* [OE-core][kirkstone 01/16] Revert "coreutils: fix CVE-2025-5278"
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 02/16] coreutils: fix CVE-2025-5278 Steve Sakoman
` (14 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
Failing ptest with valgrind on target
This reverts commit 4e55668ef07d99d8c1141c2f4270f43f5b280159.
---
.../coreutils/coreutils/CVE-2025-5278.patch | 113 ------------------
meta/recipes-core/coreutils/coreutils_9.0.bb | 1 -
2 files changed, 114 deletions(-)
delete mode 100644 meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch
diff --git a/meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch b/meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch
deleted file mode 100644
index 34434a65fa..0000000000
--- a/meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From 84a061ea3d1fad42188493c4e5d8396aff4a0f67 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
-Date: Tue, 20 May 2025 16:03:44 +0100
-Subject: [PATCH] sort: fix buffer under-read (CWE-127)
-
-* src/sort.c (begfield): Check pointer adjustment
-to avoid Out-of-range pointer offset (CWE-823).
-(limfield): Likewise.
-* tests/sort/sort-field-limit.sh: Add a new test,
-which triggers with ASAN or Valgrind.
-* tests/local.mk: Reference the new test.
-* NEWS: Mention bug fix introduced in v7.2 (2009).
-Fixes https://bugs.gnu.org/78507
-
-CVE: CVE-2025-5278
-
-Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633]
-[Adjusted for 9.0 version]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- src/sort.c | 12 ++++++++++--
- tests/local.mk | 1 +
- tests/misc/sort-field-limit.sh | 35 ++++++++++++++++++++++++++++++++++
- 3 files changed, 46 insertions(+), 2 deletions(-)
- create mode 100755 tests/misc/sort-field-limit.sh
-
-diff --git a/src/sort.c b/src/sort.c
-index 5f4c817de..07b96d34b 100644
---- a/src/sort.c
-+++ b/src/sort.c
-@@ -1642,7 +1642,11 @@ begfield (struct line const *line, struct keyfield const *key)
- ++ptr;
-
- /* Advance PTR by SCHAR (if possible), but no further than LIM. */
-- ptr = MIN (lim, ptr + schar);
-+ size_t remaining_bytes = lim - ptr;
-+ if (schar < remaining_bytes)
-+ ptr += schar;
-+ else
-+ ptr = lim;
-
- return ptr;
- }
-@@ -1743,7 +1747,11 @@ limfield (struct line const *line, struct keyfield const *key)
- ++ptr;
-
- /* Advance PTR by ECHAR (if possible), but no further than LIM. */
-- ptr = MIN (lim, ptr + echar);
-+ size_t remaining_bytes = lim - ptr;
-+ if (echar < remaining_bytes)
-+ ptr += echar;
-+ else
-+ ptr = lim;
- }
-
- return ptr;
-diff --git a/tests/local.mk b/tests/local.mk
-index 228d0e368..ced85c44c 100644
---- a/tests/local.mk
-+++ b/tests/local.mk
-@@ -373,6 +373,7 @@ all_tests = \
- tests/misc/sort-debug-keys.sh \
- tests/misc/sort-debug-warn.sh \
- tests/misc/sort-discrim.sh \
-+ tests/misc/sort-field-limit.sh \
- tests/misc/sort-files0-from.pl \
- tests/misc/sort-float.sh \
- tests/misc/sort-h-thousands-sep.sh \
-diff --git a/tests/misc/sort-field-limit.sh b/tests/misc/sort-field-limit.sh
-new file mode 100755
-index 000000000..52d8e1d17
---- /dev/null
-+++ b/tests/misc/sort-field-limit.sh
-@@ -0,0 +1,35 @@
-+#!/bin/sh
-+# From 7.2-9.7, this would trigger an out of bounds mem read
-+
-+# Copyright (C) 2025 Free Software Foundation, Inc.
-+
-+# This program is free software: you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation, either version 3 of the License, or
-+# (at your option) any later version.
-+
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+
-+# You should have received a copy of the GNU General Public License
-+# along with this program. If not, see <https://www.gnu.org/licenses/>.
-+
-+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
-+print_ver_ sort
-+getlimits_
-+
-+# This issue triggers with valgrind or ASAN
-+valgrind --error-exitcode=1 sort --version 2>/dev/null &&
-+ VALGRIND='valgrind --error-exitcode=1'
-+
-+{ printf '%s\n' aa bb; } > in || framework_failure_
-+
-+_POSIX2_VERSION=200809 $VALGRIND sort +0.${SIZE_MAX}R in > out || fail=1
-+compare in out || fail=1
-+
-+_POSIX2_VERSION=200809 $VALGRIND sort +1 -1.${SIZE_MAX}R in > out || fail=1
-+compare in out || fail=1
-+
-+Exit $fail
---
-2.34.1
-
diff --git a/meta/recipes-core/coreutils/coreutils_9.0.bb b/meta/recipes-core/coreutils/coreutils_9.0.bb
index 7c975708f4..1cce9192ec 100644
--- a/meta/recipes-core/coreutils/coreutils_9.0.bb
+++ b/meta/recipes-core/coreutils/coreutils_9.0.bb
@@ -19,7 +19,6 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
file://0001-uname-report-processor-and-hardware-correctly.patch \
file://0001-local.mk-fix-cross-compiling-problem.patch \
file://e8b56ebd536e82b15542a00c888109471936bfda.patch \
- file://CVE-2025-5278.patch \
file://run-ptest \
file://0001-split-do-not-shrink-hold-buffer.patch \
"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 02/16] coreutils: fix CVE-2025-5278
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 01/16] Revert "coreutils: fix CVE-2025-5278" Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 03/16] libxml2: fix CVE-2025-49794 & CVE-2025-49796 Steve Sakoman
` (13 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Chen Qi <Qi.Chen@windriver.com>
Backport patch to fix CVE-2025-5278.
The patch is adjusted to fit 9.0 version. And the test case is
also adjusted to avoid using valgrind. valgrind in kirkstone is
reporting errors for coreutils' sort utility with/without this patch.
To avoid ptest failure, we disable valgrind explicitly.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../coreutils/coreutils/CVE-2025-5278.patch | 113 ++++++++++++++++++
meta/recipes-core/coreutils/coreutils_9.0.bb | 1 +
2 files changed, 114 insertions(+)
create mode 100644 meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch
diff --git a/meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch b/meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch
new file mode 100644
index 0000000000..2f262ea0b5
--- /dev/null
+++ b/meta/recipes-core/coreutils/coreutils/CVE-2025-5278.patch
@@ -0,0 +1,113 @@
+From ed9ae6a4a02d322378739a895ae2090ca2bf6cdc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
+Date: Tue, 20 May 2025 16:03:44 +0100
+Subject: [PATCH] sort: fix buffer under-read (CWE-127)
+
+* src/sort.c (begfield): Check pointer adjustment
+to avoid Out-of-range pointer offset (CWE-823).
+(limfield): Likewise.
+* tests/sort/sort-field-limit.sh: Add a new test,
+which triggers with ASAN or Valgrind.
+* tests/local.mk: Reference the new test.
+* NEWS: Mention bug fix introduced in v7.2 (2009).
+Fixes https://bugs.gnu.org/78507
+
+CVE: CVE-2025-5278
+
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633]
+[Adjusted for 9.0 version and adjusted test case to not use valgrind.]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/sort.c | 12 ++++++++++--
+ tests/local.mk | 1 +
+ tests/misc/sort-field-limit.sh | 35 ++++++++++++++++++++++++++++++++++
+ 3 files changed, 46 insertions(+), 2 deletions(-)
+ create mode 100755 tests/misc/sort-field-limit.sh
+
+diff --git a/src/sort.c b/src/sort.c
+index 5f4c817de..07b96d34b 100644
+--- a/src/sort.c
++++ b/src/sort.c
+@@ -1642,7 +1642,11 @@ begfield (struct line const *line, struct keyfield const *key)
+ ++ptr;
+
+ /* Advance PTR by SCHAR (if possible), but no further than LIM. */
+- ptr = MIN (lim, ptr + schar);
++ size_t remaining_bytes = lim - ptr;
++ if (schar < remaining_bytes)
++ ptr += schar;
++ else
++ ptr = lim;
+
+ return ptr;
+ }
+@@ -1743,7 +1747,11 @@ limfield (struct line const *line, struct keyfield const *key)
+ ++ptr;
+
+ /* Advance PTR by ECHAR (if possible), but no further than LIM. */
+- ptr = MIN (lim, ptr + echar);
++ size_t remaining_bytes = lim - ptr;
++ if (echar < remaining_bytes)
++ ptr += echar;
++ else
++ ptr = lim;
+ }
+
+ return ptr;
+diff --git a/tests/local.mk b/tests/local.mk
+index 228d0e368..ced85c44c 100644
+--- a/tests/local.mk
++++ b/tests/local.mk
+@@ -373,6 +373,7 @@ all_tests = \
+ tests/misc/sort-debug-keys.sh \
+ tests/misc/sort-debug-warn.sh \
+ tests/misc/sort-discrim.sh \
++ tests/misc/sort-field-limit.sh \
+ tests/misc/sort-files0-from.pl \
+ tests/misc/sort-float.sh \
+ tests/misc/sort-h-thousands-sep.sh \
+diff --git a/tests/misc/sort-field-limit.sh b/tests/misc/sort-field-limit.sh
+new file mode 100755
+index 000000000..dc5b4c964
+--- /dev/null
++++ b/tests/misc/sort-field-limit.sh
+@@ -0,0 +1,35 @@
++#!/bin/sh
++# From 7.2-9.7, this would trigger an out of bounds mem read
++
++# Copyright (C) 2025 Free Software Foundation, Inc.
++
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation, either version 3 of the License, or
++# (at your option) any later version.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program. If not, see <https://www.gnu.org/licenses/>.
++
++. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
++print_ver_ sort
++getlimits_
++
++# This issue triggers with valgrind or ASAN
++valgrind --error-exitcode=1 sort --version 2>/dev/null &&
++ VALGRIND='valgrind --error-exitcode=1'
++
++{ printf '%s\n' aa bb; } > in || framework_failure_
++
++_POSIX2_VERSION=200809 sort +0.${SIZE_MAX}R in > out || fail=1
++compare in out || fail=1
++
++_POSIX2_VERSION=200809 sort +1 -1.${SIZE_MAX}R in > out || fail=1
++compare in out || fail=1
++
++Exit $fail
+--
+2.34.1
+
diff --git a/meta/recipes-core/coreutils/coreutils_9.0.bb b/meta/recipes-core/coreutils/coreutils_9.0.bb
index 1cce9192ec..7c975708f4 100644
--- a/meta/recipes-core/coreutils/coreutils_9.0.bb
+++ b/meta/recipes-core/coreutils/coreutils_9.0.bb
@@ -19,6 +19,7 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
file://0001-uname-report-processor-and-hardware-correctly.patch \
file://0001-local.mk-fix-cross-compiling-problem.patch \
file://e8b56ebd536e82b15542a00c888109471936bfda.patch \
+ file://CVE-2025-5278.patch \
file://run-ptest \
file://0001-split-do-not-shrink-hold-buffer.patch \
"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 03/16] libxml2: fix CVE-2025-49794 & CVE-2025-49796
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 01/16] Revert "coreutils: fix CVE-2025-5278" Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 02/16] coreutils: fix CVE-2025-5278 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 04/16] python3: update CVE product Steve Sakoman
` (12 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libxml2/-/commit/71e1e8af5ee46dad1b57bb96cfbf1c3ad21fbd7b
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../CVE-2025-49794-CVE-2025-49796.patch | 181 ++++++++++++++++++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 +
2 files changed, 182 insertions(+)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-49794-CVE-2025-49796.patch
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-49794-CVE-2025-49796.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-49794-CVE-2025-49796.patch
new file mode 100644
index 0000000000..3ec8b4173f
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2025-49794-CVE-2025-49796.patch
@@ -0,0 +1,181 @@
+From 71e1e8af5ee46dad1b57bb96cfbf1c3ad21fbd7b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 4 Jul 2025 14:28:26 +0200
+Subject: [PATCH] schematron: Fix memory safety issues in
+ xmlSchematronReportOutput
+
+Fix use-after-free (CVE-2025-49794) and type confusion (CVE-2025-49796)
+in xmlSchematronReportOutput.
+
+Fixes #931.
+Fixes #933.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/71e1e8af5ee46dad1b57bb96cfbf1c3ad21fbd7b]
+CVE: CVE-2025-49794 CVE-2025-49796
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ result/schematron/cve-2025-49794_0.err | 2 ++
+ result/schematron/cve-2025-49796_0.err | 2 ++
+ schematron.c | 37 +++++++++++++++-----------
+ test/schematron/cve-2025-49794.sct | 10 +++++++
+ test/schematron/cve-2025-49794_0.xml | 6 +++++
+ test/schematron/cve-2025-49796.sct | 9 +++++++
+ test/schematron/cve-2025-49796_0.xml | 3 +++
+ 7 files changed, 53 insertions(+), 16 deletions(-)
+ create mode 100644 result/schematron/cve-2025-49794_0.err
+ create mode 100644 result/schematron/cve-2025-49796_0.err
+ create mode 100644 test/schematron/cve-2025-49794.sct
+ create mode 100644 test/schematron/cve-2025-49794_0.xml
+ create mode 100644 test/schematron/cve-2025-49796.sct
+ create mode 100644 test/schematron/cve-2025-49796_0.xml
+
+diff --git a/result/schematron/cve-2025-49794_0.err b/result/schematron/cve-2025-49794_0.err
+new file mode 100644
+index 0000000..5775231
+--- /dev/null
++++ b/result/schematron/cve-2025-49794_0.err
+@@ -0,0 +1,2 @@
++./test/schematron/cve-2025-49794_0.xml:2: element boo0: schematron error : /librar0/boo0 line 2:
++./test/schematron/cve-2025-49794_0.xml fails to validate
+diff --git a/result/schematron/cve-2025-49796_0.err b/result/schematron/cve-2025-49796_0.err
+new file mode 100644
+index 0000000..bf875ee
+--- /dev/null
++++ b/result/schematron/cve-2025-49796_0.err
+@@ -0,0 +1,2 @@
++./test/schematron/cve-2025-49796_0.xml:2: element boo0: schematron error : /librar0/boo0 line 2:
++./test/schematron/cve-2025-49796_0.xml fails to validate
+diff --git a/schematron.c b/schematron.c
+index ddbb069..5ebca64 100644
+--- a/schematron.c
++++ b/schematron.c
+@@ -1239,27 +1239,16 @@ exit:
+ * *
+ ************************************************************************/
+
+-static xmlNodePtr
++static xmlXPathObjectPtr
+ xmlSchematronGetNode(xmlSchematronValidCtxtPtr ctxt,
+ xmlNodePtr cur, const xmlChar *xpath) {
+- xmlNodePtr node = NULL;
+- xmlXPathObjectPtr ret;
+
+ if ((ctxt == NULL) || (cur == NULL) || (xpath == NULL))
+ return(NULL);
+
+ ctxt->xctxt->doc = cur->doc;
+ ctxt->xctxt->node = cur;
+- ret = xmlXPathEval(xpath, ctxt->xctxt);
+- if (ret == NULL)
+- return(NULL);
+-
+- if ((ret->type == XPATH_NODESET) &&
+- (ret->nodesetval != NULL) && (ret->nodesetval->nodeNr > 0))
+- node = ret->nodesetval->nodeTab[0];
+-
+- xmlXPathFreeObject(ret);
+- return(node);
++ return(xmlXPathEval(xpath, ctxt->xctxt));
+ }
+
+ /**
+@@ -1304,18 +1293,26 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
+ (child->type == XML_CDATA_SECTION_NODE))
+ ret = xmlStrcat(ret, child->content);
+ else if (IS_SCHEMATRON(child, "name")) {
++ xmlXPathObject *obj = NULL;
+ xmlChar *path;
+
+ path = xmlGetNoNsProp(child, BAD_CAST "path");
+
+ node = cur;
+ if (path != NULL) {
+- node = xmlSchematronGetNode(ctxt, cur, path);
+- if (node == NULL)
+- node = cur;
++ obj = xmlSchematronGetNode(ctxt, cur, path);
++ if ((obj != NULL) &&
++ (obj->type == XPATH_NODESET) &&
++ (obj->nodesetval != NULL) &&
++ (obj->nodesetval->nodeNr > 0))
++ node = obj->nodesetval->nodeTab[0];
+ xmlFree(path);
+ }
+
++ switch (node->type) {
++ case XML_ELEMENT_NODE:
++ case XML_ATTRIBUTE_NODE:
++
+ if ((node->ns == NULL) || (node->ns->prefix == NULL))
+ ret = xmlStrcat(ret, node->name);
+ else {
+@@ -1323,6 +1320,14 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
+ ret = xmlStrcat(ret, BAD_CAST ":");
+ ret = xmlStrcat(ret, node->name);
+ }
++ break;
++
++ /* TODO: handle other node types */
++ default:
++ break;
++ }
++
++ xmlXPathFreeObject(obj);
+ } else {
+ child = child->next;
+ continue;
+diff --git a/test/schematron/cve-2025-49794.sct b/test/schematron/cve-2025-49794.sct
+new file mode 100644
+index 0000000..7fc9ee3
+--- /dev/null
++++ b/test/schematron/cve-2025-49794.sct
+@@ -0,0 +1,10 @@
++<sch:schema xmlns:sch="http://purl.oclc.org/dsdl/schematron">
++ <sch:pattern id="">
++ <sch:rule context="boo0">
++ <sch:report test="not(0)">
++ <sch:name path="	e|namespace::*|e"/>
++ </sch:report>
++ <sch:report test="0"></sch:report>
++ </sch:rule>
++ </sch:pattern>
++</sch:schema>
+diff --git a/test/schematron/cve-2025-49794_0.xml b/test/schematron/cve-2025-49794_0.xml
+new file mode 100644
+index 0000000..debc64b
+--- /dev/null
++++ b/test/schematron/cve-2025-49794_0.xml
+@@ -0,0 +1,6 @@
++<librar0>
++ <boo0 t="">
++ <author></author>
++ </boo0>
++ <ins></ins>
++</librar0>
+diff --git a/test/schematron/cve-2025-49796.sct b/test/schematron/cve-2025-49796.sct
+new file mode 100644
+index 0000000..e9702d7
+--- /dev/null
++++ b/test/schematron/cve-2025-49796.sct
+@@ -0,0 +1,9 @@
++<sch:schema xmlns:sch="http://purl.oclc.org/dsdl/schematron">
++ <sch:pattern id="">
++ <sch:rule context="boo0">
++ <sch:report test="not(0)">
++ <sch:name path="/"/>
++ </sch:report>
++ </sch:rule>
++ </sch:pattern>
++</sch:schema>
+diff --git a/test/schematron/cve-2025-49796_0.xml b/test/schematron/cve-2025-49796_0.xml
+new file mode 100644
+index 0000000..be33c4e
+--- /dev/null
++++ b/test/schematron/cve-2025-49796_0.xml
+@@ -0,0 +1,3 @@
++<librar0>
++ <boo0/>
++</librar0>
+--
+2.49.0
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb
index 45424e59ff..baac155270 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -40,6 +40,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
file://CVE-2025-32414.patch \
file://CVE-2025-32415.patch \
file://CVE-2025-6021.patch \
+ file://CVE-2025-49794-CVE-2025-49796.patch \
"
SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 04/16] python3: update CVE product
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (2 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 03/16] libxml2: fix CVE-2025-49794 & CVE-2025-49796 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 05/16] openssl: upgrade 3.0.16 -> 3.0.17 Steve Sakoman
` (11 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
There are two "new" CVEs reported for python3, their CPEs are:
* CVE-2020-1171: cpe:2.3:a:microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
* CVE-2020-1192: cpe:2.3:a:microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
These are for "Visual Studio Code Python extension".
Solve this by addding CVE vendor to python CVE product to avoid
confusion with Microsoft as vendor.
Examining CVE DB for historical python entries shows:
sqlite> select vendor, product, count(*) from products where product = 'python' or product = 'cpython'
...> or product like 'python%3' group by vendor, product;
microsoft|python|2
python|python|1054
python_software_foundation|python|2
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/python/python3_3.10.18.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/python/python3_3.10.18.bb b/meta/recipes-devtools/python/python3_3.10.18.bb
index 0b57a0ebee..875b52cde9 100644
--- a/meta/recipes-devtools/python/python3_3.10.18.bb
+++ b/meta/recipes-devtools/python/python3_3.10.18.bb
@@ -51,7 +51,7 @@ SRC_URI[sha256sum] = "ae665bc678abd9ab6a6e1573d2481625a53719bc517e9a634ed2b9fefa
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
UPSTREAM_CHECK_URI = "https://www.python.org/downloads/source/"
-CVE_PRODUCT = "python"
+CVE_PRODUCT = "python:python python_software_foundation:python"
# Upstream consider this expected behaviour
CVE_CHECK_IGNORE += "CVE-2007-4559"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 05/16] openssl: upgrade 3.0.16 -> 3.0.17
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (3 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 04/16] python3: update CVE product Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 06/16] openssl: fix CVE-2024-41996 Steve Sakoman
` (10 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Release information:
https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3016-and-openssl-3017-1-jul-2025
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssl/{openssl_3.0.16.bb => openssl_3.0.17.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/openssl/{openssl_3.0.16.bb => openssl_3.0.17.bb} (99%)
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.16.bb b/meta/recipes-connectivity/openssl/openssl_3.0.17.bb
similarity index 99%
rename from meta/recipes-connectivity/openssl/openssl_3.0.16.bb
rename to meta/recipes-connectivity/openssl/openssl_3.0.17.bb
index a9fffd18ba..5bc8801b98 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.16.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.17.bb
@@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] = "57e03c50feab5d31b152af2b764f10379aecd8ee92f16c985983ce4a99f7ef86"
+SRC_URI[sha256sum] = "dfdd77e4ea1b57ff3a6dbde6b0bdc3f31db5ac99e7fdd4eaf9e1fbb6ec2db8ce"
inherit lib_package multilib_header multilib_script ptest perlnative
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 06/16] openssl: fix CVE-2024-41996
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (4 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 05/16] openssl: upgrade 3.0.16 -> 3.0.17 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 07/16] ofono: fix CVE-2023-4232 Steve Sakoman
` (9 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol,
when an approved safe prime is used, allows remote attackers (from the client side) to
trigger unnecessarily expensive server-side DHE modular-exponentiation calculations.
The client may cause asymmetric resource consumption. The basic attack scenario is that
the client must claim that it can only communicate with DHE, and the server must be
configured to allow DHE and validate the order of the public key.
Reference:
https://github.com/openssl/openssl/pull/25088
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssl/openssl/CVE-2024-41996.patch | 48 +++++++++++++++++++
.../openssl/openssl_3.0.17.bb | 1 +
2 files changed, 49 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch
new file mode 100644
index 0000000000..49ec9c0130
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch
@@ -0,0 +1,48 @@
+From e70e34d857d4003199bcb5d3b52ca8102ccc1b98 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 5 Aug 2024 17:54:14 +0200
+Subject: [PATCH] dh_kmgmt.c: Avoid expensive public key validation for known
+ safe-prime groups
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The partial validation is fully sufficient to check the key validity.
+
+Thanks to Szilárd Pfeiffer for reporting the issue.
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <ppzgs1@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/25088)
+
+CVE: CVE-2024-41996
+
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/e70e34d857d4003199bcb5d3b52ca8102ccc1b98]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ providers/implementations/keymgmt/dh_kmgmt.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
+index 795a3f2..3e7a811 100644
+--- a/providers/implementations/keymgmt/dh_kmgmt.c
++++ b/providers/implementations/keymgmt/dh_kmgmt.c
+@@ -387,9 +387,11 @@ static int dh_validate_public(const DH *dh, int checktype)
+ if (pub_key == NULL)
+ return 0;
+
+- /* The partial test is only valid for named group's with q = (p - 1) / 2 */
+- if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK
+- && ossl_dh_is_named_safe_prime_group(dh))
++ /*
++ * The partial test is only valid for named group's with q = (p - 1) / 2
++ * but for that case it is also fully sufficient to check the key validity.
++ */
++ if (ossl_dh_is_named_safe_prime_group(dh))
+ return ossl_dh_check_pub_key_partial(dh, pub_key, &res);
+
+ return DH_check_pub_key_ex(dh, pub_key);
+--
+2.40.0
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.17.bb b/meta/recipes-connectivity/openssl/openssl_3.0.17.bb
index 5bc8801b98..ee0ab2e498 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.17.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.17.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
+ file://CVE-2024-41996.patch \
"
SRC_URI:append:class-nativesdk = " \
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 07/16] ofono: fix CVE-2023-4232
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (5 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 06/16] openssl: fix CVE-2024-41996 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 08/16] ofono: fix CVE-2023-4235 Steve Sakoman
` (8 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug
is triggered within the decode_status_report() function during the SMS decoding.
It is assumed that the attack scenario is accessible from a compromised modem,
a malicious base station, or just SMS. There is a bound check for this memcpy
length in decode_submit(), but it was forgotten in decode_status_report().
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ofono/ofono/CVE-2023-4232.patch | 30 +++++++++++++++++++
meta/recipes-connectivity/ofono/ofono_1.34.bb | 1 +
2 files changed, 31 insertions(+)
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch
new file mode 100644
index 0000000000..da714f6a87
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch
@@ -0,0 +1,30 @@
+From 2ff2da7ac374a790f8b2a0216bcb4e3126498225 Mon Sep 17 00:00:00 2001
+From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
+Date: Wed, 4 Dec 2024 10:18:52 +0200
+Subject: [PATCH] smsutil: check status report fits in buffer
+
+Fixes CVE-2023-4232
+
+CVE: CVE-2023-4232
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=2ff2da7ac374a790f8b2a0216bcb4e3126498225]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/smsutil.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index ac89f16c..a706e26f 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -1088,6 +1088,9 @@ static gboolean decode_status_report(const unsigned char *pdu, int len,
+ if ((len - offset) < expected)
+ return FALSE;
+
++ if (expected > (int)sizeof(out->status_report.ud))
++ return FALSE;
++
+ memcpy(out->status_report.ud, pdu + offset, expected);
+ }
+
+--
+2.30.2
diff --git a/meta/recipes-connectivity/ofono/ofono_1.34.bb b/meta/recipes-connectivity/ofono/ofono_1.34.bb
index 9f11af9236..8a298bfade 100644
--- a/meta/recipes-connectivity/ofono/ofono_1.34.bb
+++ b/meta/recipes-connectivity/ofono/ofono_1.34.bb
@@ -26,6 +26,7 @@ SRC_URI = "\
file://CVE-2024-7547.patch \
file://CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch \
file://CVE-2024-7537.patch \
+ file://CVE-2023-4232.patch \
"
SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 08/16] ofono: fix CVE-2023-4235
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (6 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 07/16] ofono: fix CVE-2023-4232 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 09/16] ghostscript: ignore CVE-2025-46646 Steve Sakoman
` (7 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug
is triggered within the decode_deliver_report() function during the SMS decoding.
It is assumed that the attack scenario is accessible from a compromised modem,
a malicious base station, or just SMS. There is a bound check for this memcpy
length in decode_submit(), but it was forgotten in decode_deliver_report().
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ofono/ofono/CVE-2023-4235.patch | 37 +++++++++++++++++++
meta/recipes-connectivity/ofono/ofono_1.34.bb | 1 +
2 files changed, 38 insertions(+)
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch
new file mode 100644
index 0000000000..ce03bbd274
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch
@@ -0,0 +1,37 @@
+From 02aa0f9bad3d9e47a152fc045d0f51874d901d7e Mon Sep 17 00:00:00 2001
+From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
+Date: Wed, 4 Dec 2024 10:18:51 +0200
+Subject: [PATCH] smsutil: check deliver reports fit in buffer
+
+Fixes CVE-2023-4235
+
+CVE: CVE-2023-4235
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=02aa0f9bad3d9e47a152fc045d0f51874d901d7e]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/smsutil.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index 484bfd0b..ac89f16c 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -1240,10 +1240,16 @@ static gboolean decode_deliver_report(const unsigned char *pdu, int len,
+ return FALSE;
+
+ if (out->type == SMS_TYPE_DELIVER_REPORT_ERROR) {
++ if (expected > (int) sizeof(out->deliver_err_report.ud))
++ return FALSE;
++
+ out->deliver_err_report.udl = udl;
+ memcpy(out->deliver_err_report.ud,
+ pdu + offset, expected);
+ } else {
++ if (expected > (int) sizeof(out->deliver_ack_report.ud))
++ return FALSE;
++
+ out->deliver_ack_report.udl = udl;
+ memcpy(out->deliver_ack_report.ud,
+ pdu + offset, expected);
+--
+2.30.2
diff --git a/meta/recipes-connectivity/ofono/ofono_1.34.bb b/meta/recipes-connectivity/ofono/ofono_1.34.bb
index 8a298bfade..a3edf4ab5d 100644
--- a/meta/recipes-connectivity/ofono/ofono_1.34.bb
+++ b/meta/recipes-connectivity/ofono/ofono_1.34.bb
@@ -27,6 +27,7 @@ SRC_URI = "\
file://CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch \
file://CVE-2024-7537.patch \
file://CVE-2023-4232.patch \
+ file://CVE-2023-4235.patch \
"
SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 09/16] ghostscript: ignore CVE-2025-46646
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (7 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 08/16] ofono: fix CVE-2023-4235 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 10/16] iputils: patch CVE-2025-48964 Steve Sakoman
` (6 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
The code patched by [1] which fixes this CVE is not available in 9.55.0.
Also Debian says in [2] that even 10.0.0 is not yet affected.
[1] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f14ea81e6c3d2f51593f23cdf13c4679a18f1a3f
[2] https://security-tracker.debian.org/tracker/CVE-2025-46646
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 3b50ac1409..4d696159e0 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -28,6 +28,8 @@ CVE_CHECK_IGNORE += "CVE-2023-38560 CVE-2024-46954"
CVE_CHECK_IGNORE += "CVE-2024-29507 CVE-2025-27833"
# Only impacts codepaths relevant for Windows builds
CVE_CHECK_IGNORE += "CVE-2025-27837"
+# Vulnerable code was introduced later, so 9.55.0 is not affected yet
+CVE_CHECK_IGNORE += "CVE-2025-46646"
def gs_verdir(v):
return "".join(v.split("."))
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 10/16] iputils: patch CVE-2025-48964
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (8 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 09/16] ghostscript: ignore CVE-2025-46646 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 11/16] gdk-pixbuf: fix CVE-2025-7345 Steve Sakoman
` (5 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commit referencing this CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../iputils/iputils/CVE-2025-48964.patch | 99 +++++++++++++++++++
.../iputils/iputils_20211215.bb | 1 +
2 files changed, 100 insertions(+)
create mode 100644 meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch
diff --git a/meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch b/meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch
new file mode 100644
index 0000000000..e6fc67bce0
--- /dev/null
+++ b/meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch
@@ -0,0 +1,99 @@
+From afa36390394a6e0cceba03b52b59b6d41710608c Mon Sep 17 00:00:00 2001
+From: Cyril Hrubis <metan@ucw.cz>
+Date: Fri, 16 May 2025 17:57:10 +0200
+Subject: [PATCH] ping: Fix moving average rtt calculation
+
+The rts->rtt counts an exponential weight moving average in a fixed
+point, that means that even if we limit the triptime to fit into a 32bit
+number the average will overflow because because fixed point needs eight
+more bits.
+
+We also have to limit the triptime to 32bit number because otherwise the
+moving average may stil overflow if we manage to produce a large enough
+triptime.
+
+Fixes: CVE-2025-48964
+Fixes: https://bugzilla.suse.com/show_bug.cgi?id=1243772
+Closes: https://github.com/iputils/iputils-ghsa-25fr-jw29-74f9/pull/1
+Reported-by: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
+Reviewed-by: Petr Vorel <pvorel@suse.cz>
+Tested-by: Petr Vorel <pvorel@suse.cz>
+Reviewed-by: Michal Kubecek <mkubecek@suse.cz>
+Reviewed-by: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
+Signed-off-by: Cyril Hrubis <metan@ucw.cz>
+
+CVE: CVE-2025-48964
+Upstream-Status: Backport [https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ iputils_common.h | 2 +-
+ ping/ping.h | 2 +-
+ ping/ping_common.c | 8 ++++----
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/iputils_common.h b/iputils_common.h
+index 829a749..1296905 100644
+--- a/iputils_common.h
++++ b/iputils_common.h
+@@ -11,7 +11,7 @@
+ __typeof__(&arr[0]))])) * 0)
+
+ /* 1000001 = 1000000 tv_sec + 1 tv_usec */
+-#define TV_SEC_MAX_VAL (LONG_MAX/1000001)
++#define TV_SEC_MAX_VAL (INT32_MAX/1000001)
+
+ #ifdef __GNUC__
+ # define iputils_attribute_format(t, n, m) __attribute__((__format__ (t, n, m)))
+diff --git a/ping/ping.h b/ping/ping.h
+index 4dce538..bc1fab2 100644
+--- a/ping/ping.h
++++ b/ping/ping.h
+@@ -180,7 +180,7 @@ struct ping_rts {
+ long tmax; /* maximum round trip time */
+ double tsum; /* sum of all times, for doing average */
+ double tsum2;
+- int rtt;
++ uint64_t rtt; /* Exponential weight moving average calculated in fixed point */
+ int rtt_addend;
+ uint16_t acked;
+ int pipesize;
+diff --git a/ping/ping_common.c b/ping/ping_common.c
+index 2a3e556..fad5228 100644
+--- a/ping/ping_common.c
++++ b/ping/ping_common.c
+@@ -273,7 +273,7 @@ int __schedule_exit(int next)
+
+ static inline void update_interval(struct ping_rts *rts)
+ {
+- int est = rts->rtt ? rts->rtt / 8 : rts->interval * 1000;
++ int est = rts->rtt ? (int)(rts->rtt / 8) : rts->interval * 1000;
+
+ rts->interval = (est + rts->rtt_addend + 500) / 1000;
+ if (rts->uid && rts->interval < MINUSERINTERVAL)
+@@ -768,7 +768,7 @@ restamp:
+ if (triptime > rts->tmax)
+ rts->tmax = triptime;
+ if (!rts->rtt)
+- rts->rtt = triptime * 8;
++ rts->rtt = ((uint64_t)triptime) * 8;
+ else
+ rts->rtt += triptime - rts->rtt / 8;
+ if (rts->opt_adaptive)
+@@ -935,7 +935,7 @@ int finish(struct ping_rts *rts)
+ int ipg = (1000000 * (long long)tv.tv_sec + tv.tv_nsec / 1000) / (rts->ntransmitted - 1);
+
+ printf(_("%sipg/ewma %d.%03d/%d.%03d ms"),
+- comma, ipg / 1000, ipg % 1000, rts->rtt / 8000, (rts->rtt / 8) % 1000);
++ comma, ipg / 1000, ipg % 1000, (int)(rts->rtt / 8000), (int)((rts->rtt / 8) % 1000));
+ }
+ putchar('\n');
+ return (!rts->nreceived || (rts->deadline && rts->nreceived < rts->npackets));
+@@ -960,7 +960,7 @@ void status(struct ping_rts *rts)
+ fprintf(stderr, _(", min/avg/ewma/max = %ld.%03ld/%lu.%03ld/%d.%03d/%ld.%03ld ms"),
+ (long)rts->tmin / 1000, (long)rts->tmin % 1000,
+ tavg / 1000, tavg % 1000,
+- rts->rtt / 8000, (rts->rtt / 8) % 1000, (long)rts->tmax / 1000, (long)rts->tmax % 1000);
++ (int)(rts->rtt / 8000), (int)((rts->rtt / 8) % 1000), (long)rts->tmax / 1000, (long)rts->tmax % 1000);
+ }
+ fprintf(stderr, "\n");
+ }
diff --git a/meta/recipes-extended/iputils/iputils_20211215.bb b/meta/recipes-extended/iputils/iputils_20211215.bb
index 03dc97dcc8..97fff6fe3a 100644
--- a/meta/recipes-extended/iputils/iputils_20211215.bb
+++ b/meta/recipes-extended/iputils/iputils_20211215.bb
@@ -13,6 +13,7 @@ DEPENDS = "gnutls"
SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https \
file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \
file://CVE-2025-47268.patch \
+ file://CVE-2025-48964.patch \
"
SRCREV = "1d1e7c43210d8af316a41cb2c53d612a4c16f34d"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 11/16] gdk-pixbuf: fix CVE-2025-7345
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (9 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 10/16] iputils: patch CVE-2025-48964 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 12/16] sudo: upgrade from 1.9.15p2 to 1.9.15p5 Steve Sakoman
` (4 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function
(io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing
maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding,
allowing out-of-bounds reads from heap memory, potentially causing application crashes or
arbitrary code execution.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch | 55 +++++++++++++++++++
.../gdk-pixbuf/gdk-pixbuf_2.42.10.bb | 1 +
2 files changed, 56 insertions(+)
create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch
new file mode 100644
index 0000000000..a8f23d3501
--- /dev/null
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch
@@ -0,0 +1,55 @@
+From 4af78023ce7d3b5e3cec422a59bb4f48fa4f5886 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Fri, 11 Jul 2025 11:02:05 -0400
+Subject: [PATCH] jpeg: Be more careful with chunked icc data
+
+We we inadvertendly trusting the sequence numbers not to lie.
+If they do we would report a larger data size than we actually
+allocated, leading to out of bounds memory access in base64
+encoding later on.
+
+This has been assigned CVE-2025-7345.
+
+Fixes: #249
+
+CVE: CVE-2025-7345
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4af78023ce7d3b5e3cec422a59bb4f48fa4f5886]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ gdk-pixbuf/io-jpeg.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c
+index 3841fc0..9ee1d21 100644
+--- a/gdk-pixbuf/io-jpeg.c
++++ b/gdk-pixbuf/io-jpeg.c
+@@ -356,6 +356,7 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
+ context->icc_profile = g_new (gchar, chunk_size);
+ /* copy the segment data to the profile space */
+ memcpy (context->icc_profile, marker->data + 14, chunk_size);
++ ret = TRUE;
+ goto out;
+ }
+
+@@ -377,12 +378,15 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
+ /* copy the segment data to the profile space */
+ memcpy (context->icc_profile + offset, marker->data + 14, chunk_size);
+
+- /* it's now this big plus the new data we've just copied */
+- context->icc_profile_size += chunk_size;
++ context->icc_profile_size = MAX (context->icc_profile_size, offset + chunk_size);
+
+ /* success */
+ ret = TRUE;
+ out:
++ if (!ret) {
++ g_free (context->icc_profile);
++ context->icc_profile = NULL;
++ }
+ return ret;
+ }
+
+--
+2.40.0
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
index cca89a9059..471d72d8dd 100644
--- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
@@ -20,6 +20,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
file://run-ptest \
file://fatal-loader.patch \
file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \
+ file://CVE-2025-7345.patch \
"
SRC_URI[sha256sum] = "ee9b6c75d13ba096907a2e3c6b27b61bcd17f5c7ebeab5a5b439d2f2e39fe44b"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 12/16] sudo: upgrade from 1.9.15p2 to 1.9.15p5
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (10 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 11/16] gdk-pixbuf: fix CVE-2025-7345 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 13/16] sudo: upgrade 1.9.15p5 -> 1.9.17p1 Steve Sakoman
` (3 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Chen Qi <Qi.Chen@windriver.com>
(From OE-Core rev: 4b2eccc0ee3f2906f9b04de194b9df6e24c2cdf4)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 468633036c4b049b137d80740c4380ae1959e645)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../sudo/{sudo_1.9.15p2.bb => sudo_1.9.15p5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-extended/sudo/{sudo_1.9.15p2.bb => sudo_1.9.15p5.bb} (96%)
diff --git a/meta/recipes-extended/sudo/sudo_1.9.15p2.bb b/meta/recipes-extended/sudo/sudo_1.9.15p5.bb
similarity index 96%
rename from meta/recipes-extended/sudo/sudo_1.9.15p2.bb
rename to meta/recipes-extended/sudo/sudo_1.9.15p5.bb
index 431dfba3c2..8e542015ad 100644
--- a/meta/recipes-extended/sudo/sudo_1.9.15p2.bb
+++ b/meta/recipes-extended/sudo/sudo_1.9.15p5.bb
@@ -7,7 +7,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
PAM_SRC_URI = "file://sudo.pam"
-SRC_URI[sha256sum] = "199c0cdbfa7efcfffa9c88684a8e2fb206a62b70a316507e4a91c89c873bbcc8"
+SRC_URI[sha256sum] = "558d10b9a1991fb3b9fa7fa7b07ec4405b7aefb5b3cb0b0871dbc81e3a88e558"
DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 13/16] sudo: upgrade 1.9.15p5 -> 1.9.17p1
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (11 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 12/16] sudo: upgrade from 1.9.15p2 to 1.9.15p5 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 14/16] bintuils: stable 2.38 branch update Steve Sakoman
` (2 subsequent siblings)
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Praveen Kumar <praveen.kumar@windriver.com>
Changelog:
===========
* Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified
when running a command or editing a file. This could enable a
local privilege escalation attack if the sudoers file allows the
user to run commands on a different host.
* Fixed CVE-2025-32463. An attacker can leverage sudo's -R
(--chroot) option to run arbitrary commands as root, even if
they are not listed in the sudoers file. The chroot support has
been deprecated an will be removed entirely in a future release.
License-Update: Copyright updated to 2025
0001-sudo.conf.in-fix-conflict-with-multilib.patch refreshed for 1.9.17
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...o.conf.in-fix-conflict-with-multilib.patch | 7 ++-
meta/recipes-extended/sudo/sudo.inc | 2 +-
.../{sudo_1.9.15p5.bb => sudo_1.9.17p1.bb} | 54 ++++++++++++++++++-
3 files changed, 57 insertions(+), 6 deletions(-)
rename meta/recipes-extended/sudo/{sudo_1.9.15p5.bb => sudo_1.9.17p1.bb} (52%)
diff --git a/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch b/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch
index 041c717e00..1989c5abd7 100644
--- a/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch
+++ b/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch
@@ -1,4 +1,4 @@
-From 6e835350b7413210c410d3578cfab804186b7a4f Mon Sep 17 00:00:00 2001
+From 8c69192754ba73dd6e3273728a21aa73988f4bfb Mon Sep 17 00:00:00 2001
From: Kai Kang <kai.kang@windriver.com>
Date: Tue, 17 Nov 2020 11:13:40 +0800
Subject: [PATCH] sudo.conf.in: fix conflict with multilib
@@ -15,13 +15,12 @@ Update the comments in sudo.conf.in to avoid the conflict.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Upstream-Status: Inappropriate [OE configuration specific]
-
---
examples/sudo.conf.in | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/examples/sudo.conf.in b/examples/sudo.conf.in
-index 2187457..0908d24 100644
+index bdd676c..094341c 100644
--- a/examples/sudo.conf.in
+++ b/examples/sudo.conf.in
@@ -4,7 +4,7 @@
@@ -53,7 +52,7 @@ index 2187457..0908d24 100644
# Sudo plugin directory:
@@ -74,7 +74,7 @@
# The default directory to use when searching for plugins that are
- # specified without a fully qualified path name.
+ # specified without a fully-qualified path name.
#
-#Path plugin_dir @plugindir@
+#Path plugin_dir $plugindir
diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc
index d3b6bf1ad8..a8323f8b6d 100644
--- a/meta/recipes-extended/sudo/sudo.inc
+++ b/meta/recipes-extended/sudo/sudo.inc
@@ -4,7 +4,7 @@ HOMEPAGE = "http://www.sudo.ws"
BUGTRACKER = "http://www.sudo.ws/bugs/"
SECTION = "admin"
LICENSE = "ISC & BSD-3-Clause & BSD-2-Clause & Zlib"
-LIC_FILES_CHKSUM = "file://LICENSE.md;md5=5100e20d35f9015f9eef6bdb27ba194f \
+LIC_FILES_CHKSUM = "file://LICENSE.md;md5=2841c822e587db145364ca95e9be2ffa \
file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \
file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \
file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \
diff --git a/meta/recipes-extended/sudo/sudo_1.9.15p5.bb b/meta/recipes-extended/sudo/sudo_1.9.17p1.bb
similarity index 52%
rename from meta/recipes-extended/sudo/sudo_1.9.15p5.bb
rename to meta/recipes-extended/sudo/sudo_1.9.17p1.bb
index 8e542015ad..c5d57da9f0 100644
--- a/meta/recipes-extended/sudo/sudo_1.9.15p5.bb
+++ b/meta/recipes-extended/sudo/sudo_1.9.17p1.bb
@@ -1,3 +1,55 @@
+# FIXME: the LIC_FILES_CHKSUM values have been updated by 'devtool upgrade'.
+# The following is the difference between the old and the new license text.
+# Please update the LICENSE value if needed, and summarize the changes in
+# the commit message via 'License-Update:' tag.
+# (example: 'License-Update: copyright years updated.')
+#
+# The changes:
+#
+# --- LICENSE.md
+# +++ LICENSE.md
+# @@ -1,6 +1,6 @@
+# Sudo is distributed under the following license:
+#
+# - Copyright (c) 1994-1996, 1998-2023
+# + Copyright (c) 1994-1996, 1998-2025
+# Todd C. Miller <Todd.Miller@sudo.ws>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# @@ -247,9 +247,9 @@
+#
+# The file arc4random.c bears the following license:
+#
+# - Copyright (c) 1996, David Mazieres <dm@uun.org>
+# - Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+# - Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+# + Copyright (c) 1996, David Mazieres <dm@uun.org>
+# + Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+# + Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+# Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# @@ -282,7 +282,7 @@
+#
+# The file getentropy.c bears the following license:
+#
+# - Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
+# + Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
+# Copyright (c) 2014 Bob Beck <beck@obtuse.com>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# @@ -299,7 +299,7 @@
+#
+# The embedded copy of zlib bears the following license:
+#
+# - Copyright (C) 1995-2022 Jean-loup Gailly and Mark Adler
+# + Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler
+#
+# This software is provided 'as-is', without any express or implied
+# warranty. In no event will the authors be held liable for any damages
+#
+#
+
require sudo.inc
SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
@@ -7,7 +59,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
PAM_SRC_URI = "file://sudo.pam"
-SRC_URI[sha256sum] = "558d10b9a1991fb3b9fa7fa7b07ec4405b7aefb5b3cb0b0871dbc81e3a88e558"
+SRC_URI[sha256sum] = "ff607ea717072197738a78f778692cd6df9a7e3e404565f51de063ca27455d32"
DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 14/16] bintuils: stable 2.38 branch update
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (12 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 13/16] sudo: upgrade 1.9.15p5 -> 1.9.17p1 Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 15/16] oeqa/core/decorator: add decorators to skip based on HOST_ARCH Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 16/16] tcf-agent: correct the SRC_URI Steve Sakoman
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Below commit on binutils-2.38 stable branch are updated.
9bee8d65d32 x86: Check MODRM for call and jmp in binutils older than 2.45
Before After Diff
No. of expected passes 280 280 0
No. of unexpected failures 2 2 0
No. of untested testcases 1 1 0
No. of unsupported tests 7 7 0
Testing was done and there were no regressions found
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/binutils/binutils-2.38.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index f1c29015bc..e25f52e171 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -18,7 +18,7 @@ SRCBRANCH ?= "binutils-2_38-branch"
UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
-SRCREV ?= "4d71e17a9fd8d319359ded891eb3034a2325d4c0"
+SRCREV ?= "9bee8d65d32ac1480997c13ce76ae7991180f1ed"
BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=git"
SRC_URI = "\
${BINUTILS_GIT_URI} \
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 15/16] oeqa/core/decorator: add decorators to skip based on HOST_ARCH
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (13 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 14/16] bintuils: stable 2.38 branch update Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
2025-07-15 20:36 ` [OE-core][kirkstone 16/16] tcf-agent: correct the SRC_URI Steve Sakoman
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
There are already decorators to skip on the value of MACHINE, but for
flexibility it's better to skip based on the target architecture. This
means, for example, the ISO image tests could skip if the architecture
isn't x86.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 0c21ff0a92906b6b4820eb8beddf8762fe70653d)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/core/decorator/data.py | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/meta/lib/oeqa/core/decorator/data.py b/meta/lib/oeqa/core/decorator/data.py
index 3ce10e5499..de881e097a 100644
--- a/meta/lib/oeqa/core/decorator/data.py
+++ b/meta/lib/oeqa/core/decorator/data.py
@@ -194,3 +194,27 @@ class skipIfQemu(OETestDecorator):
self.logger.debug("Checking if qemu MACHINE")
if self.case.td.get('MACHINE', '').startswith('qemu'):
self.case.skipTest('Test only runs on real hardware')
+
+@registerDecorator
+class skipIfArch(OETestDecorator):
+ """
+ Skip test if HOST_ARCH is present in the tuple specified.
+ """
+
+ attrs = ('archs',)
+ def setUpDecorator(self):
+ arch = self.case.td['HOST_ARCH']
+ if arch in self.archs:
+ self.case.skipTest('Test skipped on %s' % arch)
+
+@registerDecorator
+class skipIfNotArch(OETestDecorator):
+ """
+ Skip test if HOST_ARCH is not present in the tuple specified.
+ """
+
+ attrs = ('archs',)
+ def setUpDecorator(self):
+ arch = self.case.td['HOST_ARCH']
+ if arch not in self.archs:
+ self.case.skipTest('Test skipped on %s' % arch)
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread* [OE-core][kirkstone 16/16] tcf-agent: correct the SRC_URI
2025-07-15 20:36 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
` (14 preceding siblings ...)
2025-07-15 20:36 ` [OE-core][kirkstone 15/16] oeqa/core/decorator: add decorators to skip based on HOST_ARCH Steve Sakoman
@ 2025-07-15 20:36 ` Steve Sakoman
15 siblings, 0 replies; 24+ messages in thread
From: Steve Sakoman @ 2025-07-15 20:36 UTC (permalink / raw)
To: openembedded-core
From: Guocai He <guocai.he.cn@windriver.com>
The SRC_URI is changed to git://gitlab.eclipse.org/eclipse/tcf/tcf.agent.git
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/tcf-agent/tcf-agent_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb b/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb
index 0d627f4e23..8165d35758 100644
--- a/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb
+++ b/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb
@@ -10,7 +10,7 @@ SRCREV = "2735e3d6b7eccb05ab232825c618c837d27a5010"
PV = "1.7.0+git${SRCPV}"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
-SRC_URI = "git://git.eclipse.org/r/tcf/org.eclipse.tcf.agent.git;protocol=https;branch=master \
+SRC_URI = "git://gitlab.eclipse.org/eclipse/tcf/tcf.agent.git;protocol=https;branch=master \
file://ldflags.patch \
file://tcf-agent.init \
file://tcf-agent.service \
--
2.43.0
^ permalink raw reply related [flat|nested] 24+ messages in thread