3e85bfa2796fb4922c1932760bec8390ff87c Mon Sep 17 00:00:00 2001
+From: NAITOH Jun <naitoh@gmail.com>
+Date: Mon, 8 Jul 2024 05:54:06 +0900
+Subject: [PATCH] Add position check for XML declaration (#162)
+
+XML declaration must be the first item.
+
+https://www.w3.org/TR/2006/REC-xml11-20060816/#document
+
+```
+[1] document ::= ( prolog element Misc* ) - ( Char* RestrictedChar Char* )
+```
+
+https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-prolog
+
+```
+[22] prolog ::= XMLDecl Misc* (doctypedecl Misc*)?
+```
+
+https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-XMLDecl
+
+```
+[23] XMLDecl ::= '<?xml' VersionInfo EncodingDecl? SDDecl? S? '?>'
+```
+
+See: https://github.com/ruby/rexml/pull/161#discussion_r1666118193
+
+CVE: CVE-2024-41123
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/ebc3e85bfa2796fb4922c1932760bec8390ff87c]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 451fbf8..71fce99 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -670,7 +670,10 @@ module REXML
+ @source.position = start_position
+ raise REXML::ParseException.new(message, @source)
+ end
+- if @document_status.nil? and match_data[1] == "xml"
++ if match_data[1] == "xml"
++ if @document_status
++ raise ParseException.new("Malformed XML: XML declaration is not at the start", @source)
++ end
+ content = match_data[2]
+ version = VERSION.match(content)
+ version = version[1] unless version.nil?
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch
new file mode 100644
index 0000000000..4d7603a5b9
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch
@@ -0,0 +1,163 @@
+From 6cac15d45864c8d70904baa5cbfcc97181000960 Mon Sep 17 00:00:00 2001
+From: tomoya ishida <tomoyapenguin@gmail.com>
+Date: Thu, 1 Aug 2024 09:21:19 +0900
+Subject: [PATCH] Fix source.match performance without specifying term string
+ (#186)
+
+Performance problem of `source.match(regexp)` was recently fixed by
+specifying terminator string. However, I think maintaining appropriate
+terminator string for a regexp is hard.
+I propose solving this performance issue by increasing bytes to read in
+each iteration.
+
+CVE: CVE-2024-41123
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/6cac15d45864c8d70904baa5cbfcc97181000960]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .../lib/rexml/parsers/baseparser.rb | 22 ++++++------------
+ .bundle/gems/rexml-3.2.5/lib/rexml/source.rb | 23 +++++++++++++++----
+ 2 files changed, 25 insertions(+), 20 deletions(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 71fce99..c1a22b8 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -124,14 +124,6 @@ module REXML
+ }
+
+ module Private
+- # Terminal requires two or more letters.
+- INSTRUCTION_TERM = "?>"
+- COMMENT_TERM = "-->"
+- CDATA_TERM = "]]>"
+- DOCTYPE_TERM = "]>"
+- # Read to the end of DOCTYPE because there is no proper ENTITY termination
+- ENTITY_TERM = DOCTYPE_TERM
+-
+ INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
+ TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
+ CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
+@@ -244,7 +236,7 @@ module REXML
+ return process_instruction(start_position)
+ elsif @source.match("<!", true)
+ if @source.match("--", true)
+- md = @source.match(/(.*?)-->/um, true, term: Private::COMMENT_TERM)
++ md = @source.match(/(.*?)-->/um, true)
+ if md.nil?
+ raise REXML::ParseException.new("Unclosed comment", @source)
+ end
+@@ -308,7 +300,7 @@ module REXML
+ raise REXML::ParseException.new( "Bad ELEMENT declaration!", @source ) if md.nil?
+ return [ :elementdecl, "<!ELEMENT" + md[1] ]
+ elsif @source.match("ENTITY", true)
+- match_data = @source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM)
++ match_data = @source.match(Private::ENTITYDECL_PATTERN, true)
+ unless match_data
+ raise REXML::ParseException.new("Malformed entity declaration", @source)
+ end
+@@ -377,14 +369,14 @@ module REXML
+ raise REXML::ParseException.new(message, @source)
+ end
+ return [:notationdecl, name, *id]
+- elsif md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM)
++ elsif md = @source.match(/--(.*?)-->/um, true)
+ case md[1]
+ when /--/, /-\z/
+ raise REXML::ParseException.new("Malformed comment", @source)
+ end
+ return [ :comment, md[1] ] if md
+ end
+- elsif match = @source.match(/(%.*?;)\s*/um, true, term: Private::DOCTYPE_TERM)
++ elsif match = @source.match(/(%.*?;)\s*/um, true)
+ return [ :externalentity, match[1] ]
+ elsif @source.match(/\]\s*>/um, true)
+ @document_status = :after_doctype
+@@ -417,7 +409,7 @@ module REXML
+ #STDERR.puts "SOURCE BUFFER = #{source.buffer}, #{source.buffer.size}"
+ raise REXML::ParseException.new("Malformed node", @source) unless md
+ if md[0][0] == ?-
+- md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM)
++ md = @source.match(/--(.*?)-->/um, true)
+
+ case md[1]
+ when /--/, /-\z/
+@@ -426,7 +418,7 @@ module REXML
+
+ return [ :comment, md[1] ] if md
+ else
+- md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true, term: Private::CDATA_TERM)
++ md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true)
+ return [ :cdata, md[1] ] if md
+ end
+ raise REXML::ParseException.new( "Declarations can only occur "+
+@@ -664,7 +656,7 @@ module REXML
+ end
+
+ def process_instruction(start_position)
+- match_data = @source.match(Private::INSTRUCTION_END, true, term: Private::INSTRUCTION_TERM)
++ match_data = @source.match(Private::INSTRUCTION_END, true)
+ unless match_data
+ message = "Invalid processing instruction node"
+ @source.position = start_position
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+index 7be430a..7c05cb5 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+@@ -72,7 +72,7 @@ module REXML
+ @scanner.scan_until(Regexp.union(term)) or @scanner.rest
+ end
+
+- def match(pattern, cons=false, term: nil)
++ def match(pattern, cons=false)
+ if cons
+ @scanner.scan(pattern).nil? ? nil : @scanner
+ else
+@@ -159,10 +159,20 @@ module REXML
+ end
+ end
+
+- def read(term = nil)
++ def read(term = nil, min_bytes = 1)
+ term = encode(term) if term
+ begin
+- @scanner << readline(term)
++ str = readline(term)
++ @scanner << str
++ read_bytes = str.bytesize
++ begin
++ while read_bytes < min_bytes
++ str = readline(term)
++ @scanner << str
++ read_bytes += str.bytesize
++ end
++ rescue IOError
++ end
+ true
+ rescue Exception, NameError
+ @source = nil
+@@ -186,7 +196,9 @@ module REXML
+ end
+ end
+
+- def match( pattern, cons=false, term: nil )
++ def match( pattern, cons=false )
++ # To avoid performance issue, we need to increase bytes to read per scan
++ min_bytes = 1
+ read if @scanner.eos? && @source
+ while true
+ if cons
+@@ -197,7 +209,8 @@ module REXML
+ break if md
+ return nil if pattern.is_a?(String) && pattern.bytesize <= @scanner.rest_size
+ return nil if @source.nil?
+- return nil unless read(term)
++ return nil unless read(nil, min_bytes)
++ min_bytes *= 2
+ end
+
+ md.nil? ? nil : @scanner
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch
new file mode 100644
index 0000000000..3d79d07327
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch
@@ -0,0 +1,111 @@
+From e2546e6ecade16b04c9ee528e5be8509fe16c2d6 Mon Sep 17 00:00:00 2001
+From: Sutou Kouhei <kou@clear-code.com>
+Date: Thu, 1 Aug 2024 11:23:43 +0900
+Subject: [PATCH] parse pi: improve invalid case detection
+
+CVE: CVE-2024-41123
+
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/e2546e6ecade16b04c9ee528e5be8509fe16c2d6]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .../lib/rexml/parsers/baseparser.rb | 35 +++++++++++--------
+ 1 file changed, 20 insertions(+), 15 deletions(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index c1a22b8..0ece9b5 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -124,11 +124,10 @@ module REXML
+ }
+
+ module Private
+- INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
+ TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
+ CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
+ ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
+- NAME_PATTERN = /\s*#{NAME}/um
++ NAME_PATTERN = /#{NAME}/um
+ GEDECL_PATTERN = "\\s+#{NAME}\\s+#{ENTITYDEF}\\s*>"
+ PEDECL_PATTERN = "\\s+(%)\\s+#{NAME}\\s+#{PEDEF}\\s*>"
+ ENTITYDECL_PATTERN = /(?:#{GEDECL_PATTERN})|(?:#{PEDECL_PATTERN})/um
+@@ -233,7 +232,7 @@ module REXML
+ if @document_status == nil
+ start_position = @source.position
+ if @source.match("<?", true)
+- return process_instruction(start_position)
++ return process_instruction
+ elsif @source.match("<!", true)
+ if @source.match("--", true)
+ md = @source.match(/(.*?)-->/um, true)
+@@ -424,7 +423,7 @@ module REXML
+ raise REXML::ParseException.new( "Declarations can only occur "+
+ "in the doctype declaration.", @source)
+ elsif @source.match("?", true)
+- return process_instruction(start_position)
++ return process_instruction
+ else
+ # Get the next tag
+ md = @source.match(TAG_PATTERN, true)
+@@ -579,14 +578,14 @@ module REXML
+ def parse_name(base_error_message)
+ md = @source.match(NAME_PATTERN, true)
+ unless md
+- if @source.match(/\s*\S/um)
++ if @source.match(/\S/um)
+ message = "#{base_error_message}: invalid name"
+ else
+ message = "#{base_error_message}: name is missing"
+ end
+ raise REXML::ParseException.new(message, @source)
+ end
+- md[1]
++ md[0]
+ end
+
+ def parse_id(base_error_message,
+@@ -655,18 +654,24 @@ module REXML
+ end
+ end
+
+- def process_instruction(start_position)
+- match_data = @source.match(Private::INSTRUCTION_END, true)
+- unless match_data
+- message = "Invalid processing instruction node"
+- @source.position = start_position
+- raise REXML::ParseException.new(message, @source)
++ def process_instruction
++ name = parse_name("Malformed XML: Invalid processing instruction node")
++ if @source.match(/\s+/um, true)
++ match_data = @source.match(/(.*?)\?>/um, true)
++ unless match_data
++ raise ParseException.new("Malformed XML: Unclosed processing instruction", @source)
++ end
++ content = match_data[1]
++ else
++ content = nil
++ unless @source.match("?>", true)
++ raise ParseException.new("Malformed XML: Unclosed processing instruction", @source)
++ end
+ end
+- if match_data[1] == "xml"
++ if name == "xml"
+ if @document_status
+ raise ParseException.new("Malformed XML: XML declaration is not at the start", @source)
+ end
+- content = match_data[2]
+ version = VERSION.match(content)
+ version = version[1] unless version.nil?
+ encoding = ENCODING.match(content)
+@@ -681,7 +686,7 @@ module REXML
+ standalone = standalone[1] unless standalone.nil?
+ return [ :xmldecl, version, encoding, standalone ]
+ end
+- [:processing_instruction, match_data[1], match_data[2]]
++ [:processing_instruction, name, content]
+ end
+
+ def parse_attributes(prefixes)
+--
+2.40.0
+
diff --git a/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
index f967cc6948..f2f9c848f0 100644
--- a/meta/recipes-devtools/ruby/ruby_3.1.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
@@ -66,6 +66,11 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
file://CVE-2024-39908-0010.patch \
file://CVE-2024-39908-0011.patch \
file://CVE-2024-39908-0012.patch \
+ file://CVE-2024-41123-0001.patch \
+ file://CVE-2024-41123-0002.patch \
+ file://CVE-2024-41123-0003.patch \
+ file://CVE-2024-41123-0004.patch \
+ file://CVE-2024-41123-0005.patch \
"
UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 5/9] python3: fix CVE-2025-6075
2025-11-25 20:54 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
` (3 preceding siblings ...)
2025-11-25 20:54 ` [OE-core][kirkstone 4/9] ruby: fix CVE-2024-41123 Steve Sakoman
@ 2025-11-25 20:54 ` Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 6/9] libarchive: patch 3.8.3 security issue 1 Steve Sakoman
` (3 subsequent siblings)
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-11-25 20:54 UTC (permalink / raw)
To: openembedded-core
From: Praveen Kumar <praveen.kumar@windriver.com>
If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment variables.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-6075
Upstream-patch:
https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../python/python3/CVE-2025-6075.patch | 364 ++++++++++++++++++
.../python/python3_3.10.19.bb | 1 +
2 files changed, 365 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-6075.patch
diff --git a/meta/recipes-devtools/python/python3/CVE-2025-6075.patch b/meta/recipes-devtools/python/python3/CVE-2025-6075.patch
new file mode 100644
index 0000000000..eab5a882a0
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2025-6075.patch
@@ -0,0 +1,364 @@
+From 892747b4cf0f95ba8beb51c0d0658bfaa381ebca Mon Sep 17 00:00:00 2001
+From: Łukasz Langa <lukasz@langa.pl>
+Date: Fri, 31 Oct 2025 17:51:32 +0100
+Subject: [PATCH] gh-136065: Fix quadratic complexity in os.path.expandvars()
+ (GH-134952) (GH-140851)
+
+(cherry picked from commit f029e8db626ddc6e3a3beea4eff511a71aaceb5c)
+
+Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
+
+CVE: CVE-2025-6075
+
+Upstream-Status: Backport [https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca]
+
+Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
+---
+ Lib/ntpath.py | 126 ++++++------------
+ Lib/posixpath.py | 43 +++---
+ Lib/test/test_genericpath.py | 14 ++
+ Lib/test/test_ntpath.py | 20 ++-
+ ...-05-30-22-33-27.gh-issue-136065.bu337o.rst | 1 +
+ 5 files changed, 93 insertions(+), 111 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst
+
+diff --git a/Lib/ntpath.py b/Lib/ntpath.py
+index 9b0cca4..bd2b4e2 100644
+--- a/Lib/ntpath.py
++++ b/Lib/ntpath.py
+@@ -374,17 +374,23 @@ def expanduser(path):
+ # XXX With COMMAND.COM you can use any characters in a variable name,
+ # XXX except '^|<>='.
+
++_varpattern = r"'[^']*'?|%(%|[^%]*%?)|\$(\$|[-\w]+|\{[^}]*\}?)"
++_varsub = None
++_varsubb = None
++
+ def expandvars(path):
+ """Expand shell variables of the forms $var, ${var} and %var%.
+
+ Unknown variables are left unchanged."""
+ path = os.fspath(path)
++ global _varsub, _varsubb
+ if isinstance(path, bytes):
+ if b'$' not in path and b'%' not in path:
+ return path
+- import string
+- varchars = bytes(string.ascii_letters + string.digits + '_-', 'ascii')
+- quote = b'\''
++ if not _varsubb:
++ import re
++ _varsubb = re.compile(_varpattern.encode(), re.ASCII).sub
++ sub = _varsubb
+ percent = b'%'
+ brace = b'{'
+ rbrace = b'}'
+@@ -393,94 +399,44 @@ def expandvars(path):
+ else:
+ if '$' not in path and '%' not in path:
+ return path
+- import string
+- varchars = string.ascii_letters + string.digits + '_-'
+- quote = '\''
++ if not _varsub:
++ import re
++ _varsub = re.compile(_varpattern, re.ASCII).sub
++ sub = _varsub
+ percent = '%'
+ brace = '{'
+ rbrace = '}'
+ dollar = '$'
+ environ = os.environ
+- res = path[:0]
+- index = 0
+- pathlen = len(path)
+- while index < pathlen:
+- c = path[index:index+1]
+- if c == quote: # no expansion within single quotes
+- path = path[index + 1:]
+- pathlen = len(path)
+- try:
+- index = path.index(c)
+- res += c + path[:index + 1]
+- except ValueError:
+- res += c + path
+- index = pathlen - 1
+- elif c == percent: # variable or '%'
+- if path[index + 1:index + 2] == percent:
+- res += c
+- index += 1
+- else:
+- path = path[index+1:]
+- pathlen = len(path)
+- try:
+- index = path.index(percent)
+- except ValueError:
+- res += percent + path
+- index = pathlen - 1
+- else:
+- var = path[:index]
+- try:
+- if environ is None:
+- value = os.fsencode(os.environ[os.fsdecode(var)])
+- else:
+- value = environ[var]
+- except KeyError:
+- value = percent + var + percent
+- res += value
+- elif c == dollar: # variable or '$$'
+- if path[index + 1:index + 2] == dollar:
+- res += c
+- index += 1
+- elif path[index + 1:index + 2] == brace:
+- path = path[index+2:]
+- pathlen = len(path)
+- try:
+- index = path.index(rbrace)
+- except ValueError:
+- res += dollar + brace + path
+- index = pathlen - 1
+- else:
+- var = path[:index]
+- try:
+- if environ is None:
+- value = os.fsencode(os.environ[os.fsdecode(var)])
+- else:
+- value = environ[var]
+- except KeyError:
+- value = dollar + brace + var + rbrace
+- res += value
+- else:
+- var = path[:0]
+- index += 1
+- c = path[index:index + 1]
+- while c and c in varchars:
+- var += c
+- index += 1
+- c = path[index:index + 1]
+- try:
+- if environ is None:
+- value = os.fsencode(os.environ[os.fsdecode(var)])
+- else:
+- value = environ[var]
+- except KeyError:
+- value = dollar + var
+- res += value
+- if c:
+- index -= 1
++
++ def repl(m):
++ lastindex = m.lastindex
++ if lastindex is None:
++ return m[0]
++ name = m[lastindex]
++ if lastindex == 1:
++ if name == percent:
++ return name
++ if not name.endswith(percent):
++ return m[0]
++ name = name[:-1]
+ else:
+- res += c
+- index += 1
+- return res
++ if name == dollar:
++ return name
++ if name.startswith(brace):
++ if not name.endswith(rbrace):
++ return m[0]
++ name = name[1:-1]
++
++ try:
++ if environ is None:
++ return os.fsencode(os.environ[os.fsdecode(name)])
++ else:
++ return environ[name]
++ except KeyError:
++ return m[0]
++
++ return sub(repl, path)
+
+
+ # Normalize a path, e.g. A//B, A/./B and A/foo/../B all become A\B.
+diff --git a/Lib/posixpath.py b/Lib/posixpath.py
+index b8dd563..75020ee 100644
+--- a/Lib/posixpath.py
++++ b/Lib/posixpath.py
+@@ -279,42 +279,41 @@ def expanduser(path):
+ # This expands the forms $variable and ${variable} only.
+ # Non-existent variables are left unchanged.
+
+-_varprog = None
+-_varprogb = None
++_varpattern = r'\$(\w+|\{[^}]*\}?)'
++_varsub = None
++_varsubb = None
+
+ def expandvars(path):
+ """Expand shell variables of form $var and ${var}. Unknown variables
+ are left unchanged."""
+ path = os.fspath(path)
+- global _varprog, _varprogb
++ global _varsub, _varsubb
+ if isinstance(path, bytes):
+ if b'$' not in path:
+ return path
+- if not _varprogb:
++ if not _varsubb:
+ import re
+- _varprogb = re.compile(br'\$(\w+|\{[^}]*\})', re.ASCII)
+- search = _varprogb.search
++ _varsubb = re.compile(_varpattern.encode(), re.ASCII).sub
++ sub = _varsubb
+ start = b'{'
+ end = b'}'
+ environ = getattr(os, 'environb', None)
+ else:
+ if '$' not in path:
+ return path
+- if not _varprog:
++ if not _varsub:
+ import re
+- _varprog = re.compile(r'\$(\w+|\{[^}]*\})', re.ASCII)
+- search = _varprog.search
++ _varsub = re.compile(_varpattern, re.ASCII).sub
++ sub = _varsub
+ start = '{'
+ end = '}'
+ environ = os.environ
+- i = 0
+- while True:
+- m = search(path, i)
+- if not m:
+- break
+- i, j = m.span(0)
+- name = m.group(1)
+- if name.startswith(start) and name.endswith(end):
++
++ def repl(m):
++ name = m[1]
++ if name.startswith(start):
++ if not name.endswith(end):
++ return m[0]
+ name = name[1:-1]
+ try:
+ if environ is None:
+@@ -322,13 +321,11 @@ def expandvars(path):
+ else:
+ value = environ[name]
+ except KeyError:
+- i = j
++ return m[0]
+ else:
+- tail = path[j:]
+- path = path[:i] + value
+- i = len(path)
+- path += tail
+- return path
++ return value
++
++ return sub(repl, path)
+
+
+ # Normalize a path, e.g. A//B, A/./B and A/foo/../B all become A/B.
+diff --git a/Lib/test/test_genericpath.py b/Lib/test/test_genericpath.py
+index 1ff7f75..b0a1326 100644
+--- a/Lib/test/test_genericpath.py
++++ b/Lib/test/test_genericpath.py
+@@ -7,6 +7,7 @@ import os
+ import sys
+ import unittest
+ import warnings
++from test import support
+ from test.support import os_helper
+ from test.support import warnings_helper
+ from test.support.script_helper import assert_python_ok
+@@ -430,6 +431,19 @@ class CommonTest(GenericTest):
+ os.fsencode('$bar%s bar' % nonascii))
+ check(b'$spam}bar', os.fsencode('%s}bar' % nonascii))
+
++ @support.requires_resource('cpu')
++ def test_expandvars_large(self):
++ expandvars = self.pathmodule.expandvars
++ with os_helper.EnvironmentVarGuard() as env:
++ env.clear()
++ env["A"] = "B"
++ n = 100_000
++ self.assertEqual(expandvars('$A'*n), 'B'*n)
++ self.assertEqual(expandvars('${A}'*n), 'B'*n)
++ self.assertEqual(expandvars('$A!'*n), 'B!'*n)
++ self.assertEqual(expandvars('${A}A'*n), 'BA'*n)
++ self.assertEqual(expandvars('${'*10*n), '${'*10*n)
++
+ def test_abspath(self):
+ self.assertIn("foo", self.pathmodule.abspath("foo"))
+ with warnings.catch_warnings():
+diff --git a/Lib/test/test_ntpath.py b/Lib/test/test_ntpath.py
+index f790f77..161e57d 100644
+--- a/Lib/test/test_ntpath.py
++++ b/Lib/test/test_ntpath.py
+@@ -5,8 +5,8 @@ import sys
+ import unittest
+ import warnings
+ from ntpath import ALLOW_MISSING
++from test import support
+ from test.support import os_helper
+-from test.support import TestFailed
+ from test.support.os_helper import FakePath
+ from test import test_genericpath
+ from tempfile import TemporaryFile
+@@ -56,7 +56,7 @@ def tester(fn, wantResult):
+ fn = fn.replace("\\", "\\\\")
+ gotResult = eval(fn)
+ if wantResult != gotResult and _norm(wantResult) != _norm(gotResult):
+- raise TestFailed("%s should return: %s but returned: %s" \
++ raise support.TestFailed("%s should return: %s but returned: %s" \
+ %(str(fn), str(wantResult), str(gotResult)))
+
+ # then with bytes
+@@ -72,7 +72,7 @@ def tester(fn, wantResult):
+ warnings.simplefilter("ignore", DeprecationWarning)
+ gotResult = eval(fn)
+ if _norm(wantResult) != _norm(gotResult):
+- raise TestFailed("%s should return: %s but returned: %s" \
++ raise support.TestFailed("%s should return: %s but returned: %s" \
+ %(str(fn), str(wantResult), repr(gotResult)))
+
+
+@@ -689,6 +689,19 @@ class TestNtpath(NtpathTestCase):
+ check('%spam%bar', '%sbar' % nonascii)
+ check('%{}%bar'.format(nonascii), 'ham%sbar' % nonascii)
+
++ @support.requires_resource('cpu')
++ def test_expandvars_large(self):
++ expandvars = ntpath.expandvars
++ with os_helper.EnvironmentVarGuard() as env:
++ env.clear()
++ env["A"] = "B"
++ n = 100_000
++ self.assertEqual(expandvars('%A%'*n), 'B'*n)
++ self.assertEqual(expandvars('%A%A'*n), 'BA'*n)
++ self.assertEqual(expandvars("''"*n + '%%'), "''"*n + '%')
++ self.assertEqual(expandvars("%%"*n), "%"*n)
++ self.assertEqual(expandvars("$$"*n), "$"*n)
++
+ def test_expanduser(self):
+ tester('ntpath.expanduser("test")', 'test')
+
+@@ -923,6 +936,7 @@ class TestNtpath(NtpathTestCase):
+ self.assertIsInstance(b_final_path, bytes)
+ self.assertGreater(len(b_final_path), 0)
+
++
+ class NtCommonTest(test_genericpath.CommonTest, unittest.TestCase):
+ pathmodule = ntpath
+ attributes = ['relpath']
+diff --git a/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst b/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst
+new file mode 100644
+index 0000000..1d152bb
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst
+@@ -0,0 +1 @@
++Fix quadratic complexity in :func:`os.path.expandvars`.
+--
+2.40.0
diff --git a/meta/recipes-devtools/python/python3_3.10.19.bb b/meta/recipes-devtools/python/python3_3.10.19.bb
index 8680c13893..6f23d258c1 100644
--- a/meta/recipes-devtools/python/python3_3.10.19.bb
+++ b/meta/recipes-devtools/python/python3_3.10.19.bb
@@ -37,6 +37,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://0001-Avoid-shebang-overflow-on-python-config.py.patch \
file://0001-test_storlines-skip-due-to-load-variability.patch \
file://0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch \
+ file://CVE-2025-6075.patch \
"
SRC_URI:append:class-native = " \
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 6/9] libarchive: patch 3.8.3 security issue 1
2025-11-25 20:54 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
` (4 preceding siblings ...)
2025-11-25 20:54 ` [OE-core][kirkstone 5/9] python3: fix CVE-2025-6075 Steve Sakoman
@ 2025-11-25 20:54 ` Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 7/9] libarchive: patch 3.8.3 security issue 2 Steve Sakoman
` (2 subsequent siblings)
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-11-25 20:54 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch [2] as listed in [1].
To apply it cleanly, add three additional patches from branch patch/3.8.
[1] https://github.com/libarchive/libarchive/releases/tag/v3.8.3
[2] https://github.com/libarchive/libarchive/pull/2753
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...ax-path-length-metadata-writing-2243.patch | 30 +++
...request-2696-from-al3xtjames-mkstemp.patch | 28 +++
...st-2749-from-KlaraSystems-des-tempdi.patch | 183 +++++++++++++++++
...st-2753-from-KlaraSystems-des-temp-f.patch | 190 ++++++++++++++++++
.../libarchive/libarchive_3.6.2.bb | 4 +
5 files changed, 435 insertions(+)
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Fix-max-path-length-metadata-writing-2243.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2696-from-al3xtjames-mkstemp.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch
diff --git a/meta/recipes-extended/libarchive/libarchive/0001-Fix-max-path-length-metadata-writing-2243.patch b/meta/recipes-extended/libarchive/libarchive/0001-Fix-max-path-length-metadata-writing-2243.patch
new file mode 100644
index 0000000000..0f7dca2a40
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/0001-Fix-max-path-length-metadata-writing-2243.patch
@@ -0,0 +1,30 @@
+From 2e73ea3a7db1c3c743c28a0d2dd0456a43e96b96 Mon Sep 17 00:00:00 2001
+From: Sam Bingner <sam@bingner.com>
+Date: Fri, 5 Jul 2024 09:34:43 -1000
+Subject: [PATCH] Fix max path-length metadata writing (#2243)
+
+Previous code added `.XXXXXX` to the end of the filename to write the
+mac metadata. This is a problem if the filename is at or near the
+filesystem max path length. This reuses the same code used by
+create_tempdatafork to ensure that the filename is not too long.
+
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/2e73ea3a7db1c3c743c28a0d2dd0456a43e96b96]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ libarchive/archive_write_disk_posix.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
+index bac906d2..098a8fe4 100644
+--- a/libarchive/archive_write_disk_posix.c
++++ b/libarchive/archive_write_disk_posix.c
+@@ -4331,8 +4331,7 @@ set_mac_metadata(struct archive_write_disk *a, const char *pathname,
+ * silly dance of writing the data to disk just so that
+ * copyfile() can read it back in again. */
+ archive_string_init(&tmp);
+- archive_strcpy(&tmp, pathname);
+- archive_strcat(&tmp, ".XXXXXX");
++ archive_strcpy(&tmp, "tar.mmd.XXXXXX");
+ fd = mkstemp(tmp.s);
+
+ if (fd < 0) {
diff --git a/meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2696-from-al3xtjames-mkstemp.patch b/meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2696-from-al3xtjames-mkstemp.patch
new file mode 100644
index 0000000000..a4ccfd16b5
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2696-from-al3xtjames-mkstemp.patch
@@ -0,0 +1,28 @@
+From 53d2bc4f89fcbd7414b92bd242f6cdc901941f55 Mon Sep 17 00:00:00 2001
+From: Tim Kientzle <kientzle@acm.org>
+Date: Sat, 16 Aug 2025 10:27:11 -0600
+Subject: [PATCH] Merge pull request #2696 from al3xtjames/mkstemp
+
+Fix mkstemp path in setup_mac_metadata
+
+(cherry picked from commit 892f33145093d1c9b962b6521a6480dfea66ae00)
+
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/53d2bc4f89fcbd7414b92bd242f6cdc901941f55]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ libarchive/archive_read_disk_entry_from_file.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_disk_entry_from_file.c b/libarchive/archive_read_disk_entry_from_file.c
+index 19d04977..87389642 100644
+--- a/libarchive/archive_read_disk_entry_from_file.c
++++ b/libarchive/archive_read_disk_entry_from_file.c
+@@ -365,7 +365,7 @@ setup_mac_metadata(struct archive_read_disk *a,
+ tempdir = _PATH_TMP;
+ archive_string_init(&tempfile);
+ archive_strcpy(&tempfile, tempdir);
+- archive_strcat(&tempfile, "tar.md.XXXXXX");
++ archive_strcat(&tempfile, "/tar.md.XXXXXX");
+ tempfd = mkstemp(tempfile.s);
+ if (tempfd < 0) {
+ archive_set_error(&a->archive, errno,
diff --git a/meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch b/meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch
new file mode 100644
index 0000000000..0d69faa23b
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch
@@ -0,0 +1,183 @@
+From 82e31ba4a9afcce0c7c19e591ccd8653196d84a0 Mon Sep 17 00:00:00 2001
+From: Tim Kientzle <kientzle@acm.org>
+Date: Mon, 13 Oct 2025 10:57:18 -0700
+Subject: [PATCH] Merge pull request #2749 from KlaraSystems/des/tempdir
+
+Unify temporary directory handling
+
+(cherry picked from commit d207d816d065c79dc2cb992008c3ba9721c6a276)
+
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/82e31ba4a9afcce0c7c19e591ccd8653196d84a0]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ CMakeLists.txt | 6 ++-
+ configure.ac | 4 +-
+ libarchive/archive_private.h | 1 +
+ .../archive_read_disk_entry_from_file.c | 14 +++----
+ libarchive/archive_read_disk_posix.c | 3 --
+ libarchive/archive_util.c | 38 ++++++++++++++++---
+ 6 files changed, 48 insertions(+), 18 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index f44adc77..fc9aca4e 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -1357,14 +1357,18 @@ CHECK_FUNCTION_EXISTS_GLIBC(ftruncate HAVE_FTRUNCATE)
+ CHECK_FUNCTION_EXISTS_GLIBC(futimens HAVE_FUTIMENS)
+ CHECK_FUNCTION_EXISTS_GLIBC(futimes HAVE_FUTIMES)
+ CHECK_FUNCTION_EXISTS_GLIBC(futimesat HAVE_FUTIMESAT)
++CHECK_FUNCTION_EXISTS_GLIBC(getegid HAVE_GETEGID)
+ CHECK_FUNCTION_EXISTS_GLIBC(geteuid HAVE_GETEUID)
+ CHECK_FUNCTION_EXISTS_GLIBC(getgrgid_r HAVE_GETGRGID_R)
+ CHECK_FUNCTION_EXISTS_GLIBC(getgrnam_r HAVE_GETGRNAM_R)
++CHECK_FUNCTION_EXISTS_GLIBC(getpid HAVE_GETPID)
+ CHECK_FUNCTION_EXISTS_GLIBC(getpwnam_r HAVE_GETPWNAM_R)
+ CHECK_FUNCTION_EXISTS_GLIBC(getpwuid_r HAVE_GETPWUID_R)
+-CHECK_FUNCTION_EXISTS_GLIBC(getpid HAVE_GETPID)
++CHECK_FUNCTION_EXISTS_GLIBC(getresgid HAVE_GETRESGID)
++CHECK_FUNCTION_EXISTS_GLIBC(getresuid HAVE_GETRESUID)
+ CHECK_FUNCTION_EXISTS_GLIBC(getvfsbyname HAVE_GETVFSBYNAME)
+ CHECK_FUNCTION_EXISTS_GLIBC(gmtime_r HAVE_GMTIME_R)
++CHECK_FUNCTION_EXISTS_GLIBC(issetugid HAVE_ISSETUGID)
+ CHECK_FUNCTION_EXISTS_GLIBC(lchflags HAVE_LCHFLAGS)
+ CHECK_FUNCTION_EXISTS_GLIBC(lchmod HAVE_LCHMOD)
+ CHECK_FUNCTION_EXISTS_GLIBC(lchown HAVE_LCHOWN)
+diff --git a/configure.ac b/configure.ac
+index aae0f381..a1a8f380 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -677,7 +677,9 @@ AC_CHECK_FUNCS([fchdir fchflags fchmod fchown fcntl fdopendir fork])
+ AC_CHECK_FUNCS([fstat fstatat fstatfs fstatvfs ftruncate])
+ AC_CHECK_FUNCS([futimens futimes futimesat])
+ AC_CHECK_FUNCS([geteuid getpid getgrgid_r getgrnam_r])
+-AC_CHECK_FUNCS([getpwnam_r getpwuid_r getvfsbyname gmtime_r])
++AC_CHECK_FUNCS([getgrgid_r getgrnam_r getpwnam_r getpwuid_r])
++AC_CHECK_FUNCS([getvfsbyname gmtime_r])
++AC_CHECK_FUNCS([issetugid])
+ AC_CHECK_FUNCS([lchflags lchmod lchown link linkat localtime_r lstat lutimes])
+ AC_CHECK_FUNCS([mbrtowc memmove memset])
+ AC_CHECK_FUNCS([mkdir mkfifo mknod mkstemp])
+diff --git a/libarchive/archive_private.h b/libarchive/archive_private.h
+index 050fc63c..3a926c68 100644
+--- a/libarchive/archive_private.h
++++ b/libarchive/archive_private.h
+@@ -156,6 +156,7 @@ int __archive_check_magic(struct archive *, unsigned int magic,
+ void __archive_errx(int retvalue, const char *msg) __LA_DEAD;
+
+ void __archive_ensure_cloexec_flag(int fd);
++int __archive_get_tempdir(struct archive_string *);
+ int __archive_mktemp(const char *tmpdir);
+ #if defined(_WIN32) && !defined(__CYGWIN__)
+ int __archive_mkstemp(wchar_t *template);
+diff --git a/libarchive/archive_read_disk_entry_from_file.c b/libarchive/archive_read_disk_entry_from_file.c
+index 87389642..42af4034 100644
+--- a/libarchive/archive_read_disk_entry_from_file.c
++++ b/libarchive/archive_read_disk_entry_from_file.c
+@@ -339,7 +339,7 @@ setup_mac_metadata(struct archive_read_disk *a,
+ int ret = ARCHIVE_OK;
+ void *buff = NULL;
+ int have_attrs;
+- const char *name, *tempdir;
++ const char *name;
+ struct archive_string tempfile;
+
+ (void)fd; /* UNUSED */
+@@ -358,14 +358,12 @@ setup_mac_metadata(struct archive_read_disk *a,
+ if (have_attrs == 0)
+ return (ARCHIVE_OK);
+
+- tempdir = NULL;
+- if (issetugid() == 0)
+- tempdir = getenv("TMPDIR");
+- if (tempdir == NULL)
+- tempdir = _PATH_TMP;
+ archive_string_init(&tempfile);
+- archive_strcpy(&tempfile, tempdir);
+- archive_strcat(&tempfile, "/tar.md.XXXXXX");
++ if (__archive_get_tempdir(&tempfile) != ARCHIVE_OK) {
++ ret = ARCHIVE_WARN;
++ goto cleanup;
++ }
++ archive_strcat(&tempfile, "tar.md.XXXXXX");
+ tempfd = mkstemp(tempfile.s);
+ if (tempfd < 0) {
+ archive_set_error(&a->archive, errno,
+diff --git a/libarchive/archive_read_disk_posix.c b/libarchive/archive_read_disk_posix.c
+index ba0046d7..54a8e661 100644
+--- a/libarchive/archive_read_disk_posix.c
++++ b/libarchive/archive_read_disk_posix.c
+@@ -1579,9 +1579,6 @@ setup_current_filesystem(struct archive_read_disk *a)
+ # endif
+ #endif
+ int r, xr = 0;
+-#if !defined(HAVE_STRUCT_STATFS_F_NAMEMAX)
+- long nm;
+-#endif
+
+ t->current_filesystem->synthetic = -1;
+ t->current_filesystem->remote = -1;
+diff --git a/libarchive/archive_util.c b/libarchive/archive_util.c
+index 900abd0c..d048bbc9 100644
+--- a/libarchive/archive_util.c
++++ b/libarchive/archive_util.c
+@@ -395,11 +395,39 @@ __archive_mkstemp(wchar_t *template)
+ #else
+
+ static int
+-get_tempdir(struct archive_string *temppath)
++__archive_issetugid(void)
+ {
+- const char *tmp;
++#ifdef HAVE_ISSETUGID
++ return (issetugid());
++#elif HAVE_GETRESUID
++ uid_t ruid, euid, suid;
++ gid_t rgid, egid, sgid;
++ if (getresuid(&ruid, &euid, &suid) != 0)
++ return (-1);
++ if (ruid != euid || ruid != suid)
++ return (1);
++ if (getresgid(&ruid, &egid, &sgid) != 0)
++ return (-1);
++ if (rgid != egid || rgid != sgid)
++ return (1);
++#elif HAVE_GETEUID
++ if (geteuid() != getuid())
++ return (1);
++#if HAVE_GETEGID
++ if (getegid() != getgid())
++ return (1);
++#endif
++#endif
++ return (0);
++}
+
+- tmp = getenv("TMPDIR");
++int
++__archive_get_tempdir(struct archive_string *temppath)
++{
++ const char *tmp = NULL;
++
++ if (__archive_issetugid() == 0)
++ tmp = getenv("TMPDIR");
+ if (tmp == NULL)
+ #ifdef _PATH_TMP
+ tmp = _PATH_TMP;
+@@ -426,7 +454,7 @@ __archive_mktemp(const char *tmpdir)
+
+ archive_string_init(&temp_name);
+ if (tmpdir == NULL) {
+- if (get_tempdir(&temp_name) != ARCHIVE_OK)
++ if (__archive_get_tempdir(&temp_name) != ARCHIVE_OK)
+ goto exit_tmpfile;
+ } else {
+ archive_strcpy(&temp_name, tmpdir);
+@@ -487,7 +515,7 @@ __archive_mktempx(const char *tmpdir, char *template)
+ if (template == NULL) {
+ archive_string_init(&temp_name);
+ if (tmpdir == NULL) {
+- if (get_tempdir(&temp_name) != ARCHIVE_OK)
++ if (__archive_get_tempdir(&temp_name) != ARCHIVE_OK)
+ goto exit_tmpfile;
+ } else
+ archive_strcpy(&temp_name, tmpdir);
diff --git a/meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch b/meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch
new file mode 100644
index 0000000000..a5efb3da94
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch
@@ -0,0 +1,190 @@
+From c3593848067cea3b41bc11eec15f391318675cb4 Mon Sep 17 00:00:00 2001
+From: Tim Kientzle <kientzle@acm.org>
+Date: Tue, 28 Oct 2025 17:13:18 -0700
+Subject: [PATCH] Merge pull request #2753 from KlaraSystems/des/temp-files
+
+Create temporary files in the target directory
+
+(cherry picked from commit d2e861769c25470427656b36a14b535f17d47d03)
+
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/c3593848067cea3b41bc11eec15f391318675cb4]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ .../archive_read_disk_entry_from_file.c | 10 ++---
+ libarchive/archive_string.c | 20 ++++++++++
+ libarchive/archive_string.h | 4 ++
+ libarchive/archive_write_disk_posix.c | 20 ++++++----
+ libarchive/test/test_archive_string.c | 38 +++++++++++++++++++
+ 5 files changed, 79 insertions(+), 13 deletions(-)
+
+diff --git a/libarchive/archive_read_disk_entry_from_file.c b/libarchive/archive_read_disk_entry_from_file.c
+index 42af4034..121af198 100644
+--- a/libarchive/archive_read_disk_entry_from_file.c
++++ b/libarchive/archive_read_disk_entry_from_file.c
+@@ -359,12 +359,10 @@ setup_mac_metadata(struct archive_read_disk *a,
+ return (ARCHIVE_OK);
+
+ archive_string_init(&tempfile);
+- if (__archive_get_tempdir(&tempfile) != ARCHIVE_OK) {
+- ret = ARCHIVE_WARN;
+- goto cleanup;
+- }
+- archive_strcat(&tempfile, "tar.md.XXXXXX");
+- tempfd = mkstemp(tempfile.s);
++ archive_strcpy(&tempfile, name);
++ archive_string_dirname(&tempfile);
++ archive_strcat(&tempfile, "/tar.XXXXXXXX");
++ tempfd = __archive_mkstemp(tempfile.s);
+ if (tempfd < 0) {
+ archive_set_error(&a->archive, errno,
+ "Could not open extended attribute file");
+diff --git a/libarchive/archive_string.c b/libarchive/archive_string.c
+index 3bb97833..740308b6 100644
+--- a/libarchive/archive_string.c
++++ b/libarchive/archive_string.c
+@@ -2012,6 +2012,26 @@ archive_strncat_l(struct archive_string *as, const void *_p, size_t n,
+ return (r);
+ }
+
++struct archive_string *
++archive_string_dirname(struct archive_string *as)
++{
++ /* strip trailing separators */
++ while (as->length > 1 && as->s[as->length - 1] == '/')
++ as->length--;
++ /* strip final component */
++ while (as->length > 0 && as->s[as->length - 1] != '/')
++ as->length--;
++ /* empty path -> cwd */
++ if (as->length == 0)
++ return (archive_strcat(as, "."));
++ /* strip separator(s) */
++ while (as->length > 1 && as->s[as->length - 1] == '/')
++ as->length--;
++ /* terminate */
++ as->s[as->length] = '\0';
++ return (as);
++}
++
+ #if HAVE_ICONV
+
+ /*
+diff --git a/libarchive/archive_string.h b/libarchive/archive_string.h
+index e8987867..d5f5c03a 100644
+--- a/libarchive/archive_string.h
++++ b/libarchive/archive_string.h
+@@ -195,6 +195,10 @@ void archive_string_vsprintf(struct archive_string *, const char *,
+ void archive_string_sprintf(struct archive_string *, const char *, ...)
+ __LA_PRINTF(2, 3);
+
++/* Equivalent to dirname(3) */
++struct archive_string *
++archive_string_dirname(struct archive_string *);
++
+ /* Translates from MBS to Unicode. */
+ /* Returns non-zero if conversion failed in any way. */
+ int archive_wstring_append_from_mbs(struct archive_wstring *dest,
+diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
+index 6fcf3929..cd256203 100644
+--- a/libarchive/archive_write_disk_posix.c
++++ b/libarchive/archive_write_disk_posix.c
+@@ -412,12 +412,14 @@ static ssize_t _archive_write_disk_data_block(struct archive *, const void *,
+ static int
+ la_mktemp(struct archive_write_disk *a)
+ {
++ struct archive_string *tmp = &a->_tmpname_data;
+ int oerrno, fd;
+ mode_t mode;
+
+- archive_string_empty(&a->_tmpname_data);
+- archive_string_sprintf(&a->_tmpname_data, "%s.XXXXXX", a->name);
+- a->tmpname = a->_tmpname_data.s;
++ archive_strcpy(tmp, a->name);
++ archive_string_dirname(tmp);
++ archive_strcat(tmp, "/tar.XXXXXXXX");
++ a->tmpname = tmp->s;
+
+ fd = __archive_mkstemp(a->tmpname);
+ if (fd == -1)
+@@ -4251,8 +4253,10 @@ create_tempdatafork(struct archive_write_disk *a, const char *pathname)
+ int tmpfd;
+
+ archive_string_init(&tmpdatafork);
+- archive_strcpy(&tmpdatafork, "tar.md.XXXXXX");
+- tmpfd = mkstemp(tmpdatafork.s);
++ archive_strcpy(&tmpdatafork, pathname);
++ archive_string_dirname(&tmpdatafork);
++ archive_strcat(&tmpdatafork, "/tar.XXXXXXXX");
++ tmpfd = __archive_mkstemp(tmpdatafork.s);
+ if (tmpfd < 0) {
+ archive_set_error(&a->archive, errno,
+ "Failed to mkstemp");
+@@ -4331,8 +4335,10 @@ set_mac_metadata(struct archive_write_disk *a, const char *pathname,
+ * silly dance of writing the data to disk just so that
+ * copyfile() can read it back in again. */
+ archive_string_init(&tmp);
+- archive_strcpy(&tmp, "tar.mmd.XXXXXX");
+- fd = mkstemp(tmp.s);
++ archive_strcpy(&tmp, pathname);
++ archive_string_dirname(&tmp);
++ archive_strcat(&tmp, "/tar.XXXXXXXX");
++ fd = __archive_mkstemp(tmp.s);
+
+ if (fd < 0) {
+ archive_set_error(&a->archive, errno,
+diff --git a/libarchive/test/test_archive_string.c b/libarchive/test/test_archive_string.c
+index 30f7a800..bf822c0d 100644
+--- a/libarchive/test/test_archive_string.c
++++ b/libarchive/test/test_archive_string.c
+@@ -354,6 +354,43 @@ test_archive_string_sprintf(void)
+ archive_string_free(&s);
+ }
+
++static void
++test_archive_string_dirname(void)
++{
++ static struct pair { const char *str, *exp; } pairs[] = {
++ { "", "." },
++ { "/", "/" },
++ { "//", "/" },
++ { "///", "/" },
++ { "./", "." },
++ { ".", "." },
++ { "..", "." },
++ { "foo", "." },
++ { "foo/", "." },
++ { "foo//", "." },
++ { "foo/bar", "foo" },
++ { "foo/bar/", "foo" },
++ { "foo/bar//", "foo" },
++ { "foo//bar", "foo" },
++ { "foo//bar/", "foo" },
++ { "foo//bar//", "foo" },
++ { "/foo", "/" },
++ { "//foo", "/" },
++ { "//foo/", "/" },
++ { "//foo//", "/" },
++ { 0 },
++ };
++ struct pair *pair;
++ struct archive_string s;
++
++ archive_string_init(&s);
++ for (pair = pairs; pair->str; pair++) {
++ archive_strcpy(&s, pair->str);
++ archive_string_dirname(&s);
++ assertEqualString(pair->exp, s.s);
++ }
++}
++
+ DEFINE_TEST(test_archive_string)
+ {
+ test_archive_string_ensure();
+@@ -365,6 +402,7 @@ DEFINE_TEST(test_archive_string)
+ test_archive_string_concat();
+ test_archive_string_copy();
+ test_archive_string_sprintf();
++ test_archive_string_dirname();
+ }
+
+ static const char *strings[] =
diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index 65b4649147..e0b8b15df4 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -43,6 +43,10 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
file://0001-Improve-lseek-handling-2564.patch \
file://CVE-2025-5918-01.patch \
file://CVE-2025-5918-02.patch \
+ file://0001-Fix-max-path-length-metadata-writing-2243.patch \
+ file://0001-Merge-pull-request-2696-from-al3xtjames-mkstemp.patch \
+ file://0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch \
+ file://0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch \
"
UPSTREAM_CHECK_URI = "http://libarchive.org/"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 7/9] libarchive: patch 3.8.3 security issue 2
2025-11-25 20:54 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
` (5 preceding siblings ...)
2025-11-25 20:54 ` [OE-core][kirkstone 6/9] libarchive: patch 3.8.3 security issue 1 Steve Sakoman
@ 2025-11-25 20:54 ` Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 8/9] libarchive: patch CVE-2025-60753 Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 9/9] flac: patch seeking bug Steve Sakoman
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-11-25 20:54 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch [2] as listed in [1].
[1] https://github.com/libarchive/libarchive/releases/tag/v3.8.3
[2] https://github.com/libarchive/libarchive/pull/2768
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...-request-2768-from-Commandoss-master.patch | 28 +++++++++++++++++++
.../libarchive/libarchive_3.6.2.bb | 1 +
2 files changed, 29 insertions(+)
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2768-from-Commandoss-master.patch
diff --git a/meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2768-from-Commandoss-master.patch b/meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2768-from-Commandoss-master.patch
new file mode 100644
index 0000000000..66e88c91b4
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2768-from-Commandoss-master.patch
@@ -0,0 +1,28 @@
+From 82b57a9740aa6d084edcf4592a3b8e49f63dec98 Mon Sep 17 00:00:00 2001
+From: Tim Kientzle <kientzle@acm.org>
+Date: Fri, 31 Oct 2025 22:07:19 -0700
+Subject: [PATCH] Merge pull request #2768 from Commandoss/master
+
+Fix for an out-of-bounds buffer overrun when using p[H_LEVEL_OFFSET]
+
+(cherry picked from commit ce614c65246158bcb0dc1f9c1dce5a5af65f9827)
+
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/82b57a9740aa6d084edcf4592a3b8e49f63dec98]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ libarchive/archive_read_support_format_lha.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
+index 2a84ad9d..abf8b879 100644
+--- a/libarchive/archive_read_support_format_lha.c
++++ b/libarchive/archive_read_support_format_lha.c
+@@ -690,7 +690,7 @@ archive_read_format_lha_read_header(struct archive_read *a,
+ * a pathname and a symlink has '\' character, a directory
+ * separator in DOS/Windows. So we should convert it to '/'.
+ */
+- if (p[H_LEVEL_OFFSET] == 0)
++ if (lha->level == 0)
+ lha_replace_path_separator(lha, entry);
+
+ archive_entry_set_mode(entry, lha->mode);
diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index e0b8b15df4..b834f2dbc3 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -47,6 +47,7 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
file://0001-Merge-pull-request-2696-from-al3xtjames-mkstemp.patch \
file://0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch \
file://0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch \
+ file://0001-Merge-pull-request-2768-from-Commandoss-master.patch \
"
UPSTREAM_CHECK_URI = "http://libarchive.org/"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 8/9] libarchive: patch CVE-2025-60753
2025-11-25 20:54 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
` (6 preceding siblings ...)
2025-11-25 20:54 ` [OE-core][kirkstone 7/9] libarchive: patch 3.8.3 security issue 2 Steve Sakoman
@ 2025-11-25 20:54 ` Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 9/9] flac: patch seeking bug Steve Sakoman
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-11-25 20:54 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch from [3] marked in [2] mentioned in [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-60753
[2] https://github.com/libarchive/libarchive/issues/2725
[3] https://github.com/libarchive/libarchive/pull/2787
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libarchive/CVE-2025-60753.patch | 76 +++++++++++++++++++
.../libarchive/libarchive_3.6.2.bb | 1 +
2 files changed, 77 insertions(+)
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch
new file mode 100644
index 0000000000..604e0421be
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch
@@ -0,0 +1,76 @@
+From 3150539edb18690c2c5f81c37fd2d3a35c69ace5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?ARJANEN=20Lo=C3=AFc=20Jean=20David?= <ljd@luigiscorner.mu>
+Date: Fri, 14 Nov 2025 20:34:48 +0100
+Subject: [PATCH] Fix bsdtar zero-length pattern issue.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Uses the sed-like way (and Java-like, and .Net-like, and Javascript-like…) to fix this issue of advancing the string to be processed by one if the match is zero-length.
+
+Fixes libarchive/libarchive#2725 and solves libarchive/libarchive#2438.
+
+CVE: CVE-2025-60753
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/3150539edb18690c2c5f81c37fd2d3a35c69ace5]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ tar/subst.c | 19 ++++++++++++-------
+ tar/test/test_option_s.c | 8 +++++++-
+ 2 files changed, 19 insertions(+), 8 deletions(-)
+
+diff --git a/tar/subst.c b/tar/subst.c
+index 9747abb9..902a4d64 100644
+--- a/tar/subst.c
++++ b/tar/subst.c
+@@ -237,7 +237,9 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
+ continue;
+ }
+
+- while (1) {
++ char isEnd = 0;
++ do {
++ isEnd = *name == '\0';
+ if (regexec(&rule->re, name, 10, matches, 0))
+ break;
+
+@@ -291,12 +293,15 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
+ }
+
+ realloc_strcat(result, rule->result + j);
+-
+- name += matches[0].rm_eo;
+-
+- if (!rule->global)
+- break;
+- }
++ if (matches[0].rm_eo > 0) {
++ name += matches[0].rm_eo;
++ } else {
++ // We skip a character because the match is 0-length
++ // so we need to add it to the output
++ realloc_strncat(result, name, 1);
++ name += 1;
++ }
++ } while (rule->global && !isEnd); // Testing one step after because sed et al. run 0-length patterns a last time on the empty string at the end
+ }
+
+ if (got_match)
+diff --git a/tar/test/test_option_s.c b/tar/test/test_option_s.c
+index 564793b9..90b4c471 100644
+--- a/tar/test/test_option_s.c
++++ b/tar/test/test_option_s.c
+@@ -61,7 +61,13 @@ DEFINE_TEST(test_option_s)
+ systemf("%s -cf test1_2.tar -s /d1/d2/ in/d1/foo", testprog);
+ systemf("%s -xf test1_2.tar -C test1", testprog);
+ assertFileContents("foo", 3, "test1/in/d2/foo");
+-
++ systemf("%s -cf test1_3.tar -s /o/#/g in/d1/foo", testprog);
++ systemf("%s -xf test1_3.tar -C test1", testprog);
++ assertFileContents("foo", 3, "test1/in/d1/f##");
++ // For the 0-length pattern check, remember that "test1/" isn't part of the string affected by the regexp
++ systemf("%s -cf test1_4.tar -s /f*/\\<~\\>/g in/d1/foo", testprog);
++ systemf("%s -xf test1_4.tar -C test1", testprog);
++ assertFileContents("foo", 3, "test1/<>i<>n<>/<>d<>1<>/<f><>o<>o<>");
+ /*
+ * Test 2: Basic substitution when extracting archive.
+ */
diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index b834f2dbc3..66f30ec89b 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -48,6 +48,7 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
file://0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch \
file://0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch \
file://0001-Merge-pull-request-2768-from-Commandoss-master.patch \
+ file://CVE-2025-60753.patch \
"
UPSTREAM_CHECK_URI = "http://libarchive.org/"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][kirkstone 9/9] flac: patch seeking bug
2025-11-25 20:54 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
` (7 preceding siblings ...)
2025-11-25 20:54 ` [OE-core][kirkstone 8/9] libarchive: patch CVE-2025-60753 Steve Sakoman
@ 2025-11-25 20:54 ` Steve Sakoman
8 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-11-25 20:54 UTC (permalink / raw)
To: openembedded-core
From: Gyorgy Sarvari <skandigraun@gmail.com>
While working on audiofile recipe from meta-oe, a test that is using flac
to convert a flac file failed with this particular version of the recipe.
Bisecting the issue pointed to a code snippet that later was modifed with the
patch that is introduced here: in version 1.3.4 there is a bug with seeking
in flac files, returning incorrect pointers.
This backported patch fixes this (and fixes the ptest also, that triggered this).
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../flac/files/0001-Fix-seeking-bug.patch | 34 +++++++++++++++++++
meta/recipes-multimedia/flac/flac_1.3.4.bb | 3 +-
2 files changed, 36 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-multimedia/flac/files/0001-Fix-seeking-bug.patch
diff --git a/meta/recipes-multimedia/flac/files/0001-Fix-seeking-bug.patch b/meta/recipes-multimedia/flac/files/0001-Fix-seeking-bug.patch
new file mode 100644
index 0000000000..dadedcc168
--- /dev/null
+++ b/meta/recipes-multimedia/flac/files/0001-Fix-seeking-bug.patch
@@ -0,0 +1,34 @@
+From 1817916388cd8180f4411e6d0eb89a8c6916dce6 Mon Sep 17 00:00:00 2001
+From: Martijn van Beurden <mvanb1@gmail.com>
+Date: Mon, 25 Apr 2022 20:29:57 +0200
+Subject: [PATCH] Fix seeking bug
+
+Commit 159cd6c introduced a bug that only triggered upon seeking
+from the start of a headerless FLAC file to the first frame (so
+really not a seek at all). Furthermore that commit did nothing
+else in any other circumstance. This commit fixes that, by both
+fixing the problem and the behaviour the commit mentioned earlier
+meant to introduce.
+
+Co-authored-by: Robert Kausch <robert.kausch@freac.org>
+
+Upstream-Status: Backport [https://github.com/xiph/flac/commit/7e785eb9a84f9147246eb2b0e5e35ec01db5a815]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/libFLAC/stream_decoder.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
+index ef6da44..bc78645 100644
+--- a/src/libFLAC/stream_decoder.c
++++ b/src/libFLAC/stream_decoder.c
+@@ -3077,7 +3077,8 @@ FLAC__bool seek_to_absolute_sample_(FLAC__StreamDecoder *decoder, FLAC__uint64 s
+ upper_bound = stream_length;
+ upper_bound_sample = total_samples > 0 ? total_samples : target_sample /*estimate it*/;
+
+- if(decoder->protected_->state == FLAC__STREAM_DECODER_READ_FRAME) {
++ if(decoder->protected_->state == FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC &&
++ decoder->private_->samples_decoded != 0) {
+ if(target_sample < decoder->private_->samples_decoded) {
+ if(FLAC__stream_decoder_get_decode_position(decoder, &upper_bound))
+ upper_bound_sample = decoder->private_->samples_decoded;
diff --git a/meta/recipes-multimedia/flac/flac_1.3.4.bb b/meta/recipes-multimedia/flac/flac_1.3.4.bb
index 1a44718bba..6df0668783 100644
--- a/meta/recipes-multimedia/flac/flac_1.3.4.bb
+++ b/meta/recipes-multimedia/flac/flac_1.3.4.bb
@@ -16,7 +16,8 @@ DEPENDS = "libogg"
SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz \
file://CVE-2020-22219.patch \
-"
+ file://0001-Fix-seeking-bug.patch \
+ "
SRC_URI[sha256sum] = "8ff0607e75a322dd7cd6ec48f4f225471404ae2730d0ea945127b1355155e737"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
end of thread, other threads:[~2025-11-25 20:55 UTC | newest]
Thread overview: 22+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-25 20:54 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 1/9] python3-idna: Fix CVE-2024-3651 Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 2/9] ruby: fix CVE-2024-35176 Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 3/9] ruby: fix CVE-2024-39908 Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 4/9] ruby: fix CVE-2024-41123 Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 5/9] python3: fix CVE-2025-6075 Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 6/9] libarchive: patch 3.8.3 security issue 1 Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 7/9] libarchive: patch 3.8.3 security issue 2 Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 8/9] libarchive: patch CVE-2025-60753 Steve Sakoman
2025-11-25 20:54 ` [OE-core][kirkstone 9/9] flac: patch seeking bug Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-09-03 16:14 [OE-core][kirkstone 0/9] Patch review Steve Sakoman
2025-08-26 13:44 Steve Sakoman
2025-08-19 20:49 Steve Sakoman
2025-07-04 15:28 Steve Sakoman
2024-12-17 20:54 Steve Sakoman
2024-06-22 11:57 Steve Sakoman
2024-04-03 3:46 Steve Sakoman
2024-03-07 23:37 Steve Sakoman
2023-06-20 15:37 Steve Sakoman
2023-01-17 14:08 Steve Sakoman
2022-11-13 14:12 Steve Sakoman
2022-05-23 13:59 Steve Sakoman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.