* [OE-core][kirkstone 00/26] Patch review
@ 2022-06-02 16:51 Steve Sakoman
2022-06-10 8:39 ` [kirkstone " Sundeep KOKKONDA
0 siblings, 1 reply; 39+ messages in thread
From: Steve Sakoman @ 2022-06-02 16:51 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by end of
day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3740
The following changes since commit 4eb0b7468383a1d0314b3bfd43ea37c95de464d9:
tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalid (2022-05-28 10:38:07 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bruce Ashfield (4):
linux-yocto/5.15: update to v5.15.37
linux-yocto/5.10: update to v5.10.113
linux-yocto/5.15: update to v5.15.38
linux-yocto/5.10: update to v5.10.114
Davide Gardenal (2):
libpcre2: upgrade 10.39 -> 10.40
ncurses: update to patchlevel 20220423
Ernst Sjöstrand (2):
cve-check: Add helper for symlink handling
cve-check: Only include installed packages for rootfs manifest
Joerg Vehlow (1):
libseccomp: Add missing files for ptests
Khem Raj (2):
ovmf: Fix native build with gcc-12
gcc: Upgrade to 11.3 release
Markus Volk (1):
mesa.inc: package 00-radv-defaults.conf
Martin Jansa (2):
staging.bbclass: process direct dependencies in deterministic order
insane.bbclass: make sure to close .patch files
Naveen Saini (1):
pciutils: avoid lspci conflict with busybox
Richard Purdie (8):
vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEs
tiff: Add jbig PACKAGECONFIG and clarify CVE-2022-1210
libxslt: Mark CVE-2022-29824 as not applying
cve-extra-exclusions: Add kernel CVEs
cve-check: Allow warnings to be disabled
rust-common: Fix sstate signatures between arm hf and non-hf
rust-common: Drop LLVM_TARGET and simplify
rust-common: Fix native signature dependency issues
Sundeep KOKKONDA (2):
rust-common: Ensure sstate signatures have correct dependencues for
do_rust_gen_targets
rust-common: Fix for target definitions returning 'NoneType' for arm
leimaohui (1):
cve-check.bbclass: Added do_populate_sdk[recrdeptask].
meta/classes/cve-check.bbclass | 109 ++++---
meta/classes/insane.bbclass | 18 +-
meta/classes/rust-common.bbclass | 3 +
meta/classes/staging.bbclass | 2 +-
.../distro/include/cve-extra-exclusions.inc | 37 +++
meta/conf/distro/include/maintainers.inc | 2 +-
meta/recipes-bsp/pciutils/pciutils_3.7.0.bb | 5 +-
meta/recipes-core/ncurses/ncurses.inc | 2 +-
...ncurses_6.3.bb => ncurses_6.3+20220423.bb} | 4 +-
.../0001-BaseTools-fix-gcc12-warning-1.patch | 51 +++
.../0001-BaseTools-fix-gcc12-warning.patch | 49 +++
meta/recipes-core/ovmf/ovmf_git.bb | 6 +
.../cargo/cargo-cross-canadian.inc | 2 -
.../gcc/{gcc-11.2.inc => gcc-11.3.inc} | 66 ++--
...ian_11.2.bb => gcc-cross-canadian_11.3.bb} | 0
.../{gcc-cross_11.2.bb => gcc-cross_11.3.bb} | 0
...-crosssdk_11.2.bb => gcc-crosssdk_11.3.bb} | 0
...cc-runtime_11.2.bb => gcc-runtime_11.3.bb} | 0
...itizers_11.2.bb => gcc-sanitizers_11.3.bb} | 0
...{gcc-source_11.2.bb => gcc-source_11.3.bb} | 0
.../gcc/gcc/0001-CVE-2021-35465.patch | 138 --------
...0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch | 10 +-
.../gcc/gcc/0002-CVE-2021-35465.patch | 39 ---
.../0002-gcc-poison-system-directories.patch | 26 +-
....patch => 0003-64-bit-multilib-hack.patch} | 2 +-
.../gcc/gcc/0003-CVE-2021-35465.patch | 103 ------
.../gcc/gcc/0004-CVE-2021-35465.patch | 304 ------------------
...s.h-in-B-instead-of-S-and-t-oe-in-B.patch} | 12 +-
...oot.patch => 0005-cpp-honor-sysroot.patch} | 54 ++--
...MIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch} | 101 +++---
...gcc-Fix-argument-list-too-long-error.patch | 42 +++
...{0014-libtool.patch => 0008-libtool.patch} | 2 +-
...-fix-v4bx-to-linker-to-support-EABI.patch} | 2 +-
...config-files-from-B-instead-of-usin.patch} | 14 +-
...r-from-.la-which-usually-points-to-.patch} | 2 +-
...-target-gcc-headers-can-be-included.patch} | 6 +-
...gcc-Fix-argument-list-too-long-error.patch | 38 ---
...-directory-during-relink-if-inst_pr.patch} | 2 +-
...fix-libcc1-s-install-path-and-rpath.patch} | 8 +-
...e-build-CPP-CPPFLAGS-is-used-for-bu.patch} | 89 ++---
...ins-something-unsupported-by-the-bu.patch} | 39 +--
...e-sysroot-support-for-nativesdk-gcc.patch} | 14 +-
...root-gcc-version-specific-dirs-with.patch} | 8 +-
...19-nios2-Define-MUSL_DYNAMIC_LINKER.patch} | 28 +-
...-to-link-commandline-for-musl-targe.patch} | 10 +-
...sing-LDFLAGS-not-just-SHLIB_LDFLAGS.patch} | 2 +-
...=> 0022-sync-gcc-stddef.h-with-musl.patch} | 2 +-
...e-introduce-spe-commandline-options.patch} | 4 +-
...s-for-__cpu_indicator_init-instead-.patch} | 6 +-
...-Do-not-use-__LINE__-for-maintainin.patch} | 4 +-
...gw32-Enable-operation_not_supported.patch} | 2 +-
...mic-Do-not-enforce-march-on-aarch64.patch} | 10 +-
...y-debug-prefix-maps-before-checksum.patch} | 24 +-
... 0029-Fix-install-path-of-linux64.h.patch} | 10 +-
.../gcc/0042-Fix-thread-stack-size-init.patch | 23 --
.../gcc/{gcc_11.2.bb => gcc_11.3.bb} | 0
...initial_11.2.bb => libgcc-initial_11.3.bb} | 0
.../gcc/{libgcc_11.2.bb => libgcc_11.3.bb} | 0
...ibgfortran_11.2.bb => libgfortran_11.3.bb} | 0
meta/recipes-devtools/rust/rust-common.inc | 38 +--
.../rust/rust-cross-canadian-common.inc | 1 -
meta/recipes-graphics/mesa/mesa.inc | 2 +-
.../linux/linux-yocto-rt_5.10.bb | 6 +-
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.10.bb | 8 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +-
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 4 +
.../libpcre/libpcre2/CVE-2022-1586.patch | 58 ----
.../{libpcre2_10.39.bb => libpcre2_10.40.bb} | 5 +-
.../libseccomp/libseccomp_2.5.3.bb | 4 +
.../recipes-support/libxslt/libxslt_1.1.35.bb | 4 +
meta/recipes-support/vim/vim.inc | 4 +-
74 files changed, 634 insertions(+), 1098 deletions(-)
rename meta/recipes-core/ncurses/{ncurses_6.3.bb => ncurses_6.3+20220423.bb} (77%)
create mode 100644 meta/recipes-core/ovmf/ovmf/0001-BaseTools-fix-gcc12-warning-1.patch
create mode 100644 meta/recipes-core/ovmf/ovmf/0001-BaseTools-fix-gcc12-warning.patch
rename meta/recipes-devtools/gcc/{gcc-11.2.inc => gcc-11.3.inc} (58%)
rename meta/recipes-devtools/gcc/{gcc-cross-canadian_11.2.bb => gcc-cross-canadian_11.3.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-cross_11.2.bb => gcc-cross_11.3.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-crosssdk_11.2.bb => gcc-crosssdk_11.3.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-runtime_11.2.bb => gcc-runtime_11.3.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-sanitizers_11.2.bb => gcc-sanitizers_11.3.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-source_11.2.bb => gcc-source_11.3.bb} (100%)
delete mode 100644 meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch
delete mode 100644 meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch
rename meta/recipes-devtools/gcc/gcc/{0004-64-bit-multilib-hack.patch => 0003-64-bit-multilib-hack.patch} (99%)
delete mode 100644 meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch
delete mode 100644 meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch
rename meta/recipes-devtools/gcc/gcc/{0007-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch => 0004-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch} (91%)
rename meta/recipes-devtools/gcc/gcc/{0009-cpp-honor-sysroot.patch => 0005-cpp-honor-sysroot.patch} (41%)
rename meta/recipes-devtools/gcc/gcc/{0011-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch => 0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch} (81%)
create mode 100644 meta/recipes-devtools/gcc/gcc/0007-gcc-Fix-argument-list-too-long-error.patch
rename meta/recipes-devtools/gcc/gcc/{0014-libtool.patch => 0008-libtool.patch} (94%)
rename meta/recipes-devtools/gcc/gcc/{0015-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch => 0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch} (95%)
rename meta/recipes-devtools/gcc/gcc/{0016-Use-the-multilib-config-files-from-B-instead-of-usin.patch => 0010-Use-the-multilib-config-files-from-B-instead-of-usin.patch} (89%)
rename meta/recipes-devtools/gcc/gcc/{0017-Avoid-using-libdir-from-.la-which-usually-points-to-.patch => 0011-Avoid-using-libdir-from-.la-which-usually-points-to-.patch} (92%)
rename meta/recipes-devtools/gcc/gcc/{0019-Ensure-target-gcc-headers-can-be-included.patch => 0012-Ensure-target-gcc-headers-can-be-included.patch} (96%)
delete mode 100644 meta/recipes-devtools/gcc/gcc/0012-gcc-Fix-argument-list-too-long-error.patch
rename meta/recipes-devtools/gcc/gcc/{0020-Don-t-search-host-directory-during-relink-if-inst_pr.patch => 0013-Don-t-search-host-directory-during-relink-if-inst_pr.patch} (93%)
rename meta/recipes-devtools/gcc/gcc/{0023-libcc1-fix-libcc1-s-install-path-and-rpath.patch => 0014-libcc1-fix-libcc1-s-install-path-and-rpath.patch} (90%)
rename meta/recipes-devtools/gcc/gcc/{0018-export-CPP.patch => 0015-Makefile.in-Ensure-build-CPP-CPPFLAGS-is-used-for-bu.patch} (79%)
rename meta/recipes-devtools/gcc/gcc/{0006-If-CXXFLAGS-contains-something-unsupported-by-the-bu.patch => 0016-If-CXXFLAGS-contains-something-unsupported-by-the-bu.patch} (68%)
rename meta/recipes-devtools/gcc/gcc/{0024-handle-sysroot-support-for-nativesdk-gcc.patch => 0017-handle-sysroot-support-for-nativesdk-gcc.patch} (98%)
rename meta/recipes-devtools/gcc/gcc/{0025-Search-target-sysroot-gcc-version-specific-dirs-with.patch => 0018-Search-target-sysroot-gcc-version-specific-dirs-with.patch} (92%)
rename meta/recipes-devtools/gcc/gcc/{0027-nios2-Define-MUSL_DYNAMIC_LINKER.patch => 0019-nios2-Define-MUSL_DYNAMIC_LINKER.patch} (40%)
rename meta/recipes-devtools/gcc/gcc/{0028-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch => 0020-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch} (84%)
rename meta/recipes-devtools/gcc/gcc/{0029-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch => 0021-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch} (93%)
rename meta/recipes-devtools/gcc/gcc/{0030-sync-gcc-stddef.h-with-musl.patch => 0022-sync-gcc-stddef.h-with-musl.patch} (97%)
rename meta/recipes-devtools/gcc/gcc/{0033-Re-introduce-spe-commandline-options.patch => 0023-Re-introduce-spe-commandline-options.patch} (90%)
rename meta/recipes-devtools/gcc/gcc/{0034-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch => 0024-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch} (94%)
rename meta/recipes-devtools/gcc/gcc/{0035-gentypes-genmodes-Do-not-use-__LINE__-for-maintainin.patch => 0025-gentypes-genmodes-Do-not-use-__LINE__-for-maintainin.patch} (98%)
rename meta/recipes-devtools/gcc/gcc/{0036-mingw32-Enable-operation_not_supported.patch => 0026-mingw32-Enable-operation_not_supported.patch} (93%)
rename meta/recipes-devtools/gcc/gcc/{0037-libatomic-Do-not-enforce-march-on-aarch64.patch => 0027-libatomic-Do-not-enforce-march-on-aarch64.patch} (85%)
rename meta/recipes-devtools/gcc/gcc/{0041-apply-debug-prefix-maps-before-checksumming-DIEs.patch => 0028-debug-101473-apply-debug-prefix-maps-before-checksum.patch} (81%)
rename meta/recipes-devtools/gcc/gcc/{0001-Fix-install-path-of-linux64.h.patch => 0029-Fix-install-path-of-linux64.h.patch} (81%)
delete mode 100644 meta/recipes-devtools/gcc/gcc/0042-Fix-thread-stack-size-init.patch
rename meta/recipes-devtools/gcc/{gcc_11.2.bb => gcc_11.3.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc-initial_11.2.bb => libgcc-initial_11.3.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc_11.2.bb => libgcc_11.3.bb} (100%)
rename meta/recipes-devtools/gcc/{libgfortran_11.2.bb => libgfortran_11.3.bb} (100%)
delete mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-1586.patch
rename meta/recipes-support/libpcre/{libpcre2_10.39.bb => libpcre2_10.40.bb} (90%)
--
2.25.1
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [OE-core] [kirkstone 00/26] Patch review
2022-06-10 8:39 ` [kirkstone " Sundeep KOKKONDA
@ 2022-06-10 9:12 ` Martin Jansa
2022-06-10 9:13 ` Martin Jansa
2022-06-10 14:19 ` Steve Sakoman
0 siblings, 2 replies; 39+ messages in thread
From: Martin Jansa @ 2022-06-10 9:12 UTC (permalink / raw)
To: Sundeep KOKKONDA; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 1260 bytes --]
Don't know if it was intentional, but these patches seem to be moved to
stable/kirkstone-next:
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-next
On Fri, Jun 10, 2022 at 10:39 AM Sundeep KOKKONDA <
sundeep.kokkonda@gmail.com> wrote:
> Hello Steve,
>
> I am planning to do a regression test on gcc-11.3 and cloned the repo from
> given link '*git://git.openembedded.org/openembedded-core-contrib
> <http://git.openembedded.org/openembedded-core-contrib>
> stable/kirkstone-nut*' but I did not get these patches included in the
> cloned repository. I could still see gcc-11.2 cloned. Also, I verified
> patches in rust-common file, those are also not updated.
>
> Can you let me know does this repo is correct or I've do anything else to
> get these patches?
>
>
> Thanks,
> Sundeep K.
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#166790):
> https://lists.openembedded.org/g/openembedded-core/message/166790
> Mute This Topic: https://lists.openembedded.org/mt/91503792/3617156
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> Martin.Jansa@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
[-- Attachment #2: Type: text/html, Size: 2318 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [OE-core] [kirkstone 00/26] Patch review
2022-06-10 9:12 ` [OE-core] " Martin Jansa
@ 2022-06-10 9:13 ` Martin Jansa
2022-06-10 14:19 ` Steve Sakoman
1 sibling, 0 replies; 39+ messages in thread
From: Martin Jansa @ 2022-06-10 9:13 UTC (permalink / raw)
To: Sundeep KOKKONDA; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 1532 bytes --]
And also this PR was already merged, so they are also in regular kirkstone
branch now:
https://cgit.openembedded.org/openembedded-core/log/?h=kirkstone
On Fri, Jun 10, 2022 at 11:12 AM Martin Jansa <martin.jansa@gmail.com>
wrote:
> Don't know if it was intentional, but these patches seem to be moved to
> stable/kirkstone-next:
>
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-next
>
> On Fri, Jun 10, 2022 at 10:39 AM Sundeep KOKKONDA <
> sundeep.kokkonda@gmail.com> wrote:
>
>> Hello Steve,
>>
>> I am planning to do a regression test on gcc-11.3 and cloned the repo
>> from given link '*git://git.openembedded.org/openembedded-core-contrib
>> <http://git.openembedded.org/openembedded-core-contrib>
>> stable/kirkstone-nut*' but I did not get these patches included in the
>> cloned repository. I could still see gcc-11.2 cloned. Also, I verified
>> patches in rust-common file, those are also not updated.
>>
>> Can you let me know does this repo is correct or I've do anything else to
>> get these patches?
>>
>>
>> Thanks,
>> Sundeep K.
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#166790):
>> https://lists.openembedded.org/g/openembedded-core/message/166790
>> Mute This Topic: https://lists.openembedded.org/mt/91503792/3617156
>> Group Owner: openembedded-core+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
>> Martin.Jansa@gmail.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
>>
[-- Attachment #2: Type: text/html, Size: 2957 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [OE-core] [kirkstone 00/26] Patch review
2022-06-10 9:12 ` [OE-core] " Martin Jansa
2022-06-10 9:13 ` Martin Jansa
@ 2022-06-10 14:19 ` Steve Sakoman
2022-06-16 2:19 ` Sundeep KOKKONDA
1 sibling, 1 reply; 39+ messages in thread
From: Steve Sakoman @ 2022-06-10 14:19 UTC (permalink / raw)
To: Martin Jansa; +Cc: Sundeep KOKKONDA, openembedded-core
On Thu, Jun 9, 2022 at 11:12 PM Martin Jansa <Martin.Jansa@gmail.com> wrote:
>
> Don't know if it was intentional, but these patches seem to be moved to stable/kirkstone-next:
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-next
Yes, it was intentional :-)
The general flow is:
1. Patch testing is done from stable/kirkstone-nut. This branch is
changed/rebased multiple times daily and is likely to have issues, so
it is not for general use at all!
2. Once I have a good patch set in stable/kirkstone-nut I send a
review request to the list and allow 2 work days for comments.
3. If there are no comments after the first day, I move the patches to
stable/kirkstone-next.
4. After the two day review period I send a pull request from
stable/kirkstone-next. If there are comments on a patch I will
typically just drop the patch from stable/kirkstone-next and deal with
it in the next batch.
5. Richard takes the pull request and the patches move to the main
kirkstone branch
As you might expect, I follow the same process for dunfell :-)
Hope this clarifies things a bit!
Steve
> On Fri, Jun 10, 2022 at 10:39 AM Sundeep KOKKONDA <sundeep.kokkonda@gmail.com> wrote:
>>
>> Hello Steve,
>>
>> I am planning to do a regression test on gcc-11.3 and cloned the repo from given link 'git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut' but I did not get these patches included in the cloned repository. I could still see gcc-11.2 cloned. Also, I verified patches in rust-common file, those are also not updated.
>>
>> Can you let me know does this repo is correct or I've do anything else to get these patches?
>>
>>
>> Thanks,
>> Sundeep K.
>>
>>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#166791): https://lists.openembedded.org/g/openembedded-core/message/166791
> Mute This Topic: https://lists.openembedded.org/mt/91503792/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [OE-core] [kirkstone 00/26] Patch review
2022-06-16 2:19 ` Sundeep KOKKONDA
@ 2022-06-16 14:19 ` Randy MacLeod
2022-06-20 3:09 ` Sundeep KOKKONDA
0 siblings, 1 reply; 39+ messages in thread
From: Randy MacLeod @ 2022-06-16 14:19 UTC (permalink / raw)
To: Sundeep KOKKONDA, openembedded-core, steve@sakoman.com
[-- Attachment #1: Type: text/plain, Size: 2810 bytes --]
On 2022-06-15 22:19, Sundeep KOKKONDA wrote:
> Hello,
>
> GCC regression test performed on /Kirkstone/ with gcc-11.3 & gcc-11.2.
> The results are *NOT* identical. Below is test summary.
>
> *gcc-11.3:*
> / === gcc Summary ===/
> /# of expected passes 126552/
> /# of unexpected failures 24295/
> /# of unexpected successes 77/
> /# of expected failures 782/
> /# of unresolved testcases 10/
> /# of unsupported tests 2760/
> //home/bft1/skokkonda/kirkstone/poky/build/sdk/sysroots/x86_64-pokysdk-linux/usr/bin/x86_64-poky-linux/x86_64-poky-linux-gcc
> version 11.3.0 (GCC)/
>
> *gcc-11.2:*
> / === gcc Summary ===/
> /# of expected passes 125933/
> /# of unexpected failures 24215/
> /# of unexpected successes 76/
> /# of expected failures 773/
> /# of unresolved testcases 10/
> /# of unsupported tests 2779/
> //home/bft1/skokkonda/kirkstone-gcc-11.2/poky/build/sdk/sysroots/x86_64-pokysdk-linux/usr/bin/x86_64-poky-linux/x86_64-poky-linux-gcc
> version 11.2.0 (GCC)
>
>
> /
/11.3: # of expected passes 126552/
//11.2: # of expected passes 125933//
So >= 619 additional tests were added and they mostly pass (as you'd
expect).
That's good news.
/11.3: # of unexpected failures 24295/
/11.2: # of unexpected failures 24215/
/
/
/So 80 additional unexpected failures - can you summarize what these
failures are?
Were any of them fixed after the 11.3 tag?
Are they related to one part of the toolchain or spread across various
features?
Are they reproducible when buiding outside of bitbake?/
/
/
/The other differences are less significant.
If you post similar data in future emails, please do the math for people!
/
/
/
//
> gcc-11.3 & gcc-11.2 test summaries are attached.
I didn't look at these yet but thanks for providing them.
Since we're not seeing any runtime regression in our Yocto
test suite, I suspect that we shouldn't panic but should instead
just work to understand, fix, upstream and monitor for future regressions.
../Randy
>
>
> --
> Thanks,
> Sundeep K.
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#166997):https://lists.openembedded.org/g/openembedded-core/message/166997
> Mute This Topic:https://lists.openembedded.org/mt/91503792/3616765
> Group Owner:openembedded-core+owner@lists.openembedded.org
> Unsubscribe:https://lists.openembedded.org/g/openembedded-core/unsub [randy.macleod@windriver.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
# Randy MacLeod
# Wind River Linux
[-- Attachment #2: Type: text/html, Size: 5533 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [OE-core] [kirkstone 00/26] Patch review
2022-06-16 14:19 ` [OE-core] " Randy MacLeod
@ 2022-06-20 3:09 ` Sundeep KOKKONDA
2022-06-27 12:12 ` Randy MacLeod
0 siblings, 1 reply; 39+ messages in thread
From: Sundeep KOKKONDA @ 2022-06-20 3:09 UTC (permalink / raw)
To: Randy MacLeod, openembedded-core, steve@sakoman.com
[-- Attachment #1.1: Type: text/plain, Size: 2860 bytes --]
Hello Randy,
On 16-06-2022 19:49, Randy MacLeod wrote:
> On 2022-06-15 22:19, Sundeep KOKKONDA wrote:
>> Hello,
>>
>> GCC regression test performed on /Kirkstone/ with gcc-11.3 &
>> gcc-11.2. The results are *NOT* identical. Below is test summary.
>>
>> *gcc-11.3:*
>> / === gcc Summary ===/
>> /# of expected passes 126552/
>> /# of unexpected failures 24295/
>> /# of unexpected successes 77/
>> /# of expected failures 782/
>> /# of unresolved testcases 10/
>> /# of unsupported tests 2760/
>> //home/bft1/skokkonda/kirkstone/poky/build/sdk/sysroots/x86_64-pokysdk-linux/usr/bin/x86_64-poky-linux/x86_64-poky-linux-gcc
>> version 11.3.0 (GCC)/
>>
>> *gcc-11.2:*
>> / === gcc Summary ===/
>> /# of expected passes 125933/
>> /# of unexpected failures 24215/
>> /# of unexpected successes 76/
>> /# of expected failures 773/
>> /# of unresolved testcases 10/
>> /# of unsupported tests 2779/
>> //home/bft1/skokkonda/kirkstone-gcc-11.2/poky/build/sdk/sysroots/x86_64-pokysdk-linux/usr/bin/x86_64-poky-linux/x86_64-poky-linux-gcc
>> version 11.2.0 (GCC)
>>
>>
>> /
>
> /11.3: # of expected passes 126552/
> //11.2: # of expected passes 125933//
>
> So >= 619 additional tests were added and they mostly pass (as you'd
> expect).
> That's good news.
>
>
> /11.3: # of unexpected failures 24295/
> /11.2: # of unexpected failures 24215/
> /
> /
> /So 80 additional unexpected failures - can you summarize what these
> failures are?
> /
There are 83 tests failed with GCC-11.3 and out of them most of the
failed cases (75 tests) are /execution /tests and the remaining are
/test for excess errors/ (Tests with excess messages output to stderr).
The Failed tests list is attached.
> /Were any of them fixed after the 11.3 tag?
> /
Does it mean, do you want me to test on 11.4 and compare?
> /
> Are they related to one part of the toolchain or spread across various
> features?
> Are they reproducible when buiding outside of bitbake?/
The test failures are from gcc.dg/torture, gcc.c-torture & gcc.target
testsuites.
> /
> /
> /The other differences are less significant.
> If you post similar data in future emails, please do the math for people!
> /
> /
> /
> //
>> gcc-11.3 & gcc-11.2 test summaries are attached.
>
> I didn't look at these yet but thanks for providing them.
>
> Since we're not seeing any runtime regression in our Yocto
> test suite, I suspect that we shouldn't panic but should instead
> just work to understand, fix, upstream and monitor for future regressions.
>
> ../Randy
>
>>
>>
>> --
>> Thanks,
>> Sundeep K.
>>
>>
>>
>
> --
> # Randy MacLeod
> # Wind River Linux
[-- Attachment #1.2: Type: text/html, Size: 6852 bytes --]
[-- Attachment #2: FailedTests_GCC-11.3 --]
[-- Type: text/plain, Size: 5983 bytes --]
FAIL: gcc.c-torture/execute/bitfld-10.c -O0 execution test
FAIL: gcc.c-torture/execute/bitfld-10.c -O1 execution test
FAIL: gcc.c-torture/execute/bitfld-10.c -O2 execution test
FAIL: gcc.c-torture/execute/bitfld-10.c -O3 -g execution test
FAIL: gcc.c-torture/execute/bitfld-10.c -Os execution test
FAIL: gcc.c-torture/execute/bitfld-10.c -O2 -flto -fno-use-linker-plugin -flto-partition=none execution test
FAIL: gcc.c-torture/execute/bitfld-10.c -O2 -flto -fuse-linker-plugin -fno-fat-lto-objects execution test
FAIL: gcc.c-torture/execute/pr103052.c -O0 execution test
FAIL: gcc.c-torture/execute/pr103052.c -O1 execution test
FAIL: gcc.c-torture/execute/pr103052.c -O2 execution test
FAIL: gcc.c-torture/execute/pr103052.c -O3 -g execution test
FAIL: gcc.c-torture/execute/pr103052.c -Os execution test
FAIL: gcc.c-torture/execute/pr103052.c -O2 -flto -fno-use-linker-plugin -flto-partition=none execution test
FAIL: gcc.c-torture/execute/pr103052.c -O2 -flto -fuse-linker-plugin -fno-fat-lto-objects execution test
FAIL: gcc.c-torture/execute/pr103255.c -O0 execution test
FAIL: gcc.c-torture/execute/pr103255.c -O1 execution test
FAIL: gcc.c-torture/execute/pr103255.c -O2 execution test
FAIL: gcc.c-torture/execute/pr103255.c -O3 -fomit-frame-pointer -funroll-loops -fpeel-loops -ftracer -finline-functions execution test
FAIL: gcc.c-torture/execute/pr103255.c -O3 -g execution test
FAIL: gcc.c-torture/execute/pr103255.c -Os execution test
FAIL: gcc.c-torture/execute/pr103255.c -O2 -flto -fno-use-linker-plugin -flto-partition=none execution test
FAIL: gcc.c-torture/execute/pr103255.c -O2 -flto -fuse-linker-plugin -fno-fat-lto-objects execution test
FAIL: gcc.c-torture/execute/pr104814.c -O0 execution test
FAIL: gcc.c-torture/execute/pr104814.c -O1 execution test
FAIL: gcc.c-torture/execute/pr104814.c -O2 execution test
FAIL: gcc.c-torture/execute/pr104814.c -O3 -fomit-frame-pointer -funroll-loops -fpeel-loops -ftracer -finline-functions execution test
FAIL: gcc.c-torture/execute/pr104814.c -O3 -g execution test
FAIL: gcc.c-torture/execute/pr104814.c -Os execution test
FAIL: gcc.c-torture/execute/pr104814.c -O2 -flto -fno-use-linker-plugin -flto-partition=none execution test
FAIL: gcc.c-torture/execute/pr104814.c -O2 -flto -fuse-linker-plugin -fno-fat-lto-objects execution test
FAIL: gcc.dg/analyzer/data-model-1.c (test for warnings, line 254)
FAIL: gcc.dg/analyzer/strndup-1.c (test for warnings, line 11)
FAIL: c-c++-common/cpp/pr104147.c -Wc++-compat execution test
FAIL: gcc.dg/pr102224.c execution test
FAIL: gcc.dg/pr102798.c execution test
FAIL: gcc.dg/pr103860.c execution test
FAIL: gcc.dg/sso-16.c execution test
FAIL: gcc.dg/ipa/pr103083-1.c execution test
FAIL: gcc.dg/lto/pr101868 c_lto_pr101868_0.o-c_lto_pr101868_3.o execute -O2 -fno-strict-aliasing -flto
FAIL: gcc.dg/lto/pr101949 c_lto_pr101949_0.o-c_lto_pr101949_1.o execute -O2 -fipa-pta -flto -flto-partition=1to1
FAIL: gcc.dg/torture/pr102139.c -O0 execution test
FAIL: gcc.dg/torture/pr102139.c -O1 execution test
FAIL: gcc.dg/torture/pr102139.c -O2 execution test
FAIL: gcc.dg/torture/pr102139.c -O3 -g execution test
FAIL: gcc.dg/torture/pr102139.c -Os execution test
FAIL: gcc.dg/torture/pr102139.c -O2 -flto -fno-use-linker-plugin -flto-partition=none execution test
FAIL: gcc.dg/torture/pr102139.c -O2 -flto -fuse-linker-plugin -fno-fat-lto-objects execution test
FAIL: gcc.dg/torture/pr103181.c -O0 execution test
FAIL: gcc.dg/torture/pr103181.c -O1 execution test
FAIL: gcc.dg/torture/pr103181.c -O2 execution test
FAIL: gcc.dg/torture/pr103181.c -O3 -g execution test
FAIL: gcc.dg/torture/pr103181.c -Os execution test
FAIL: gcc.dg/torture/pr103181.c -O2 -flto -fno-use-linker-plugin -flto-partition=none execution test
FAIL: gcc.dg/torture/pr103181.c -O2 -flto -fuse-linker-plugin -fno-fat-lto-objects execution test
FAIL: gcc.dg/torture/pr103237.c -O0 execution test
FAIL: gcc.dg/torture/pr103237.c -O1 execution test
FAIL: gcc.dg/torture/pr103237.c -O2 execution test
FAIL: gcc.dg/torture/pr103237.c -O3 -fomit-frame-pointer -funroll-loops -fpeel-loops -ftracer -finline-functions execution test
FAIL: gcc.dg/torture/pr103237.c -O3 -g execution test
FAIL: gcc.dg/torture/pr103237.c -Os execution test
FAIL: gcc.dg/torture/pr103237.c -O2 -flto -fno-use-linker-plugin -flto-partition=none execution test
FAIL: gcc.dg/torture/pr103237.c -O2 -flto -fuse-linker-plugin -fno-fat-lto-objects execution test
FAIL: gcc.dg/torture/pr105198.c -O0 execution test
FAIL: gcc.dg/torture/pr105198.c -O1 execution test
FAIL: gcc.dg/torture/pr105198.c -O2 execution test
FAIL: gcc.dg/torture/pr105198.c -O3 -fomit-frame-pointer -funroll-loops -fpeel-loops -ftracer -finline-functions execution test
FAIL: gcc.dg/torture/pr105198.c -O3 -g execution test
FAIL: gcc.dg/torture/pr105198.c -Os execution test
FAIL: gcc.dg/torture/pr105198.c -O2 -flto -fno-use-linker-plugin -flto-partition=none execution test
FAIL: gcc.dg/torture/pr105198.c -O2 -flto -fuse-linker-plugin -fno-fat-lto-objects execution test
FAIL: gcc.dg/vect/bb-slp-pr101615-2.c execution test
FAIL: gcc.dg/vect/bb-slp-pr101615-2.c -flto -ffat-lto-objects execution test
FAIL: gcc.target/i386/avx-pr102224.c execution test
FAIL: gcc.target/i386/avx512f-pr101471.c (test for excess errors)
FAIL: gcc.target/i386/avx512f-pr101471.c execution test
FAIL: gcc.target/i386/pr102498.c execution test
FAIL: gcc.target/i386/pr102627.c execution test
FAIL: gcc.target/i386/pr104971.c execution test
FAIL: gcc.target/i386/pr105000-1.c (test for excess errors)
FAIL: gcc.target/i386/pr105000-2.c (test for excess errors)
FAIL: gcc.target/i386/pr105000-3.c (test for excess errors)
FAIL: gcc.target/i386/pr99754-1.c execution test
FAIL: gcc.target/i386/pr99754-2.c execution test
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [OE-core] [kirkstone 00/26] Patch review
2022-06-20 3:09 ` Sundeep KOKKONDA
@ 2022-06-27 12:12 ` Randy MacLeod
0 siblings, 0 replies; 39+ messages in thread
From: Randy MacLeod @ 2022-06-27 12:12 UTC (permalink / raw)
To: Sundeep KOKKONDA, openembedded-core, steve@sakoman.com
[-- Attachment #1: Type: text/plain, Size: 4204 bytes --]
On 2022-06-19 23:09, Sundeep KOKKONDA wrote:
> Hello Randy,
>
> On 16-06-2022 19:49, Randy MacLeod wrote:
>> On 2022-06-15 22:19, Sundeep KOKKONDA wrote:
>>> Hello,
>>>
>>> GCC regression test performed on /Kirkstone/ with gcc-11.3 &
>>> gcc-11.2. The results are *NOT* identical. Below is test summary.
>>>
>>> *gcc-11.3:*
>>> / === gcc Summary ===/
>>> /# of expected passes 126552/
>>> /# of unexpected failures 24295/
>>> /# of unexpected successes 77/
>>> /# of expected failures 782/
>>> /# of unresolved testcases 10/
>>> /# of unsupported tests 2760/
>>> //home/bft1/skokkonda/kirkstone/poky/build/sdk/sysroots/x86_64-pokysdk-linux/usr/bin/x86_64-poky-linux/x86_64-poky-linux-gcc
>>> version 11.3.0 (GCC)/
>>>
>>> *gcc-11.2:*
>>> / === gcc Summary ===/
>>> /# of expected passes 125933/
>>> /# of unexpected failures 24215/
>>> /# of unexpected successes 76/
>>> /# of expected failures 773/
>>> /# of unresolved testcases 10/
>>> /# of unsupported tests 2779/
>>> //home/bft1/skokkonda/kirkstone-gcc-11.2/poky/build/sdk/sysroots/x86_64-pokysdk-linux/usr/bin/x86_64-poky-linux/x86_64-poky-linux-gcc
>>> version 11.2.0 (GCC)
>>>
>>>
>>> /
>>
>> /11.3: # of expected passes 126552/
>> //11.2: # of expected passes 125933//
>>
>> So >= 619 additional tests were added and they mostly pass (as you'd
>> expect).
>> That's good news.
>>
>>
>> /11.3: # of unexpected failures 24295/
>> /11.2: # of unexpected failures 24215/
>> /
>> /
>> /So 80 additional unexpected failures - can you summarize what these
>> failures are?
>> /
> There are 83 tests failed with GCC-11.3 and out of them most of the
> failed cases (75 tests) are /execution /tests and the remaining are
> /test for excess errors/ (Tests with excess messages output to
> stderr). The Failed tests list is attached.
>> /Were any of them fixed after the 11.3 tag?
>> /
> Does it mean, do you want me to test on 11.4 and compare?
When it's out, yes certainly, but until then can you take a brief look at:
$ git log --oneline releases/gcc-11.3.0...
and the actual code changes and tell us if any of the
failed tests are issues that others have fixed.
Do you have the test pass/fail/skip/... numbers for 11.2 ?
If so, please compare the 11.3 numbers to them.
>> /
>> Are they related to one part of the toolchain or spread across
>> various features?
>> Are they reproducible when buiding outside of bitbake?/
> The test failures are from gcc.dg/torture, gcc.c-torture & gcc.target
> <https://urldefense.com/v3/__http://gcc.target__;!!AjveYdw8EvQ!b_lsS40IeXan8BPrk7uRlgocKqibMQVnhzcDoWw4Y4cAWykDtRGiBACxR9Ii9jcUyww-mrPYHPd2Vn-dS0pMqj_bvdyA_Xop$>
> testsuites.
Ok, that sounds like the parts of a test suite that might fail!
../Randy
>> /
>> /
>> /The other differences are less significant.
>> If you post similar data in future emails, please do the math for
>> people!
>> /
>> /
>> /
>> //
>>> gcc-11.3 & gcc-11.2 test summaries are attached.
>>
>> I didn't look at these yet but thanks for providing them.
>>
>> Since we're not seeing any runtime regression in our Yocto
>> test suite, I suspect that we shouldn't panic but should instead
>> just work to understand, fix, upstream and monitor for future
>> regressions.
>>
>> ../Randy
>>
>>>
>>>
>>> --
>>> Thanks,
>>> Sundeep K.
>>>
>>> -=-=-=-=-=-=-=-=-=-=-=-
>>> Links: You receive all messages sent to this group.
>>> View/Reply Online (#166997):https://lists.openembedded.org/g/openembedded-core/message/166997
>>> Mute This Topic:https://lists.openembedded.org/mt/91503792/3616765
>>> Group Owner:openembedded-core+owner@lists.openembedded.org
>>> Unsubscribe:https://lists.openembedded.org/g/openembedded-core/unsub [randy.macleod@windriver.com]
>>> -=-=-=-=-=-=-=-=-=-=-=-
>>>
>>
>> --
>> # Randy MacLeod
>> # Wind River Linux
>
>
--
# Randy MacLeod
# Wind River Linux
[-- Attachment #2: Type: text/html, Size: 9724 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 00/26] Patch review
@ 2022-08-19 2:42 Steve Sakoman
0 siblings, 0 replies; 39+ messages in thread
From: Steve Sakoman @ 2022-08-19 2:42 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by end
of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4106
The following changes since commit 2cafa6ed5f0aa9df5a120b6353755d56c7c7800d:
build-appliance-image: Update to kirkstone head revision (2022-08-10 14:59:51 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (3):
devtool/upgrade: correctly clean up when recipe filename isn't yet
known
devtool/upgrade: catch bb.fetch2.decodeurl errors
scripts/oe-setup-builddir: make it known where configurations come
from
Bruce Ashfield (3):
lttng-modules: fix 5.19+ build
lttng-modules: fix build against mips and v5.19 kernel
lttng-modules: replace mips compaction fix with upstream change
Hitendra Prajapati (3):
gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow
gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify
zlib: CVE-2022-37434 a heap-based buffer over-read
Jose Quaresma (2):
archiver.bbclass: remove unsed do_deploy_archives[dirs]
create-spdx: ignore packing control files from ipk and deb
Mark Hatle (1):
runqemu: Add missing space on default display option
Martin Beeger (1):
cmake: remove CMAKE_ASM_FLAGS variable in toolchain file
Mihai Lindner (1):
create-spdx: Fix supplier field
Mikko Rapeli (1):
boost: fix install of fiber shared libraries
Paul Eggleton (1):
relocate_sdk.py: ensure interpreter size error causes relocation to
fail
Randy MacLeod (1):
vim: update from 9.0.0063 to 9.0.0115
Richard Purdie (2):
nativesdk: Clear TUNE_FEATURES
selftest/wic: Tweak test case to not depend on kernel size
Roland Hieber (1):
devtool: error out when workspace is using old override syntax
Sakib Sajal (6):
qemu: fix CVE-2021-3507
qemu: fix CVE-2021-3929
qemu: fix CVE-2021-4158
qemu: fix CVE-2022-0358
qemu: fix CVE-2022-0216
u-boot: fix CVE-2022-33103
meta/classes/archiver.bbclass | 1 -
meta/classes/create-spdx.bbclass | 7 +-
meta/classes/nativesdk.bbclass | 1 +
meta/lib/oe/spdx.py | 2 +-
meta/lib/oeqa/selftest/cases/wic.py | 2 +-
..._read-Prevent-arbitrary-code-executi.patch | 80 +++++
meta/recipes-bsp/u-boot/u-boot_2022.01.bb | 1 +
.../zlib/zlib/CVE-2022-37434.patch | 44 +++
meta/recipes-core/zlib/zlib_1.2.11.bb | 1 +
.../cmake/cmake/OEToolchainConfig.cmake | 1 -
meta/recipes-devtools/qemu/qemu.inc | 7 +
.../qemu/qemu/CVE-2021-3507_1.patch | 92 ++++++
.../qemu/qemu/CVE-2021-3507_2.patch | 115 +++++++
.../qemu/qemu/CVE-2021-3929.patch | 70 +++++
.../qemu/qemu/CVE-2021-4158.patch | 46 +++
.../qemu/qemu/CVE-2022-0216_1.patch | 42 +++
.../qemu/qemu/CVE-2022-0216_2.patch | 52 ++++
.../qemu/qemu/CVE-2022-0358.patch | 106 +++++++
.../gdk-pixbuf/CVE-2021-46829.patch | 61 ++++
.../gdk-pixbuf/gdk-pixbuf_2.42.6.bb | 1 +
.../lttng-modules/0001-fix-compaction.patch | 68 +++++
...c-fix-tracepoint-mm_page_alloc_zone_.patch | 106 +++++++
...ags-parameter-from-aops-write_begin-.patch | 76 +++++
...Fix-type-of-cpu-in-trace-event-v5.19.patch | 124 ++++++++
.../lttng/lttng-modules_2.13.4.bb | 4 +
...ll-targets-if-there-s-build-no-in-ur.patch | 82 +++++
meta/recipes-support/boost/boost_1.78.0.bb | 1 +
.../gnutls/gnutls/CVE-2022-2509.patch | 282 ++++++++++++++++++
meta/recipes-support/gnutls/gnutls_3.7.4.bb | 1 +
.../vim/files/crosscompile.patch | 51 ----
meta/recipes-support/vim/files/racefix.patch | 37 ---
meta/recipes-support/vim/vim.inc | 6 +-
scripts/devtool | 10 +-
scripts/lib/devtool/upgrade.py | 33 +-
scripts/oe-setup-builddir | 12 +-
scripts/relocate_sdk.py | 10 +-
scripts/runqemu | 2 +-
37 files changed, 1511 insertions(+), 126 deletions(-)
create mode 100644 meta/recipes-bsp/u-boot/files/0001-fs-squashfs-sqfs_read-Prevent-arbitrary-code-executi.patch
create mode 100644 meta/recipes-core/zlib/zlib/CVE-2022-37434.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3507_1.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3507_2.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3929.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-4158.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-0216_1.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-0216_2.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-0358.patch
create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-46829.patch
create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch
create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch
create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch
create mode 100644 meta/recipes-support/boost/boost/0001-Don-t-skip-install-targets-if-there-s-build-no-in-ur.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch
delete mode 100644 meta/recipes-support/vim/files/crosscompile.patch
delete mode 100644 meta/recipes-support/vim/files/racefix.patch
--
2.25.1
^ permalink raw reply [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 00/26] Patch review
@ 2026-01-20 13:37 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 01/26] util-linux: patch CVE-2025-14104 Yoann Congal
` (26 more replies)
0 siblings, 27 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, January 22.
This is the last patch review request for kirkstone 4.0.33 before it is
built on monday: In addition to normal CVE fixes:
* pseudo upgrade to fix 16117 – AB-INT: do_package: Error executing a python function in exec_func_python() autogenerated
https://bugzilla.yoctoproject.org/show_bug.cgi?id=16117
* A oeqa fix for 16137 – AB-INT: core-image-sato.bb:do_testsdk fails on ftpmirror.gnu.org returning 502 Bad Gateway
https://bugzilla.yoctoproject.org/show_bug.cgi?id=16137
Passed (with rebuild) a-full on autobuilder:
* https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3090
* via poky-contrib stable/kirkstone-nut :
* OE-core tip is at https://git.yoctoproject.org/poky-contrib/commit/?h=stable/kirkstone-nut&id=08f446ecb3d3b78daaf8e5b90dec1bff6cb1d5d8
* meta-mingw failed https://autobuilder.yoctoproject.org/valkyrie/?#/builders/7/builds/3115
* Bug is: #16145 – [kirkstone] AB-INT: mingw-sdktest fail with "wine %CC" returning 1
* then, with the same commits, meta-mingw was successfully rebuilt https://autobuilder.yoctoproject.org/valkyrie/?#/builders/7/builds/3119
The following changes since commit 0057fc49725db8637656fac10631d8f89799bad3:
go: Fix CVE-2025-61729 (2025-12-29 08:48:27 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
for you to fetch changes up to 20ff1a4ac744855b54952d7fad7424696500a230:
oeqa: Use 2.14 release of cpio instead of 2.13 (2026-01-19 23:44:02 +0100)
----------------------------------------------------------------
Hitendra Prajapati (1):
python3: fix CVE-2025-13836
Khem Raj (1):
oeqa: Use 2.14 release of cpio instead of 2.13
Paul Barker (1):
pseudo: Add hard sstate dependencies for pseudo-native
Peter Marko (17):
util-linux: patch CVE-2025-14104
glib-2.0: patch CVE-2025-13601
glib-2.0: patch CVE-2025-14087
glib-2.0: patch CVE-2025-14512
qemu: ignore CVE-2025-54566 and CVE-2025-54567
cups: patch CVE-2025-58436
cups: patch CVE-2025-61915
cups: allow unknown directives in conf files
dropbear: patch CVE-2019-6111
python3-urllib3: patch CVE-2025-66418
libpcap: patch CVE-2025-11961
libpcap: patch CVE-2025-11964
libarchive: fix CVE-2025-60753 regression
curl: patch CVE-2025-14017
curl: patch CVE-2025-15079
curl: patch CVE-2025-15224
gnupg: patch CVE-2025-68973
Richard Purdie (4):
pseudo: Upgrade to version 1.9.1
pseudo: Update to pull in memleak fix
pseudo: Update to pull in openat2 and efault return code changes
pseudo: Update to pull in 'makewrappers: Fix EFAULT implementation'
Robert Yang (1):
pseudo: 1.9.0 -> 1.9.2
Vijay Anusuri (1):
binutils: Fix CVE-2025-1181
meta/lib/oeqa/runtime/cases/buildcpio.py | 2 +-
meta/lib/oeqa/sdk/cases/buildcpio.py | 4 +-
meta/lib/oeqa/selftest/cases/meta_ide.py | 2 +-
.../libpcap/libpcap/CVE-2025-11961-01.patch | 38 ++
.../libpcap/libpcap/CVE-2025-11961-02.patch | 433 ++++++++++++
.../libpcap/libpcap/CVE-2025-11964.patch | 33 +
.../libpcap/libpcap_1.10.1.bb | 3 +
meta/recipes-core/dropbear/dropbear.inc | 1 +
.../dropbear/dropbear/CVE-2019-6111.patch | 157 +++++
.../glib-2.0/glib-2.0/CVE-2025-13601-01.patch | 125 ++++
.../glib-2.0/glib-2.0/CVE-2025-13601-02.patch | 128 ++++
.../glib-2.0/glib-2.0/CVE-2025-14087-01.patch | 69 ++
.../glib-2.0/glib-2.0/CVE-2025-14087-02.patch | 240 +++++++
.../glib-2.0/glib-2.0/CVE-2025-14087-03.patch | 150 +++++
.../glib-2.0/glib-2.0/CVE-2025-14512.patch | 70 ++
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 6 +
meta/recipes-core/util-linux/util-linux.inc | 2 +
.../util-linux/CVE-2025-14104-01.patch | 33 +
.../util-linux/CVE-2025-14104-02.patch | 28 +
.../binutils/binutils-2.38.inc | 2 +
.../binutils/binutils/CVE-2025-1181-pre.patch | 149 +++++
.../binutils/binutils/CVE-2025-1181.patch | 342 ++++++++++
.../0001-configure-Prune-PIE-flags.patch | 44 --
.../pseudo/files/glibc238.patch | 65 --
.../pseudo/files/older-glibc-symbols.patch | 4 +-
meta/recipes-devtools/pseudo/pseudo.inc | 7 +
meta/recipes-devtools/pseudo/pseudo_git.bb | 6 +-
.../python3-urllib3/CVE-2025-66418.patch | 70 ++
.../python/python3-urllib3_1.26.20.bb | 1 +
.../python/python3/CVE-2025-13836.patch | 163 +++++
.../python/python3_3.10.19.bb | 1 +
meta/recipes-devtools/qemu/qemu.inc | 3 +
meta/recipes-extended/cups/cups.inc | 3 +
...pping-scheduler-on-unknown-directive.patch | 43 ++
.../cups/cups/CVE-2025-58436.patch | 630 ++++++++++++++++++
.../cups/cups/CVE-2025-61915.patch | 487 ++++++++++++++
...25-60753.patch => CVE-2025-60753-01.patch} | 0
.../libarchive/CVE-2025-60753-02.patch | 46 ++
.../libarchive/libarchive_3.6.2.bb | 3 +-
.../curl/curl/CVE-2025-14017.patch | 115 ++++
.../curl/curl/CVE-2025-15079.patch | 32 +
.../curl/curl/CVE-2025-15224.patch | 31 +
meta/recipes-support/curl/curl_7.82.0.bb | 3 +
.../gnupg/gnupg/CVE-2025-68973.patch | 108 +++
meta/recipes-support/gnupg/gnupg_2.3.7.bb | 1 +
45 files changed, 3763 insertions(+), 120 deletions(-)
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-01.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-02.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-01.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-02.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-03.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14512.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch
delete mode 100644 meta/recipes-devtools/pseudo/files/0001-configure-Prune-PIE-flags.patch
delete mode 100644 meta/recipes-devtools/pseudo/files/glibc238.patch
create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13836.patch
create mode 100644 meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch
create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-58436.patch
create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-61915.patch
rename meta/recipes-extended/libarchive/libarchive/{CVE-2025-60753.patch => CVE-2025-60753-01.patch} (100%)
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14017.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15079.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15224.patch
create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch
^ permalink raw reply [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 01/26] util-linux: patch CVE-2025-14104
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 02/26] glib-2.0: patch CVE-2025-13601 Yoann Congal
` (25 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patches per [1].
[1] https://security-tracker.debian.org/tracker/CVE-2025-14104
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-core/util-linux/util-linux.inc | 2 ++
.../util-linux/CVE-2025-14104-01.patch | 33 +++++++++++++++++++
.../util-linux/CVE-2025-14104-02.patch | 28 ++++++++++++++++
3 files changed, 63 insertions(+)
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch
diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index c62c6d70c3..a8b505a122 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -42,6 +42,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
file://CVE-2024-28085-0004.patch \
file://CVE-2024-28085-0005.patch \
file://fstab-isolation.patch \
+ file://CVE-2025-14104-01.patch \
+ file://CVE-2025-14104-02.patch \
"
SRC_URI[sha256sum] = "634e6916ad913366c3536b6468e7844769549b99a7b2bf80314de78ab5655b83"
diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch b/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch
new file mode 100644
index 0000000000..23677345c9
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch
@@ -0,0 +1,33 @@
+From aaa9e718c88d6916b003da7ebcfe38a3c88df8e6 Mon Sep 17 00:00:00 2001
+From: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
+Date: Sat, 24 May 2025 03:16:09 +0100
+Subject: [PATCH] Update setpwnam.c
+
+CVE: CVE-2025-14104
+Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/aaa9e718c88d6916b003da7ebcfe38a3c88df8e6]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ login-utils/setpwnam.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c
+index 3e3c1abde..95e470b5a 100644
+--- a/login-utils/setpwnam.c
++++ b/login-utils/setpwnam.c
+@@ -126,10 +126,12 @@ int setpwnam(struct passwd *pwd, const char *prefix)
+ }
+
+ /* Is this the username we were sent to change? */
+- if (!found && linebuf[namelen] == ':' &&
+- !strncmp(linebuf, pwd->pw_name, namelen)) {
+- /* Yes! So go forth in the name of the Lord and
+- * change it! */
++ if (!found &&
++ strncmp(linebuf, pwd->pw_name, namelen) == 0 &&
++ strlen(linebuf) > namelen &&
++ linebuf[namelen] == ':') {
++ /* Yes! But this time let’s not walk past the end of the buffer
++ * in the name of the Lord, SUID, or anything else. */
+ if (putpwent(pwd, fp) < 0)
+ goto fail;
+ found = 1;
diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch b/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch
new file mode 100644
index 0000000000..9d21db2743
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch
@@ -0,0 +1,28 @@
+From 9a36d77012c4c771f8d51eba46b6e62c29bf572a Mon Sep 17 00:00:00 2001
+From: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
+Date: Mon, 26 May 2025 10:06:02 +0100
+Subject: [PATCH] Update bufflen
+
+Update buflen
+
+CVE: CVE-2025-14104
+Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/9a36d77012c4c771f8d51eba46b6e62c29bf572a]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ login-utils/setpwnam.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c
+index 95e470b5a..7778e98f7 100644
+--- a/login-utils/setpwnam.c
++++ b/login-utils/setpwnam.c
+@@ -99,7 +99,8 @@ int setpwnam(struct passwd *pwd, const char *prefix)
+ goto fail;
+
+ namelen = strlen(pwd->pw_name);
+-
++ if (namelen > buflen)
++ buflen += namelen;
+ linebuf = malloc(buflen);
+ if (!linebuf)
+ goto fail;
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 02/26] glib-2.0: patch CVE-2025-13601
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 01/26] util-linux: patch CVE-2025-14104 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 03/26] glib-2.0: patch CVE-2025-14087 Yoann Congal
` (24 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commits from [1] per [2].
[1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-13601
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../glib-2.0/glib-2.0/CVE-2025-13601-01.patch | 125 +++++++++++++++++
.../glib-2.0/glib-2.0/CVE-2025-13601-02.patch | 128 ++++++++++++++++++
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 2 +
3 files changed, 255 insertions(+)
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-01.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-02.patch
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-01.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-01.patch
new file mode 100644
index 0000000000..7046d2405e
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-01.patch
@@ -0,0 +1,125 @@
+From f28340ee62c655487972ad3c632d231ee098fb7f Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Thu, 13 Nov 2025 18:27:22 +0000
+Subject: [PATCH] gconvert: Error out if g_escape_uri_string() would overflow
+
+If the string to escape contains a very large number of unacceptable
+characters (which would need escaping), the calculation of the length of
+the escaped string could overflow, leading to a potential write off the
+end of the newly allocated string.
+
+In addition to that, the number of unacceptable characters was counted
+in a signed integer, which would overflow to become negative, making it
+easier for an attacker to craft an input string which would cause an
+out-of-bounds write.
+
+Fix that by validating the allocation length, and using an unsigned
+integer to count the number of unacceptable characters.
+
+Spotted by treeplus. Thanks to the Sovereign Tech Resilience programme
+from the Sovereign Tech Agency. ID: #YWH-PGM9867-134
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+Fixes: #3827
+
+CVE: CVE-2025-13601
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/f28340ee62c655487972ad3c632d231ee098fb7f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gconvert.c | 36 +++++++++++++++++++++++++-----------
+ 1 file changed, 25 insertions(+), 11 deletions(-)
+
+diff --git a/glib/gconvert.c b/glib/gconvert.c
+index b066dd5a8..a02d2ea73 100644
+--- a/glib/gconvert.c
++++ b/glib/gconvert.c
+@@ -1425,8 +1425,9 @@ static const gchar hex[] = "0123456789ABCDEF";
+ /* Note: This escape function works on file: URIs, but if you want to
+ * escape something else, please read RFC-2396 */
+ static gchar *
+-g_escape_uri_string (const gchar *string,
+- UnsafeCharacterSet mask)
++g_escape_uri_string (const gchar *string,
++ UnsafeCharacterSet mask,
++ GError **error)
+ {
+ #define ACCEPTABLE(a) ((a)>=32 && (a)<128 && (acceptable[(a)-32] & use_mask))
+
+@@ -1434,7 +1435,7 @@ g_escape_uri_string (const gchar *string,
+ gchar *q;
+ gchar *result;
+ int c;
+- gint unacceptable;
++ size_t unacceptable;
+ UnsafeCharacterSet use_mask;
+
+ g_return_val_if_fail (mask == UNSAFE_ALL
+@@ -1451,7 +1452,14 @@ g_escape_uri_string (const gchar *string,
+ if (!ACCEPTABLE (c))
+ unacceptable++;
+ }
+-
++
++ if (unacceptable >= (G_MAXSIZE - (p - string)) / 2)
++ {
++ g_set_error_literal (error, G_CONVERT_ERROR, G_CONVERT_ERROR_BAD_URI,
++ _("The URI is too long"));
++ return NULL;
++ }
++
+ result = g_malloc (p - string + unacceptable * 2 + 1);
+
+ use_mask = mask;
+@@ -1476,12 +1484,13 @@ g_escape_uri_string (const gchar *string,
+
+
+ static gchar *
+-g_escape_file_uri (const gchar *hostname,
+- const gchar *pathname)
++g_escape_file_uri (const gchar *hostname,
++ const gchar *pathname,
++ GError **error)
+ {
+ char *escaped_hostname = NULL;
+- char *escaped_path;
+- char *res;
++ char *escaped_path = NULL;
++ char *res = NULL;
+
+ #ifdef G_OS_WIN32
+ char *p, *backslash;
+@@ -1502,10 +1511,14 @@ g_escape_file_uri (const gchar *hostname,
+
+ if (hostname && *hostname != '\0')
+ {
+- escaped_hostname = g_escape_uri_string (hostname, UNSAFE_HOST);
++ escaped_hostname = g_escape_uri_string (hostname, UNSAFE_HOST, error);
++ if (escaped_hostname == NULL)
++ goto out;
+ }
+
+- escaped_path = g_escape_uri_string (pathname, UNSAFE_PATH);
++ escaped_path = g_escape_uri_string (pathname, UNSAFE_PATH, error);
++ if (escaped_path == NULL)
++ goto out;
+
+ res = g_strconcat ("file://",
+ (escaped_hostname) ? escaped_hostname : "",
+@@ -1513,6 +1526,7 @@ g_escape_file_uri (const gchar *hostname,
+ escaped_path,
+ NULL);
+
++out:
+ #ifdef G_OS_WIN32
+ g_free ((char *) pathname);
+ #endif
+@@ -1832,7 +1846,7 @@ g_filename_to_uri (const gchar *filename,
+ hostname = NULL;
+ #endif
+
+- escaped_uri = g_escape_file_uri (hostname, filename);
++ escaped_uri = g_escape_file_uri (hostname, filename, error);
+
+ return escaped_uri;
+ }
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-02.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-02.patch
new file mode 100644
index 0000000000..4be8d0d947
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-02.patch
@@ -0,0 +1,128 @@
+From 7bd3fc372040cdf8eada7f65c32c30da52a7461d Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Thu, 13 Nov 2025 18:31:43 +0000
+Subject: [PATCH] fuzzing: Add fuzz tests for g_filename_{to,from}_uri()
+
+These functions could be called on untrusted input data, and since they
+do URI escaping/unescaping, they have non-trivial string handling code.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+See: #3827
+
+CVE: CVE-2025-13601
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/7bd3fc372040cdf8eada7f65c32c30da52a7461d]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ fuzzing/fuzz_filename_from_uri.c | 40 ++++++++++++++++++++++++++++++++
+ fuzzing/fuzz_filename_to_uri.c | 40 ++++++++++++++++++++++++++++++++
+ fuzzing/meson.build | 2 ++
+ 3 files changed, 82 insertions(+)
+ create mode 100644 fuzzing/fuzz_filename_from_uri.c
+ create mode 100644 fuzzing/fuzz_filename_to_uri.c
+
+diff --git a/fuzzing/fuzz_filename_from_uri.c b/fuzzing/fuzz_filename_from_uri.c
+new file mode 100644
+index 000000000..9b7a715f0
+--- /dev/null
++++ b/fuzzing/fuzz_filename_from_uri.c
+@@ -0,0 +1,40 @@
++/*
++ * Copyright 2025 GNOME Foundation, Inc.
++ *
++ * SPDX-License-Identifier: LGPL-2.1-or-later
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include "fuzz.h"
++
++int
++LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
++{
++ unsigned char *nul_terminated_data = NULL;
++ char *filename = NULL;
++ GError *local_error = NULL;
++
++ fuzz_set_logging_func ();
++
++ /* ignore @size (g_filename_from_uri() doesn’t support it); ensure @data is nul-terminated */
++ nul_terminated_data = (unsigned char *) g_strndup ((const char *) data, size);
++ filename = g_filename_from_uri ((const char *) nul_terminated_data, NULL, &local_error);
++ g_free (nul_terminated_data);
++
++ g_free (filename);
++ g_clear_error (&local_error);
++
++ return 0;
++}
+diff --git a/fuzzing/fuzz_filename_to_uri.c b/fuzzing/fuzz_filename_to_uri.c
+new file mode 100644
+index 000000000..acb319203
+--- /dev/null
++++ b/fuzzing/fuzz_filename_to_uri.c
+@@ -0,0 +1,40 @@
++/*
++ * Copyright 2025 GNOME Foundation, Inc.
++ *
++ * SPDX-License-Identifier: LGPL-2.1-or-later
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include "fuzz.h"
++
++int
++LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
++{
++ unsigned char *nul_terminated_data = NULL;
++ char *uri = NULL;
++ GError *local_error = NULL;
++
++ fuzz_set_logging_func ();
++
++ /* ignore @size (g_filename_to_uri() doesn’t support it); ensure @data is nul-terminated */
++ nul_terminated_data = (unsigned char *) g_strndup ((const char *) data, size);
++ uri = g_filename_to_uri ((const char *) nul_terminated_data, NULL, &local_error);
++ g_free (nul_terminated_data);
++
++ g_free (uri);
++ g_clear_error (&local_error);
++
++ return 0;
++}
+diff --git a/fuzzing/meson.build b/fuzzing/meson.build
+index addbe9071..05f936eeb 100644
+--- a/fuzzing/meson.build
++++ b/fuzzing/meson.build
+@@ -4,6 +4,8 @@ fuzz_targets = [
+ 'fuzz_date_parse',
+ 'fuzz_date_time_new_from_iso8601',
+ 'fuzz_dbus_message',
++ 'fuzz_filename_from_uri',
++ 'fuzz_filename_to_uri',
+ 'fuzz_inet_address_mask_new_from_string',
+ 'fuzz_inet_address_new_from_string',
+ 'fuzz_inet_socket_address_new_from_string',
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
index 7ba52b5c79..1c4c21614a 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
@@ -64,6 +64,8 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
file://CVE-2025-4373-02.patch \
file://CVE-2025-7039-01.patch \
file://CVE-2025-7039-02.patch \
+ file://CVE-2025-13601-01.patch \
+ file://CVE-2025-13601-02.patch \
"
SRC_URI:append:class-native = " file://relocate-modules.patch"
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 03/26] glib-2.0: patch CVE-2025-14087
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 01/26] util-linux: patch CVE-2025-14104 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 02/26] glib-2.0: patch CVE-2025-13601 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 04/26] glib-2.0: patch CVE-2025-14512 Yoann Congal
` (23 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick commits from [1] linked from [2].
[1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4933
[2] https://gitlab.gnome.org/GNOME/glib/-/issues/3834
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../glib-2.0/glib-2.0/CVE-2025-14087-01.patch | 69 +++++
.../glib-2.0/glib-2.0/CVE-2025-14087-02.patch | 240 ++++++++++++++++++
.../glib-2.0/glib-2.0/CVE-2025-14087-03.patch | 150 +++++++++++
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 3 +
4 files changed, 462 insertions(+)
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-01.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-02.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-03.patch
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-01.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-01.patch
new file mode 100644
index 0000000000..ec7b1fecaa
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-01.patch
@@ -0,0 +1,69 @@
+From 31f82e22e21bae520b7228f7f57d357fb20df8a4 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Tue, 25 Nov 2025 19:02:56 +0000
+Subject: [PATCH] gvariant-parser: Fix potential integer overflow parsing
+ (byte)strings
+
+The termination condition for parsing string and bytestring literals in
+GVariant text format input was subject to an integer overflow for input
+string (or bytestring) literals longer than `INT_MAX`.
+
+Fix that by counting as a `size_t` rather than as an `int`. The counter
+can never correctly be negative.
+
+Spotted by treeplus. Thanks to the Sovereign Tech Resilience programme
+from the Sovereign Tech Agency. ID: #YWH-PGM9867-145
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+Fixes: #3834
+
+CVE: CVE-2025-14087
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/31f82e22e21bae520b7228f7f57d357fb20df8a4]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gvariant-parser.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/glib/gvariant-parser.c b/glib/gvariant-parser.c
+index 2f1d3db9f..2d6e9856f 100644
+--- a/glib/gvariant-parser.c
++++ b/glib/gvariant-parser.c
+@@ -594,7 +594,7 @@ ast_resolve (AST *ast,
+ {
+ GVariant *value;
+ gchar *pattern;
+- gint i, j = 0;
++ size_t i, j = 0;
+
+ pattern = ast_get_pattern (ast, error);
+
+@@ -1555,9 +1555,9 @@ string_free (AST *ast)
+ * No leading/trailing space allowed. */
+ static gboolean
+ unicode_unescape (const gchar *src,
+- gint *src_ofs,
++ size_t *src_ofs,
+ gchar *dest,
+- gint *dest_ofs,
++ size_t *dest_ofs,
+ gsize length,
+ SourceRef *ref,
+ GError **error)
+@@ -1618,7 +1618,7 @@ string_parse (TokenStream *stream,
+ gsize length;
+ gchar quote;
+ gchar *str;
+- gint i, j;
++ size_t i, j;
+
+ token_stream_start_ref (stream, &ref);
+ token = token_stream_get (stream);
+@@ -1748,7 +1748,7 @@ bytestring_parse (TokenStream *stream,
+ gsize length;
+ gchar quote;
+ gchar *str;
+- gint i, j;
++ size_t i, j;
+
+ token_stream_start_ref (stream, &ref);
+ token = token_stream_get (stream);
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-02.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-02.patch
new file mode 100644
index 0000000000..595f9c1b93
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-02.patch
@@ -0,0 +1,240 @@
+From ac9de0871281cf734f6e269988f90a2521582a08 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Tue, 25 Nov 2025 19:19:16 +0000
+Subject: [PATCH] gvariant-parser: Use size_t to count numbers of child
+ elements
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Rather than using `gint`, which could overflow for arrays (or dicts, or
+tuples) longer than `INT_MAX`. There may be other limits which prevent
+parsed containers becoming that long, but we might as well make the type
+system reflect the programmer’s intention as best it can anyway.
+
+For arrays and tuples this is straightforward. For dictionaries, it’s
+slightly complicated by the fact that the code used
+`dict->n_children == -1` to indicate that the `Dictionary` struct in
+question actually represented a single freestanding dict entry. In
+GVariant text format, that would be `{1, "one"}`.
+
+The implementation previously didn’t define the semantics of
+`dict->n_children < -1`.
+
+Now, instead, change `Dictionary.n_children` to `size_t`, and define a
+magic value `DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY` to indicate that
+the `Dictionary` represents a single freestanding dict entry.
+
+This magic value is `SIZE_MAX`, and given that a dictionary entry takes
+more than one byte to represent in GVariant text format, that means it’s
+not possible to have that many entries in a parsed dictionary, so this
+magic value won’t be hit by a normal dictionary. An assertion checks
+this anyway.
+
+Spotted while working on #3834.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+CVE: CVE-2025-14087
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ac9de0871281cf734f6e269988f90a2521582a08]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gvariant-parser.c | 58 ++++++++++++++++++++++++------------------
+ 1 file changed, 33 insertions(+), 25 deletions(-)
+
+diff --git a/glib/gvariant-parser.c b/glib/gvariant-parser.c
+index 2d6e9856f..519baa3f3 100644
+--- a/glib/gvariant-parser.c
++++ b/glib/gvariant-parser.c
+@@ -647,9 +647,9 @@ static AST *parse (TokenStream *stream,
+ GError **error);
+
+ static void
+-ast_array_append (AST ***array,
+- gint *n_items,
+- AST *ast)
++ast_array_append (AST ***array,
++ size_t *n_items,
++ AST *ast)
+ {
+ if ((*n_items & (*n_items - 1)) == 0)
+ *array = g_renew (AST *, *array, *n_items ? 2 ** n_items : 1);
+@@ -658,10 +658,10 @@ ast_array_append (AST ***array,
+ }
+
+ static void
+-ast_array_free (AST **array,
+- gint n_items)
++ast_array_free (AST **array,
++ size_t n_items)
+ {
+- gint i;
++ size_t i;
+
+ for (i = 0; i < n_items; i++)
+ ast_free (array[i]);
+@@ -670,11 +670,11 @@ ast_array_free (AST **array,
+
+ static gchar *
+ ast_array_get_pattern (AST **array,
+- gint n_items,
++ size_t n_items,
+ GError **error)
+ {
+ gchar *pattern;
+- gint i;
++ size_t i;
+
+ /* Find the pattern which applies to all children in the array, by l-folding a
+ * coalesce operation.
+@@ -706,7 +706,7 @@ ast_array_get_pattern (AST **array,
+ * pair of values.
+ */
+ {
+- int j = 0;
++ size_t j = 0;
+
+ while (TRUE)
+ {
+@@ -891,7 +891,7 @@ typedef struct
+ AST ast;
+
+ AST **children;
+- gint n_children;
++ size_t n_children;
+ } Array;
+
+ static gchar *
+@@ -924,7 +924,7 @@ array_get_value (AST *ast,
+ Array *array = (Array *) ast;
+ const GVariantType *childtype;
+ GVariantBuilder builder;
+- gint i;
++ size_t i;
+
+ if (!g_variant_type_is_array (type))
+ return ast_type_error (ast, type, error);
+@@ -1010,7 +1010,7 @@ typedef struct
+ AST ast;
+
+ AST **children;
+- gint n_children;
++ size_t n_children;
+ } Tuple;
+
+ static gchar *
+@@ -1020,7 +1020,7 @@ tuple_get_pattern (AST *ast,
+ Tuple *tuple = (Tuple *) ast;
+ gchar *result = NULL;
+ gchar **parts;
+- gint i;
++ size_t i;
+
+ parts = g_new (gchar *, tuple->n_children + 4);
+ parts[tuple->n_children + 1] = (gchar *) ")";
+@@ -1050,7 +1050,7 @@ tuple_get_value (AST *ast,
+ Tuple *tuple = (Tuple *) ast;
+ const GVariantType *childtype;
+ GVariantBuilder builder;
+- gint i;
++ size_t i;
+
+ if (!g_variant_type_is_tuple (type))
+ return ast_type_error (ast, type, error);
+@@ -1242,9 +1242,16 @@ typedef struct
+
+ AST **keys;
+ AST **values;
+- gint n_children;
++
++ /* Iff this is DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY then this struct
++ * represents a single freestanding dict entry (`{1, "one"}`) rather than a
++ * full dict. In the freestanding case, @keys and @values have exactly one
++ * member each. */
++ size_t n_children;
+ } Dictionary;
+
++#define DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY ((size_t) -1)
++
+ static gchar *
+ dictionary_get_pattern (AST *ast,
+ GError **error)
+@@ -1259,7 +1266,7 @@ dictionary_get_pattern (AST *ast,
+ return g_strdup ("Ma{**}");
+
+ key_pattern = ast_array_get_pattern (dict->keys,
+- abs (dict->n_children),
++ (dict->n_children == DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY) ? 1 : dict->n_children,
+ error);
+
+ if (key_pattern == NULL)
+@@ -1290,7 +1297,7 @@ dictionary_get_pattern (AST *ast,
+ return NULL;
+
+ result = g_strdup_printf ("M%s{%c%s}",
+- dict->n_children > 0 ? "a" : "",
++ (dict->n_children > 0 && dict->n_children != DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY) ? "a" : "",
+ key_char, value_pattern);
+ g_free (value_pattern);
+
+@@ -1304,7 +1311,7 @@ dictionary_get_value (AST *ast,
+ {
+ Dictionary *dict = (Dictionary *) ast;
+
+- if (dict->n_children == -1)
++ if (dict->n_children == DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY)
+ {
+ const GVariantType *subtype;
+ GVariantBuilder builder;
+@@ -1337,7 +1344,7 @@ dictionary_get_value (AST *ast,
+ {
+ const GVariantType *entry, *key, *val;
+ GVariantBuilder builder;
+- gint i;
++ size_t i;
+
+ if (!g_variant_type_is_subtype_of (type, G_VARIANT_TYPE_DICTIONARY))
+ return ast_type_error (ast, type, error);
+@@ -1378,12 +1385,12 @@ static void
+ dictionary_free (AST *ast)
+ {
+ Dictionary *dict = (Dictionary *) ast;
+- gint n_children;
++ size_t n_children;
+
+- if (dict->n_children > -1)
+- n_children = dict->n_children;
+- else
++ if (dict->n_children == DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY)
+ n_children = 1;
++ else
++ n_children = dict->n_children;
+
+ ast_array_free (dict->keys, n_children);
+ ast_array_free (dict->values, n_children);
+@@ -1401,7 +1408,7 @@ dictionary_parse (TokenStream *stream,
+ maybe_wrapper, dictionary_get_value,
+ dictionary_free
+ };
+- gint n_keys, n_values;
++ size_t n_keys, n_values;
+ gboolean only_one;
+ Dictionary *dict;
+ AST *first;
+@@ -1444,7 +1451,7 @@ dictionary_parse (TokenStream *stream,
+ goto error;
+
+ g_assert (n_keys == 1 && n_values == 1);
+- dict->n_children = -1;
++ dict->n_children = DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY;
+
+ return (AST *) dict;
+ }
+@@ -1477,6 +1484,7 @@ dictionary_parse (TokenStream *stream,
+ }
+
+ g_assert (n_keys == n_values);
++ g_assert (n_keys != DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY);
+ dict->n_children = n_keys;
+
+ return (AST *) dict;
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-03.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-03.patch
new file mode 100644
index 0000000000..4a474f39fc
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-03.patch
@@ -0,0 +1,150 @@
+From acaabfedff42e974334dd5368e6103d2845aaba6 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Tue, 25 Nov 2025 19:25:58 +0000
+Subject: [PATCH] gvariant-parser: Convert error handling code to use size_t
+
+The error handling code allows for printing out the range of input bytes
+related to a parsing error. This was previously done using `gint`, but
+the input could be longer than `INT_MAX`, so it should really be done
+using `size_t`.
+
+Spotted while working on #3834.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+CVE: CVE-2025-14087
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/acaabfedff42e974334dd5368e6103d2845aaba6]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gvariant-parser.c | 36 +++++++++++++++++++++++-------------
+ 1 file changed, 23 insertions(+), 13 deletions(-)
+
+diff --git a/glib/gvariant-parser.c b/glib/gvariant-parser.c
+index 519baa3f3..1b1ddd654 100644
+--- a/glib/gvariant-parser.c
++++ b/glib/gvariant-parser.c
+@@ -88,7 +88,9 @@ g_variant_parser_get_error_quark (void)
+
+ typedef struct
+ {
+- gint start, end;
++ /* Offsets from the start of the input, in bytes. Can be equal when referring
++ * to a point rather than a range. The invariant `end >= start` always holds. */
++ size_t start, end;
+ } SourceRef;
+
+ G_GNUC_PRINTF(5, 0)
+@@ -103,14 +105,16 @@ parser_set_error_va (GError **error,
+ GString *msg = g_string_new (NULL);
+
+ if (location->start == location->end)
+- g_string_append_printf (msg, "%d", location->start);
++ g_string_append_printf (msg, "%" G_GSIZE_FORMAT, location->start);
+ else
+- g_string_append_printf (msg, "%d-%d", location->start, location->end);
++ g_string_append_printf (msg, "%" G_GSIZE_FORMAT "-%" G_GSIZE_FORMAT,
++ location->start, location->end);
+
+ if (other != NULL)
+ {
+ g_assert (other->start != other->end);
+- g_string_append_printf (msg, ",%d-%d", other->start, other->end);
++ g_string_append_printf (msg, ",%" G_GSIZE_FORMAT "-%" G_GSIZE_FORMAT,
++ other->start, other->end);
+ }
+ g_string_append_c (msg, ':');
+
+@@ -137,11 +141,15 @@ parser_set_error (GError **error,
+
+ typedef struct
+ {
++ /* We should always have the following ordering constraint:
++ * start <= this <= stream <= end
++ * Additionally, unless in an error or EOF state, `this < stream`.
++ */
+ const gchar *start;
+ const gchar *stream;
+ const gchar *end;
+
+- const gchar *this;
++ const gchar *this; /* (nullable) */
+ } TokenStream;
+
+
+@@ -172,7 +180,7 @@ token_stream_set_error (TokenStream *stream,
+ static gboolean
+ token_stream_prepare (TokenStream *stream)
+ {
+- gint brackets = 0;
++ gssize brackets = 0;
+ const gchar *end;
+
+ if (stream->this != NULL)
+@@ -402,7 +410,7 @@ static void
+ pattern_copy (gchar **out,
+ const gchar **in)
+ {
+- gint brackets = 0;
++ gssize brackets = 0;
+
+ while (**in == 'a' || **in == 'm' || **in == 'M')
+ *(*out)++ = *(*in)++;
+@@ -2666,7 +2674,7 @@ g_variant_builder_add_parsed (GVariantBuilder *builder,
+ static gboolean
+ parse_num (const gchar *num,
+ const gchar *limit,
+- guint *result)
++ size_t *result)
+ {
+ gchar *endptr;
+ gint64 bignum;
+@@ -2676,10 +2684,12 @@ parse_num (const gchar *num,
+ if (endptr != limit)
+ return FALSE;
+
++ /* The upper bound here is more restrictive than it technically needs to be,
++ * but should be enough for any practical situation: */
+ if (bignum < 0 || bignum > G_MAXINT)
+ return FALSE;
+
+- *result = (guint) bignum;
++ *result = (size_t) bignum;
+
+ return TRUE;
+ }
+@@ -2690,7 +2700,7 @@ add_last_line (GString *err,
+ {
+ const gchar *last_nl;
+ gchar *chomped;
+- gint i;
++ size_t i;
+
+ /* This is an error at the end of input. If we have a file
+ * with newlines, that's probably the empty string after the
+@@ -2835,7 +2845,7 @@ g_variant_parse_error_print_context (GError *error,
+
+ if (dash == NULL || colon < dash)
+ {
+- guint point;
++ size_t point;
+
+ /* we have a single point */
+ if (!parse_num (error->message, colon, &point))
+@@ -2853,7 +2863,7 @@ g_variant_parse_error_print_context (GError *error,
+ /* We have one or two ranges... */
+ if (comma && comma < colon)
+ {
+- guint start1, end1, start2, end2;
++ size_t start1, end1, start2, end2;
+ const gchar *dash2;
+
+ /* Two ranges */
+@@ -2869,7 +2879,7 @@ g_variant_parse_error_print_context (GError *error,
+ }
+ else
+ {
+- guint start, end;
++ size_t start, end;
+
+ /* One range */
+ if (!parse_num (error->message, dash, &start) || !parse_num (dash + 1, colon, &end))
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
index 1c4c21614a..c5704a27bc 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
@@ -66,6 +66,9 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
file://CVE-2025-7039-02.patch \
file://CVE-2025-13601-01.patch \
file://CVE-2025-13601-02.patch \
+ file://CVE-2025-14087-01.patch \
+ file://CVE-2025-14087-02.patch \
+ file://CVE-2025-14087-03.patch \
"
SRC_URI:append:class-native = " file://relocate-modules.patch"
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 04/26] glib-2.0: patch CVE-2025-14512
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (2 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 03/26] glib-2.0: patch CVE-2025-14087 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 05/26] qemu: ignore CVE-2025-54566 and CVE-2025-54567 Yoann Congal
` (22 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch from [1] linked from [2].
[1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4935
[2] https://gitlab.gnome.org/GNOME/glib/-/issues/3845
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../glib-2.0/glib-2.0/CVE-2025-14512.patch | 70 +++++++++++++++++++
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 1 +
2 files changed, 71 insertions(+)
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14512.patch
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14512.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14512.patch
new file mode 100644
index 0000000000..fd3ba765b1
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14512.patch
@@ -0,0 +1,70 @@
+From 1909d8ea9297287f1ff6862968608dcf06e60523 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Thu, 4 Dec 2025 16:37:19 +0000
+Subject: [PATCH] gfileattribute: Fix integer overflow calculating escaping for
+ byte strings
+
+The number of invalid characters in the byte string (characters which
+would have to be percent-encoded) was only stored in an `int`, which
+gave the possibility of a long string largely full of invalid
+characters overflowing this and allowing an attacker-controlled buffer
+size to be allocated.
+
+This could be triggered by an attacker controlled file attribute (of
+type `G_FILE_ATTRIBUTE_TYPE_BYTE_STRING`), such as
+`G_FILE_ATTRIBUTE_THUMBNAIL_PATH` or `G_FILE_ATTRIBUTE_STANDARD_NAME`,
+being read by user code.
+
+Spotted by Codean Labs.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+Fixes: #3845
+
+CVE: CVE-2025-14512
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/1909d8ea9297287f1ff6862968608dcf06e60523]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gio/gfileattribute.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/gio/gfileattribute.c b/gio/gfileattribute.c
+index c6fde60fa..d3083e5bd 100644
+--- a/gio/gfileattribute.c
++++ b/gio/gfileattribute.c
+@@ -20,6 +20,7 @@
+
+ #include "config.h"
+
++#include <stdint.h>
+ #include <string.h>
+
+ #include "gfileattribute.h"
+@@ -271,11 +272,12 @@ valid_char (char c)
+ return c >= 32 && c <= 126 && c != '\\';
+ }
+
++/* Returns NULL on error */
+ static char *
+ escape_byte_string (const char *str)
+ {
+ size_t i, len;
+- int num_invalid;
++ size_t num_invalid;
+ char *escaped_val, *p;
+ unsigned char c;
+ const char hex_digits[] = "0123456789abcdef";
+@@ -293,7 +295,12 @@ escape_byte_string (const char *str)
+ return g_strdup (str);
+ else
+ {
+- escaped_val = g_malloc (len + num_invalid*3 + 1);
++ /* Check for overflow. We want to check the inequality:
++ * !(len + num_invalid * 3 + 1 > SIZE_MAX) */
++ if (num_invalid >= (SIZE_MAX - len) / 3)
++ return NULL;
++
++ escaped_val = g_malloc (len + num_invalid * 3 + 1);
+
+ p = escaped_val;
+ for (i = 0; i < len; i++)
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
index c5704a27bc..50701be3d0 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
@@ -69,6 +69,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
file://CVE-2025-14087-01.patch \
file://CVE-2025-14087-02.patch \
file://CVE-2025-14087-03.patch \
+ file://CVE-2025-14512.patch \
"
SRC_URI:append:class-native = " file://relocate-modules.patch"
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 05/26] qemu: ignore CVE-2025-54566 and CVE-2025-54567
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (3 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 04/26] glib-2.0: patch CVE-2025-14512 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 06/26] cups: patch CVE-2025-58436 Yoann Congal
` (21 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
These CVEs are not applicable to version 6.2.x as the vulnerable code
was introduced inly in 10.0.0.
Debian made the analysis, reuse their work.
* https://security-tracker.debian.org/tracker/CVE-2025-54566
* https://security-tracker.debian.org/tracker/CVE-2025-54567
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/qemu/qemu.inc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 2866cbe7ec..764f0e110a 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -169,6 +169,9 @@ CVE_CHECK_IGNORE += "CVE-2023-1386"
# virtio-snd was implemented in 8.2.0, so version 6.2.0 is not yet affected
CVE_CHECK_IGNORE += "CVE-2024-7730"
+# These issues were introduced in v10.0.0-rc0
+CVE_CHECK_IGNORE += "CVE-2025-54566 CVE-2025-54567"
+
COMPATIBLE_HOST:mipsarchn32 = "null"
COMPATIBLE_HOST:mipsarchn64 = "null"
COMPATIBLE_HOST:riscv32 = "null"
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 06/26] cups: patch CVE-2025-58436
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (4 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 05/26] qemu: ignore CVE-2025-54566 and CVE-2025-54567 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 07/26] cups: patch CVE-2025-61915 Yoann Congal
` (20 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch from branch 2.4.x corresponding to patch mentioned in [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-58436
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2025-58436.patch | 630 ++++++++++++++++++
2 files changed, 631 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-58436.patch
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index cba4406720..c808eef9a7 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -27,6 +27,7 @@ SRC_URI = "https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${
file://CVE-2024-47175-5.patch \
file://CVE-2025-58060.patch \
file://CVE-2025-58364.patch \
+ file://CVE-2025-58436.patch \
"
UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/CVE-2025-58436.patch b/meta/recipes-extended/cups/cups/CVE-2025-58436.patch
new file mode 100644
index 0000000000..388c5e57b5
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2025-58436.patch
@@ -0,0 +1,630 @@
+From 5d414f1f91bdca118413301b148f0b188eb1cdc6 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Mon, 13 Oct 2025 10:16:48 +0200
+Subject: [PATCH] Fix unresponsive cupsd process caused by a slow client
+
+If client is very slow, it will slow cupsd process for other clients.
+The fix is the best effort without turning scheduler cupsd into
+multithreaded process which would be too complex and error-prone when
+backporting to 2.4.x series.
+
+The fix for unencrypted communication is to follow up on communication
+only if there is the whole line on input, and the waiting time is
+guarded by timeout.
+
+Encrypted communication now starts after we have the whole client hello
+packet, which conflicts with optional upgrade support to HTTPS via
+methods other than method OPTIONS, so this optional support defined in
+RFC 2817, section 3.1 is removed. Too slow or incomplete requests are
+handled by connection timeout.
+
+Fixes CVE-2025-58436
+
+CVE: CVE-2025-58436
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/5d414f1f91bdca118413301b148f0b188eb1cdc6]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ cups/http-private.h | 7 +-
+ cups/http.c | 80 +++++++++++++-------
+ cups/tls-openssl.c | 15 +++-
+ scheduler/client.c | 178 ++++++++++++++++++++++++++++----------------
+ scheduler/client.h | 3 +
+ scheduler/select.c | 12 +++
+ 6 files changed, 198 insertions(+), 97 deletions(-)
+
+diff --git a/cups/http-private.h b/cups/http-private.h
+index d9854faed..2d9035032 100644
+--- a/cups/http-private.h
++++ b/cups/http-private.h
+@@ -120,6 +120,7 @@ extern "C" {
+ * Constants...
+ */
+
++# define _HTTP_MAX_BUFFER 32768 /* Size of read buffer */
+ # define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */
+ # define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */
+ # define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */
+@@ -231,8 +232,8 @@ struct _http_s /**** HTTP connection structure ****/
+ http_encoding_t data_encoding; /* Chunked or not */
+ int _data_remaining;/* Number of bytes left (deprecated) */
+ int used; /* Number of bytes used in buffer */
+- char buffer[HTTP_MAX_BUFFER];
+- /* Buffer for incoming data */
++ char _buffer[HTTP_MAX_BUFFER];
++ /* Old read buffer (deprecated) */
+ int _auth_type; /* Authentication in use (deprecated) */
+ unsigned char _md5_state[88]; /* MD5 state (deprecated) */
+ char nonce[HTTP_MAX_VALUE];
+@@ -306,6 +307,8 @@ struct _http_s /**** HTTP connection structure ****/
+ /* Allocated field values */
+ *default_fields[HTTP_FIELD_MAX];
+ /* Default field values, if any */
++ char buffer[_HTTP_MAX_BUFFER];
++ /* Read buffer */
+ };
+ # endif /* !_HTTP_NO_PRIVATE */
+
+diff --git a/cups/http.c b/cups/http.c
+index 7a42cb3d6..214e45158 100644
+--- a/cups/http.c
++++ b/cups/http.c
+@@ -53,7 +53,7 @@ static http_t *http_create(const char *host, int port,
+ static void http_debug_hex(const char *prefix, const char *buffer,
+ int bytes);
+ #endif /* DEBUG */
+-static ssize_t http_read(http_t *http, char *buffer, size_t length);
++static ssize_t http_read(http_t *http, char *buffer, size_t length, int timeout);
+ static ssize_t http_read_buffered(http_t *http, char *buffer, size_t length);
+ static ssize_t http_read_chunk(http_t *http, char *buffer, size_t length);
+ static int http_send(http_t *http, http_state_t request,
+@@ -1188,7 +1188,7 @@ httpGets(char *line, /* I - Line to read into */
+ return (NULL);
+ }
+
+- bytes = http_read(http, http->buffer + http->used, (size_t)(HTTP_MAX_BUFFER - http->used));
++ bytes = http_read(http, http->buffer + http->used, (size_t)(_HTTP_MAX_BUFFER - http->used), http->wait_value);
+
+ DEBUG_printf(("4httpGets: read " CUPS_LLFMT " bytes.", CUPS_LLCAST bytes));
+
+@@ -1706,24 +1706,13 @@ httpPeek(http_t *http, /* I - HTTP connection */
+
+ ssize_t buflen; /* Length of read for buffer */
+
+- if (!http->blocking)
+- {
+- while (!httpWait(http, http->wait_value))
+- {
+- if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
+- continue;
+-
+- return (0);
+- }
+- }
+-
+ if ((size_t)http->data_remaining > sizeof(http->buffer))
+ buflen = sizeof(http->buffer);
+ else
+ buflen = (ssize_t)http->data_remaining;
+
+ DEBUG_printf(("2httpPeek: Reading %d bytes into buffer.", (int)buflen));
+- bytes = http_read(http, http->buffer, (size_t)buflen);
++ bytes = http_read(http, http->buffer, (size_t)buflen, http->wait_value);
+
+ DEBUG_printf(("2httpPeek: Read " CUPS_LLFMT " bytes into buffer.",
+ CUPS_LLCAST bytes));
+@@ -1744,9 +1733,9 @@ httpPeek(http_t *http, /* I - HTTP connection */
+ int zerr; /* Decompressor error */
+ z_stream stream; /* Copy of decompressor stream */
+
+- if (http->used > 0 && ((z_stream *)http->stream)->avail_in < HTTP_MAX_BUFFER)
++ if (http->used > 0 && ((z_stream *)http->stream)->avail_in < _HTTP_MAX_BUFFER)
+ {
+- size_t buflen = HTTP_MAX_BUFFER - ((z_stream *)http->stream)->avail_in;
++ size_t buflen = _HTTP_MAX_BUFFER - ((z_stream *)http->stream)->avail_in;
+ /* Number of bytes to copy */
+
+ if (((z_stream *)http->stream)->avail_in > 0 &&
+@@ -2004,7 +1993,7 @@ httpRead2(http_t *http, /* I - HTTP connection */
+
+ if (bytes == 0)
+ {
+- ssize_t buflen = HTTP_MAX_BUFFER - (ssize_t)((z_stream *)http->stream)->avail_in;
++ ssize_t buflen = _HTTP_MAX_BUFFER - (ssize_t)((z_stream *)http->stream)->avail_in;
+ /* Additional bytes for buffer */
+
+ if (buflen > 0)
+@@ -2754,7 +2743,7 @@ int /* O - 1 to continue, 0 to stop */
+ _httpUpdate(http_t *http, /* I - HTTP connection */
+ http_status_t *status) /* O - Current HTTP status */
+ {
+- char line[32768], /* Line from connection... */
++ char line[_HTTP_MAX_BUFFER], /* Line from connection... */
+ *value; /* Pointer to value on line */
+ http_field_t field; /* Field index */
+ int major, minor; /* HTTP version numbers */
+@@ -2762,12 +2751,46 @@ _httpUpdate(http_t *http, /* I - HTTP connection */
+
+ DEBUG_printf(("_httpUpdate(http=%p, status=%p), state=%s", (void *)http, (void *)status, httpStateString(http->state)));
+
++ /* When doing non-blocking I/O, make sure we have a whole line... */
++ if (!http->blocking)
++ {
++ ssize_t bytes; /* Bytes "peeked" from connection */
++
++ /* See whether our read buffer is full... */
++ DEBUG_printf(("2_httpUpdate: used=%d", http->used));
++
++ if (http->used > 0 && !memchr(http->buffer, '\n', (size_t)http->used) && (size_t)http->used < sizeof(http->buffer))
++ {
++ /* No, try filling in more data... */
++ if ((bytes = http_read(http, http->buffer + http->used, sizeof(http->buffer) - (size_t)http->used, /*timeout*/0)) > 0)
++ {
++ DEBUG_printf(("2_httpUpdate: Read %d bytes.", (int)bytes));
++ http->used += (int)bytes;
++ }
++ }
++
++ /* Peek at the incoming data... */
++ if (!http->used || !memchr(http->buffer, '\n', (size_t)http->used))
++ {
++ /* Don't have a full line, tell the reader to try again when there is more data... */
++ DEBUG_puts("1_htttpUpdate: No newline in buffer yet.");
++ if ((size_t)http->used == sizeof(http->buffer))
++ *status = HTTP_STATUS_ERROR;
++ else
++ *status = HTTP_STATUS_CONTINUE;
++ return (0);
++ }
++
++ DEBUG_puts("2_httpUpdate: Found newline in buffer.");
++ }
++
+ /*
+ * Grab a single line from the connection...
+ */
+
+ if (!httpGets(line, sizeof(line), http))
+ {
++ DEBUG_puts("1_httpUpdate: Error reading request line.");
+ *status = HTTP_STATUS_ERROR;
+ return (0);
+ }
+@@ -4089,7 +4112,8 @@ http_debug_hex(const char *prefix, /* I - Prefix for line */
+ static ssize_t /* O - Number of bytes read or -1 on error */
+ http_read(http_t *http, /* I - HTTP connection */
+ char *buffer, /* I - Buffer */
+- size_t length) /* I - Maximum bytes to read */
++ size_t length, /* I - Maximum bytes to read */
++ int timeout) /* I - Wait timeout */
+ {
+ ssize_t bytes; /* Bytes read */
+
+@@ -4098,7 +4122,7 @@ http_read(http_t *http, /* I - HTTP connection */
+
+ if (!http->blocking || http->timeout_value > 0.0)
+ {
+- while (!httpWait(http, http->wait_value))
++ while (!_httpWait(http, timeout, 1))
+ {
+ if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
+ continue;
+@@ -4201,7 +4225,7 @@ http_read_buffered(http_t *http, /* I - HTTP connection */
+ else
+ bytes = (ssize_t)length;
+
+- DEBUG_printf(("8http_read: Grabbing %d bytes from input buffer.",
++ DEBUG_printf(("8http_read_buffered: Grabbing %d bytes from input buffer.",
+ (int)bytes));
+
+ memcpy(buffer, http->buffer, (size_t)bytes);
+@@ -4211,7 +4235,7 @@ http_read_buffered(http_t *http, /* I - HTTP connection */
+ memmove(http->buffer, http->buffer + bytes, (size_t)http->used);
+ }
+ else
+- bytes = http_read(http, buffer, length);
++ bytes = http_read(http, buffer, length, http->wait_value);
+
+ return (bytes);
+ }
+@@ -4557,15 +4581,15 @@ http_set_timeout(int fd, /* I - File descriptor */
+ static void
+ http_set_wait(http_t *http) /* I - HTTP connection */
+ {
+- if (http->blocking)
+- {
+- http->wait_value = (int)(http->timeout_value * 1000);
++ http->wait_value = (int)(http->timeout_value * 1000);
+
+- if (http->wait_value <= 0)
++ if (http->wait_value <= 0)
++ {
++ if (http->blocking)
+ http->wait_value = 60000;
++ else
++ http->wait_value = 1000;
+ }
+- else
+- http->wait_value = 10000;
+ }
+
+
+diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c
+index 9fcbe0af3..f746f4cba 100644
+--- a/cups/tls-openssl.c
++++ b/cups/tls-openssl.c
+@@ -180,12 +180,14 @@ cupsMakeServerCredentials(
+ // Save them...
+ if ((bio = BIO_new_file(keyfile, "wb")) == NULL)
+ {
++ DEBUG_printf(("1cupsMakeServerCredentials: Unable to create private key file '%s': %s", keyfile, strerror(errno)));
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(errno), 0);
+ goto done;
+ }
+
+ if (!PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL))
+ {
++ DEBUG_puts("1cupsMakeServerCredentials: PEM_write_bio_PrivateKey failed.");
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to write private key."), 1);
+ BIO_free(bio);
+ goto done;
+@@ -195,12 +197,14 @@ cupsMakeServerCredentials(
+
+ if ((bio = BIO_new_file(crtfile, "wb")) == NULL)
+ {
++ DEBUG_printf(("1cupsMakeServerCredentials: Unable to create certificate file '%s': %s", crtfile, strerror(errno)));
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(errno), 0);
+ goto done;
+ }
+
+ if (!PEM_write_bio_X509(bio, cert))
+ {
++ DEBUG_puts("1cupsMakeServerCredentials: PEM_write_bio_X509 failed.");
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to write X.509 certificate."), 1);
+ BIO_free(bio);
+ goto done;
+@@ -1044,10 +1048,10 @@ _httpTLSStart(http_t *http) // I - Connection to server
+
+ if (!cupsMakeServerCredentials(tls_keypath, cn, 0, NULL, time(NULL) + 365 * 86400))
+ {
+- DEBUG_puts("4_httpTLSStart: cupsMakeServerCredentials failed.");
++ DEBUG_printf(("4_httpTLSStart: cupsMakeServerCredentials failed: %s", cupsLastErrorString()));
+ http->error = errno = EINVAL;
+ http->status = HTTP_STATUS_ERROR;
+- _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to create server credentials."), 1);
++// _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to create server credentials."), 1);
+ SSL_CTX_free(context);
+
+ return (-1);
+@@ -1272,14 +1276,17 @@ http_bio_read(BIO *h, // I - BIO data
+
+ http = (http_t *)BIO_get_data(h);
+
+- if (!http->blocking)
++ if (!http->blocking || http->timeout_value > 0.0)
+ {
+ /*
+ * Make sure we have data before we read...
+ */
+
+- if (!_httpWait(http, 10000, 0))
++ while (!_httpWait(http, http->wait_value, 0))
+ {
++ if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
++ continue;
++
+ #ifdef WIN32
+ http->error = WSAETIMEDOUT;
+ #else
+diff --git a/scheduler/client.c b/scheduler/client.c
+index f0349a6c9..9593c9138 100644
+--- a/scheduler/client.c
++++ b/scheduler/client.c
+@@ -34,11 +34,11 @@
+
+ static int check_if_modified(cupsd_client_t *con,
+ struct stat *filestats);
++#ifdef HAVE_TLS
++static int check_start_tls(cupsd_client_t *con);
++#endif /* HAVE_TLS */
+ static int compare_clients(cupsd_client_t *a, cupsd_client_t *b,
+ void *data);
+-#ifdef HAVE_TLS
+-static int cupsd_start_tls(cupsd_client_t *con, http_encryption_t e);
+-#endif /* HAVE_TLS */
+ static char *get_file(cupsd_client_t *con, struct stat *filestats,
+ char *filename, size_t len);
+ static http_status_t install_cupsd_conf(cupsd_client_t *con);
+@@ -360,14 +360,20 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
+ if (lis->encryption == HTTP_ENCRYPTION_ALWAYS)
+ {
+ /*
+- * https connection; go secure...
++ * HTTPS connection, force TLS negotiation...
+ */
+
+- if (cupsd_start_tls(con, HTTP_ENCRYPTION_ALWAYS))
+- cupsdCloseClient(con);
++ con->tls_start = time(NULL);
++ con->encryption = HTTP_ENCRYPTION_ALWAYS;
+ }
+ else
++ {
++ /*
++ * HTTP connection, but check for HTTPS negotiation on first data...
++ */
++
+ con->auto_ssl = 1;
++ }
+ #endif /* HAVE_TLS */
+ }
+
+@@ -597,17 +603,46 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
+
+ con->auto_ssl = 0;
+
+- if (recv(httpGetFd(con->http), buf, 1, MSG_PEEK) == 1 &&
+- (!buf[0] || !strchr("DGHOPT", buf[0])))
++ if (recv(httpGetFd(con->http), buf, 5, MSG_PEEK) == 5 && buf[0] == 0x16 && buf[1] == 3 && buf[2])
+ {
+ /*
+- * Encrypt this connection...
++ * Client hello record, encrypt this connection...
+ */
+
+- cupsdLogClient(con, CUPSD_LOG_DEBUG2, "Saw first byte %02X, auto-negotiating SSL/TLS session.", buf[0] & 255);
++ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "Saw client hello record, auto-negotiating TLS session.");
++ con->tls_start = time(NULL);
++ con->encryption = HTTP_ENCRYPTION_ALWAYS;
++ }
++ }
+
+- if (cupsd_start_tls(con, HTTP_ENCRYPTION_ALWAYS))
+- cupsdCloseClient(con);
++ if (con->tls_start)
++ {
++ /*
++ * Try negotiating TLS...
++ */
++
++ int tls_status = check_start_tls(con);
++
++ if (tls_status < 0)
++ {
++ /*
++ * TLS negotiation failed, close the connection.
++ */
++
++ cupsdCloseClient(con);
++ return;
++ }
++ else if (tls_status == 0)
++ {
++ /*
++ * Nothing to do yet...
++ */
++
++ if ((time(NULL) - con->tls_start) > 5)
++ {
++ // Timeout, close the connection...
++ cupsdCloseClient(con);
++ }
+
+ return;
+ }
+@@ -771,9 +806,7 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
+ * Parse incoming parameters until the status changes...
+ */
+
+- while ((status = httpUpdate(con->http)) == HTTP_STATUS_CONTINUE)
+- if (!httpGetReady(con->http))
+- break;
++ status = httpUpdate(con->http);
+
+ if (status != HTTP_STATUS_OK && status != HTTP_STATUS_CONTINUE)
+ {
+@@ -935,11 +968,10 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
+ return;
+ }
+
+- if (cupsd_start_tls(con, HTTP_ENCRYPTION_REQUIRED))
+- {
+- cupsdCloseClient(con);
+- return;
+- }
++ con->tls_start = time(NULL);
++ con->tls_upgrade = 1;
++ con->encryption = HTTP_ENCRYPTION_REQUIRED;
++ return;
+ #else
+ if (!cupsdSendError(con, HTTP_STATUS_NOT_IMPLEMENTED, CUPSD_AUTH_NONE))
+ {
+@@ -978,32 +1010,11 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
+ if (!_cups_strcasecmp(httpGetField(con->http, HTTP_FIELD_CONNECTION),
+ "Upgrade") && !httpIsEncrypted(con->http))
+ {
+-#ifdef HAVE_TLS
+- /*
+- * Do encryption stuff...
+- */
+-
+- httpClearFields(con->http);
+-
+- if (!cupsdSendHeader(con, HTTP_STATUS_SWITCHING_PROTOCOLS, NULL,
+- CUPSD_AUTH_NONE))
+- {
+- cupsdCloseClient(con);
+- return;
+- }
+-
+- if (cupsd_start_tls(con, HTTP_ENCRYPTION_REQUIRED))
+- {
+- cupsdCloseClient(con);
+- return;
+- }
+-#else
+ if (!cupsdSendError(con, HTTP_STATUS_NOT_IMPLEMENTED, CUPSD_AUTH_NONE))
+ {
+ cupsdCloseClient(con);
+ return;
+ }
+-#endif /* HAVE_TLS */
+ }
+
+ if ((status = cupsdIsAuthorized(con, NULL)) != HTTP_STATUS_OK)
+@@ -2631,6 +2642,69 @@ check_if_modified(
+ }
+
+
++#ifdef HAVE_TLS
++/*
++ * 'check_start_tls()' - Start encryption on a connection.
++ */
++
++static int /* O - 0 to continue, 1 on success, -1 on error */
++check_start_tls(cupsd_client_t *con) /* I - Client connection */
++{
++ unsigned char chello[4096]; /* Client hello record */
++ ssize_t chello_bytes; /* Bytes read/peeked */
++ int chello_len; /* Length of record */
++
++
++ /*
++ * See if we have a good and complete client hello record...
++ */
++
++ if ((chello_bytes = recv(httpGetFd(con->http), (char *)chello, sizeof(chello), MSG_PEEK)) < 5)
++ return (0); /* Not enough bytes (yet) */
++
++ if (chello[0] != 0x016 || chello[1] != 3 || chello[2] == 0)
++ return (-1); /* Not a TLS Client Hello record */
++
++ chello_len = (chello[3] << 8) | chello[4];
++
++ if ((chello_len + 5) > chello_bytes)
++ return (0); /* Not enough bytes yet */
++
++ /*
++ * OK, we do, try negotiating...
++ */
++
++ con->tls_start = 0;
++
++ if (httpEncryption(con->http, con->encryption))
++ {
++ cupsdLogClient(con, CUPSD_LOG_ERROR, "Unable to encrypt connection: %s", cupsLastErrorString());
++ return (-1);
++ }
++
++ cupsdLogClient(con, CUPSD_LOG_DEBUG, "Connection now encrypted.");
++
++ if (con->tls_upgrade)
++ {
++ // Respond to the original OPTIONS command...
++ con->tls_upgrade = 0;
++
++ httpClearFields(con->http);
++ httpClearCookie(con->http);
++ httpSetField(con->http, HTTP_FIELD_CONTENT_LENGTH, "0");
++
++ if (!cupsdSendHeader(con, HTTP_STATUS_OK, NULL, CUPSD_AUTH_NONE))
++ {
++ cupsdCloseClient(con);
++ return (-1);
++ }
++ }
++
++ return (1);
++}
++#endif /* HAVE_TLS */
++
++
+ /*
+ * 'compare_clients()' - Compare two client connections.
+ */
+@@ -2651,28 +2725,6 @@ compare_clients(cupsd_client_t *a, /* I - First client */
+ }
+
+
+-#ifdef HAVE_TLS
+-/*
+- * 'cupsd_start_tls()' - Start encryption on a connection.
+- */
+-
+-static int /* O - 0 on success, -1 on error */
+-cupsd_start_tls(cupsd_client_t *con, /* I - Client connection */
+- http_encryption_t e) /* I - Encryption mode */
+-{
+- if (httpEncryption(con->http, e))
+- {
+- cupsdLogClient(con, CUPSD_LOG_ERROR, "Unable to encrypt connection: %s",
+- cupsLastErrorString());
+- return (-1);
+- }
+-
+- cupsdLogClient(con, CUPSD_LOG_DEBUG, "Connection now encrypted.");
+- return (0);
+-}
+-#endif /* HAVE_TLS */
+-
+-
+ /*
+ * 'get_file()' - Get a filename and state info.
+ */
+diff --git a/scheduler/client.h b/scheduler/client.h
+index 9fe4e2ea6..2939ce997 100644
+--- a/scheduler/client.h
++++ b/scheduler/client.h
+@@ -51,6 +51,9 @@ struct cupsd_client_s
+ cups_lang_t *language; /* Language to use */
+ #ifdef HAVE_TLS
+ int auto_ssl; /* Automatic test for SSL/TLS */
++ time_t tls_start; /* Do TLS negotiation? */
++ int tls_upgrade; /* Doing TLS upgrade via OPTIONS? */
++ http_encryption_t encryption; /* Type of TLS negotiation */
+ #endif /* HAVE_TLS */
+ http_addr_t clientaddr; /* Client's server address */
+ char clientname[256];/* Client's server name for connection */
+diff --git a/scheduler/select.c b/scheduler/select.c
+index 2e64f2a7e..ac6205c51 100644
+--- a/scheduler/select.c
++++ b/scheduler/select.c
+@@ -408,6 +408,9 @@ cupsdDoSelect(long timeout) /* I - Timeout in seconds */
+
+ cupsd_in_select = 1;
+
++ // Prevent 100% CPU by releasing control before the kevent call...
++ usleep(1);
++
+ if (timeout >= 0 && timeout < 86400)
+ {
+ ktimeout.tv_sec = timeout;
+@@ -454,6 +457,9 @@ cupsdDoSelect(long timeout) /* I - Timeout in seconds */
+ struct epoll_event *event; /* Current event */
+
+
++ // Prevent 100% CPU by releasing control before the epoll_wait call...
++ usleep(1);
++
+ if (timeout >= 0 && timeout < 86400)
+ nfds = epoll_wait(cupsd_epoll_fd, cupsd_epoll_events, MaxFDs,
+ timeout * 1000);
+@@ -546,6 +552,9 @@ cupsdDoSelect(long timeout) /* I - Timeout in seconds */
+ }
+ }
+
++ // Prevent 100% CPU by releasing control before the poll call...
++ usleep(1);
++
+ if (timeout >= 0 && timeout < 86400)
+ nfds = poll(cupsd_pollfds, (nfds_t)count, timeout * 1000);
+ else
+@@ -599,6 +608,9 @@ cupsdDoSelect(long timeout) /* I - Timeout in seconds */
+ cupsd_current_input = cupsd_global_input;
+ cupsd_current_output = cupsd_global_output;
+
++ // Prevent 100% CPU by releasing control before the select call...
++ usleep(1);
++
+ if (timeout >= 0 && timeout < 86400)
+ {
+ stimeout.tv_sec = timeout;
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 07/26] cups: patch CVE-2025-61915
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (5 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 06/26] cups: patch CVE-2025-58436 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 08/26] cups: allow unknown directives in conf files Yoann Congal
` (19 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch per [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-61915
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2025-61915.patch | 487 ++++++++++++++++++
2 files changed, 488 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-61915.patch
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index c808eef9a7..ce55a8ef6f 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -28,6 +28,7 @@ SRC_URI = "https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${
file://CVE-2025-58060.patch \
file://CVE-2025-58364.patch \
file://CVE-2025-58436.patch \
+ file://CVE-2025-61915.patch \
"
UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/CVE-2025-61915.patch b/meta/recipes-extended/cups/cups/CVE-2025-61915.patch
new file mode 100644
index 0000000000..bdab24e028
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2025-61915.patch
@@ -0,0 +1,487 @@
+From db8d560262c22a21ee1e55dfd62fa98d9359bcb0 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Fri, 21 Nov 2025 07:36:36 +0100
+Subject: [PATCH] Fix various issues in cupsd
+
+Various issues were found by @SilverPlate3, recognized as CVE-2025-61915:
+
+- out of bound write when handling IPv6 addresses,
+- cupsd crash caused by null dereference when ErrorPolicy value is empty,
+
+On the top of that, Mike Sweet noticed vulnerability via domain socket,
+exploitable locally if attacker has access to domain socket and knows username
+of user within a group which is present in CUPS system groups:
+
+- rewrite of cupsd.conf via PeerCred authorization via domain socket
+
+The last vulnerability is fixed by introducing PeerCred directive for cups-files.conf,
+which controls whether PeerCred is enabled/disabled for user in CUPS system groups.
+
+Fixes CVE-2025-61915
+
+CVE: CVE-2025-61915
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ conf/cups-files.conf.in | 3 ++
+ config-scripts/cups-defaults.m4 | 9 +++++
+ config.h.in | 7 ++++
+ configure | 22 ++++++++++
+ doc/help/man-cups-files.conf.html | 9 ++++-
+ man/cups-files.conf.5 | 17 ++++++--
+ scheduler/auth.c | 8 +++-
+ scheduler/auth.h | 7 ++++
+ scheduler/client.c | 2 +-
+ scheduler/conf.c | 60 ++++++++++++++++++++++++----
+ test/run-stp-tests.sh | 2 +-
+ vcnet/config.h | 7 ++++
+ xcode/CUPS.xcodeproj/project.pbxproj | 2 -
+ xcode/config.h | 7 ++++
+ 14 files changed, 145 insertions(+), 17 deletions(-)
+
+diff --git a/conf/cups-files.conf.in b/conf/cups-files.conf.in
+index f96f745ae..6db139297 100644
+--- a/conf/cups-files.conf.in
++++ b/conf/cups-files.conf.in
+@@ -19,6 +19,9 @@
+ SystemGroup @CUPS_SYSTEM_GROUPS@
+ @CUPS_SYSTEM_AUTHKEY@
+
++# Are Unix domain socket peer credentials used for authorization?
++PeerCred @CUPS_PEER_CRED@
++
+ # User that is substituted for unauthenticated (remote) root accesses...
+ #RemoteRoot remroot
+
+diff --git a/config-scripts/cups-defaults.m4 b/config-scripts/cups-defaults.m4
+index 999a8849d..fc9ba4a02 100644
+--- a/config-scripts/cups-defaults.m4
++++ b/config-scripts/cups-defaults.m4
+@@ -129,6 +129,15 @@ AC_ARG_WITH([log_level], AS_HELP_STRING([--with-log-level], [set default LogLeve
+ AC_SUBST([CUPS_LOG_LEVEL])
+ AC_DEFINE_UNQUOTED([CUPS_DEFAULT_LOG_LEVEL], ["$CUPS_LOG_LEVEL"], [Default LogLevel value.])
+
++dnl Default PeerCred
++AC_ARG_WITH([peer_cred], AS_HELP_STRING([--with-peer-cred], [set default PeerCred value (on/off/root-only), default=on]), [
++ CUPS_PEER_CRED="$withval"
++], [
++ CUPS_PEER_CRED="on"
++])
++AC_SUBST([CUPS_PEER_CRED])
++AC_DEFINE_UNQUOTED([CUPS_DEFAULT_PEER_CRED], ["$CUPS_PEER_CRED"], [Default PeerCred value.])
++
+ dnl Default AccessLogLevel
+ AC_ARG_WITH(access_log_level, [ --with-access-log-level set default AccessLogLevel value, default=none],
+ CUPS_ACCESS_LOG_LEVEL="$withval",
+diff --git a/config.h.in b/config.h.in
+index 207df66a7..37c279088 100644
+--- a/config.h.in
++++ b/config.h.in
+@@ -86,6 +86,13 @@
+ #define CUPS_DEFAULT_ERROR_POLICY "stop-printer"
+
+
++/*
++ * Default PeerCred value...
++ */
++
++#define CUPS_DEFAULT_PEER_CRED "on"
++
++
+ /*
+ * Default MaxCopies value...
+ */
+diff --git a/configure b/configure
+index a38ebded9..1721634ba 100755
+--- a/configure
++++ b/configure
+@@ -672,6 +672,7 @@ CUPS_BROWSING
+ CUPS_SYNC_ON_CLOSE
+ CUPS_PAGE_LOG_FORMAT
+ CUPS_ACCESS_LOG_LEVEL
++CUPS_PEER_CRED
+ CUPS_LOG_LEVEL
+ CUPS_FATAL_ERRORS
+ CUPS_ERROR_POLICY
+@@ -925,6 +926,7 @@ with_max_log_size
+ with_error_policy
+ with_fatal_errors
+ with_log_level
++with_peer_cred
+ with_access_log_level
+ enable_page_logging
+ enable_sync_on_close
+@@ -1659,6 +1661,8 @@ Optional Packages:
+ --with-error-policy set default ErrorPolicy value, default=stop-printer
+ --with-fatal-errors set default FatalErrors value, default=config
+ --with-log-level set default LogLevel value, default=warn
++ --with-peer-cred set default PeerCred value (on/off/root-only),
++ default=on
+ --with-access-log-level set default AccessLogLevel value, default=none
+ --with-local-protocols set default BrowseLocalProtocols, default=""
+ --with-cups-user set default user for CUPS
+@@ -11652,6 +11656,24 @@ printf "%s\n" "#define CUPS_DEFAULT_LOG_LEVEL \"$CUPS_LOG_LEVEL\"" >>confdefs.h
+
+
+
++# Check whether --with-peer_cred was given.
++if test ${with_peer_cred+y}
++then :
++ withval=$with_peer_cred;
++ CUPS_PEER_CRED="$withval"
++
++else $as_nop
++
++ CUPS_PEER_CRED="on"
++
++fi
++
++
++
++printf "%s\n" "#define CUPS_DEFAULT_PEER_CRED \"$CUPS_PEER_CRED\"" >>confdefs.h
++
++
++
+ # Check whether --with-access_log_level was given.
+ if test ${with_access_log_level+y}
+ then :
+diff --git a/doc/help/man-cups-files.conf.html b/doc/help/man-cups-files.conf.html
+index 440f033d5..5a9ddefeb 100644
+--- a/doc/help/man-cups-files.conf.html
++++ b/doc/help/man-cups-files.conf.html
+@@ -119,6 +119,13 @@ The default is "/var/log/cups/page_log".
+ <dt><a name="PassEnv"></a><b>PassEnv </b><i>variable </i>[ ... <i>variable </i>]
+ <dd style="margin-left: 5.0em">Passes the specified environment variable(s) to child processes.
+ Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
++<dt><a name="PeerCred"></a><b>PeerCred off</b>
++<dd style="margin-left: 5.0em"><dt><b>PeerCred on</b>
++<dd style="margin-left: 5.0em"><dt><b>PeerCred root-only</b>
++<dd style="margin-left: 5.0em">Specifies whether peer credentials are used for authorization when communicating over the UNIX domain socket.
++When <b>on</b>, the peer credentials of any user are accepted for authorization.
++The value <b>off</b> disables the use of peer credentials entirely, while the value <b>root-only</b> allows peer credentials only for the root user.
++Note: for security reasons, the <b>on</b> setting is reduced to <b>root-only</b> for authorization of PUT requests.
+ <dt><a name="RemoteRoot"></a><b>RemoteRoot </b><i>username</i>
+ <dd style="margin-left: 5.0em">Specifies the username that is associated with unauthenticated accesses by clients claiming to be the root user.
+ The default is "remroot".
+@@ -199,7 +206,7 @@ command is used instead.
+ <a href="man-subscriptions.conf.html?TOPIC=Man+Pages"><b>subscriptions.conf</b>(5),</a>
+ CUPS Online Help (<a href="http://localhost:631/help">http://localhost:631/help</a>)
+ <h2 class="title"><a name="COPYRIGHT">Copyright</a></h2>
+-Copyright © 2020-2022 by OpenPrinting.
++Copyright © 2020-2025 by OpenPrinting.
+
+ </body>
+ </html>
+diff --git a/man/cups-files.conf.5 b/man/cups-files.conf.5
+index ec16c9e13..18ce2be00 100644
+--- a/man/cups-files.conf.5
++++ b/man/cups-files.conf.5
+@@ -1,14 +1,14 @@
+ .\"
+ .\" cups-files.conf man page for CUPS.
+ .\"
+-.\" Copyright © 2020-2022 by OpenPrinting.
++.\" Copyright © 2020-2025 by OpenPrinting.
+ .\" Copyright © 2007-2019 by Apple Inc.
+ .\" Copyright © 1997-2006 by Easy Software Products.
+ .\"
+ .\" Licensed under Apache License v2.0. See the file "LICENSE" for more
+ .\" information.
+ .\"
+-.TH cups-files.conf 5 "CUPS" "2021-03-06" "OpenPrinting"
++.TH cups-files.conf 5 "CUPS" "2025-10-08" "OpenPrinting"
+ .SH NAME
+ cups\-files.conf \- file and directory configuration file for cups
+ .SH DESCRIPTION
+@@ -166,6 +166,17 @@ The default is "/var/log/cups/page_log".
+ \fBPassEnv \fIvariable \fR[ ... \fIvariable \fR]
+ Passes the specified environment variable(s) to child processes.
+ Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
++.\"#PeerCred
++.TP 5
++\fBPeerCred off\fR
++.TP 5
++\fBPeerCred on\fR
++.TP 5
++\fBPeerCred root-only\fR
++Specifies whether peer credentials are used for authorization when communicating over the UNIX domain socket.
++When \fBon\fR, the peer credentials of any user are accepted for authorization.
++The value \fBoff\fR disables the use of peer credentials entirely, while the value \fBroot-only\fR allows peer credentials only for the root user.
++Note: for security reasons, the \fBon\fR setting is reduced to \fBroot-only\fR for authorization of PUT requests.
+ .\"#RemoteRoot
+ .TP 5
+ \fBRemoteRoot \fIusername\fR
+@@ -278,4 +289,4 @@ command is used instead.
+ .BR subscriptions.conf (5),
+ CUPS Online Help (http://localhost:631/help)
+ .SH COPYRIGHT
+-Copyright \[co] 2020-2022 by OpenPrinting.
++Copyright \[co] 2020-2025 by OpenPrinting.
+diff --git a/scheduler/auth.c b/scheduler/auth.c
+index 3c9aa72aa..bd0d28a0e 100644
+--- a/scheduler/auth.c
++++ b/scheduler/auth.c
+@@ -398,7 +398,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
+ }
+ #endif /* HAVE_AUTHORIZATION_H */
+ #if defined(SO_PEERCRED) && defined(AF_LOCAL)
+- else if (!strncmp(authorization, "PeerCred ", 9) &&
++ else if (PeerCred != CUPSD_PEERCRED_OFF && !strncmp(authorization, "PeerCred ", 9) &&
+ con->http->hostaddr->addr.sa_family == AF_LOCAL && con->best)
+ {
+ /*
+@@ -441,6 +441,12 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
+ }
+ #endif /* HAVE_AUTHORIZATION_H */
+
++ if ((PeerCred == CUPSD_PEERCRED_ROOTONLY || httpGetState(con->http) == HTTP_STATE_PUT_RECV) && strcmp(authorization + 9, "root"))
++ {
++ cupsdLogClient(con, CUPSD_LOG_INFO, "User \"%s\" is not allowed to use peer credentials.", authorization + 9);
++ return;
++ }
++
+ if ((pwd = getpwnam(authorization + 9)) == NULL)
+ {
+ cupsdLogClient(con, CUPSD_LOG_ERROR, "User \"%s\" does not exist.", authorization + 9);
+diff --git a/scheduler/auth.h b/scheduler/auth.h
+index ee98e92c7..fdf71213f 100644
+--- a/scheduler/auth.h
++++ b/scheduler/auth.h
+@@ -50,6 +50,10 @@
+ #define CUPSD_AUTH_LIMIT_ALL 127 /* Limit all requests */
+ #define CUPSD_AUTH_LIMIT_IPP 128 /* Limit IPP requests */
+
++#define CUPSD_PEERCRED_OFF 0 /* Don't allow PeerCred authorization */
++#define CUPSD_PEERCRED_ON 1 /* Allow PeerCred authorization for all users */
++#define CUPSD_PEERCRED_ROOTONLY 2 /* Allow PeerCred authorization for root user */
++
+ #define IPP_ANY_OPERATION (ipp_op_t)0
+ /* Any IPP operation */
+ #define IPP_BAD_OPERATION (ipp_op_t)-1
+@@ -107,6 +111,9 @@ typedef struct cupsd_client_s cupsd_client_t;
+
+ VAR cups_array_t *Locations VALUE(NULL);
+ /* Authorization locations */
++VAR int PeerCred VALUE(CUPSD_PEERCRED_ON);
++ /* Allow PeerCred authorization? */
++
+ #ifdef HAVE_TLS
+ VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
+ /* Default encryption for authentication */
+diff --git a/scheduler/client.c b/scheduler/client.c
+index 9593c9138..d961c15db 100644
+--- a/scheduler/client.c
++++ b/scheduler/client.c
+@@ -2143,7 +2143,7 @@ cupsdSendHeader(
+ auth_size = sizeof(auth_str) - (size_t)(auth_key - auth_str);
+
+ #if defined(SO_PEERCRED) && defined(AF_LOCAL)
+- if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
++ if (PeerCred != CUPSD_PEERCRED_OFF && httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
+ {
+ strlcpy(auth_key, ", PeerCred", auth_size);
+ auth_key += 10;
+diff --git a/scheduler/conf.c b/scheduler/conf.c
+index db4104ec5..7d6da0252 100644
+--- a/scheduler/conf.c
++++ b/scheduler/conf.c
+@@ -47,6 +47,7 @@ typedef enum
+ {
+ CUPSD_VARTYPE_INTEGER, /* Integer option */
+ CUPSD_VARTYPE_TIME, /* Time interval option */
++ CUPSD_VARTYPE_NULLSTRING, /* String option or NULL/empty string */
+ CUPSD_VARTYPE_STRING, /* String option */
+ CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
+ CUPSD_VARTYPE_PATHNAME, /* File/directory name option */
+@@ -69,7 +70,7 @@ static const cupsd_var_t cupsd_vars[] =
+ {
+ { "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN },
+ #ifdef HAVE_DNSSD
+- { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_STRING },
++ { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_NULLSTRING },
+ #endif /* HAVE_DNSSD */
+ { "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN },
+ { "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
+@@ -120,7 +121,7 @@ static const cupsd_var_t cupsd_vars[] =
+ { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
+ { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
+ { "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_TIME },
+- { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
++ { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_NULLSTRING },
+ { "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_TIME },
+ { "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_TIME },
+ { "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_TIME },
+@@ -777,6 +778,13 @@ cupsdReadConfiguration(void)
+ IdleExitTimeout = 60;
+ #endif /* HAVE_ONDEMAND */
+
++ if (!strcmp(CUPS_DEFAULT_PEER_CRED, "off"))
++ PeerCred = CUPSD_PEERCRED_OFF;
++ else if (!strcmp(CUPS_DEFAULT_PEER_CRED, "root-only"))
++ PeerCred = CUPSD_PEERCRED_ROOTONLY;
++ else
++ PeerCred = CUPSD_PEERCRED_ON;
++
+ /*
+ * Setup environment variables...
+ */
+@@ -1826,7 +1834,7 @@ get_addr_and_mask(const char *value, /* I - String from config file */
+
+ family = AF_INET6;
+
+- for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
++ for (i = 0, ptr = value + 1; *ptr && i >= 0 && i < 8; i ++)
+ {
+ if (*ptr == ']')
+ break;
+@@ -1975,7 +1983,7 @@ get_addr_and_mask(const char *value, /* I - String from config file */
+ #ifdef AF_INET6
+ if (family == AF_INET6)
+ {
+- if (i > 128)
++ if (i < 0 || i > 128)
+ return (0);
+
+ i = 128 - i;
+@@ -2009,7 +2017,7 @@ get_addr_and_mask(const char *value, /* I - String from config file */
+ else
+ #endif /* AF_INET6 */
+ {
+- if (i > 32)
++ if (i < 0 || i > 32)
+ return (0);
+
+ mask[0] = 0xffffffff;
+@@ -2919,7 +2927,17 @@ parse_variable(
+ cupsdSetString((char **)var->ptr, temp);
+ break;
+
++ case CUPSD_VARTYPE_NULLSTRING :
++ cupsdSetString((char **)var->ptr, value);
++ break;
++
+ case CUPSD_VARTYPE_STRING :
++ if (!value)
++ {
++ cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.", line, linenum, filename);
++ return (0);
++ }
++
+ cupsdSetString((char **)var->ptr, value);
+ break;
+ }
+@@ -3447,9 +3465,10 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
+ line, value ? " " : "", value ? value : "", linenum,
+ ConfigurationFile, CupsFilesFile);
+ }
+- else
+- parse_variable(ConfigurationFile, linenum, line, value,
+- sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars);
++ else if (!parse_variable(ConfigurationFile, linenum, line, value,
++ sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars) &&
++ (FatalErrors & CUPSD_FATAL_CONFIG))
++ return (0);
+ }
+
+ return (1);
+@@ -3609,6 +3628,31 @@ read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
+ break;
+ }
+ }
++ else if (!_cups_strcasecmp(line, "PeerCred") && value)
++ {
++ /*
++ * PeerCred {off,on,root-only}
++ */
++
++ if (!_cups_strcasecmp(value, "off"))
++ {
++ PeerCred = CUPSD_PEERCRED_OFF;
++ }
++ else if (!_cups_strcasecmp(value, "on"))
++ {
++ PeerCred = CUPSD_PEERCRED_ON;
++ }
++ else if (!_cups_strcasecmp(value, "root-only"))
++ {
++ PeerCred = CUPSD_PEERCRED_ROOTONLY;
++ }
++ else
++ {
++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown PeerCred \"%s\" on line %d of %s.", value, linenum, CupsFilesFile);
++ if (FatalErrors & CUPSD_FATAL_CONFIG)
++ return (0);
++ }
++ }
+ else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
+ {
+ /*
+diff --git a/test/run-stp-tests.sh b/test/run-stp-tests.sh
+index 1c447edd7..8d677db71 100755
+--- a/test/run-stp-tests.sh
++++ b/test/run-stp-tests.sh
+@@ -512,7 +512,7 @@ fi
+
+ cat >$BASE/cups-files.conf <<EOF
+ FileDevice yes
+-Printcap
++Printcap $BASE/printcap
+ User $user
+ ServerRoot $BASE
+ StateDir $BASE
+diff --git a/vcnet/config.h b/vcnet/config.h
+index dbc6f05d5..317c956a6 100644
+--- a/vcnet/config.h
++++ b/vcnet/config.h
+@@ -169,6 +169,13 @@ typedef unsigned long useconds_t;
+ #define CUPS_DEFAULT_ERROR_POLICY "stop-printer"
+
+
++/*
++ * Default PeerCred value...
++ */
++
++#define CUPS_DEFAULT_PEER_CRED "on"
++
++
+ /*
+ * Default MaxCopies value...
+ */
+diff --git a/xcode/CUPS.xcodeproj/project.pbxproj b/xcode/CUPS.xcodeproj/project.pbxproj
+index 597946440..54ac652a1 100644
+--- a/xcode/CUPS.xcodeproj/project.pbxproj
++++ b/xcode/CUPS.xcodeproj/project.pbxproj
+@@ -3434,7 +3434,6 @@
+ 72220FB313330BCE00FCA411 /* mime.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = mime.c; path = ../scheduler/mime.c; sourceTree = "<group>"; };
+ 72220FB413330BCE00FCA411 /* mime.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mime.h; path = ../scheduler/mime.h; sourceTree = "<group>"; };
+ 72220FB513330BCE00FCA411 /* type.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = type.c; path = ../scheduler/type.c; sourceTree = "<group>"; };
+- 7226369B18AE6D19004ED309 /* org.cups.cups-lpd.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = "org.cups.cups-lpd.plist"; path = "../scheduler/org.cups.cups-lpd.plist"; sourceTree = SOURCE_ROOT; };
+ 7226369C18AE6D19004ED309 /* org.cups.cupsd.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = org.cups.cupsd.plist; path = ../scheduler/org.cups.cupsd.plist; sourceTree = SOURCE_ROOT; };
+ 7226369D18AE73BB004ED309 /* config.h.in */ = {isa = PBXFileReference; lastKnownFileType = text; name = config.h.in; path = ../config.h.in; sourceTree = "<group>"; };
+ 722A24EE2178D00C000CAB20 /* debug-internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "debug-internal.h"; path = "../cups/debug-internal.h"; sourceTree = "<group>"; };
+@@ -5056,7 +5055,6 @@
+ isa = PBXGroup;
+ children = (
+ 72E65BDC18DC852700097E89 /* Makefile */,
+- 7226369B18AE6D19004ED309 /* org.cups.cups-lpd.plist */,
+ 72E65BD518DC818400097E89 /* org.cups.cups-lpd.plist.in */,
+ 7226369C18AE6D19004ED309 /* org.cups.cupsd.plist */,
+ 72220F6913330B0C00FCA411 /* auth.c */,
+diff --git a/xcode/config.h b/xcode/config.h
+index e0ddd09dc..caec083ca 100644
+--- a/xcode/config.h
++++ b/xcode/config.h
+@@ -88,6 +88,13 @@
+ #define CUPS_DEFAULT_ERROR_POLICY "stop-printer"
+
+
++/*
++ * Default PeerCred value...
++ */
++
++#define CUPS_DEFAULT_PEER_CRED "on"
++
++
+ /*
+ * Default MaxCopies value...
+ */
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 08/26] cups: allow unknown directives in conf files
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (6 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 07/26] cups: patch CVE-2025-61915 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:47 ` Patchtest results for " patchtest
2026-01-20 13:37 ` [OE-core][kirkstone 09/26] dropbear: patch CVE-2019-6111 Yoann Congal
` (18 subsequent siblings)
26 siblings, 1 reply; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Patch for CVE-2025-61915 by mistake causes fatal error on unknown
directives in configuration files.
The default configuration already contains unknown directive in
non-systemd setups:
Unknown directive IdleExitTimeout on line 32 of /etc/cups/cupsd.conf
Backport fix for this from 2.4.x branch which reverts this behavior.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-extended/cups/cups.inc | 1 +
...pping-scheduler-on-unknown-directive.patch | 43 +++++++++++++++++++
2 files changed, 44 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index ce55a8ef6f..f70c4e7026 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -29,6 +29,7 @@ SRC_URI = "https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${
file://CVE-2025-58364.patch \
file://CVE-2025-58436.patch \
file://CVE-2025-61915.patch \
+ file://0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch \
"
UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch b/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch
new file mode 100644
index 0000000000..572a8941f4
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch
@@ -0,0 +1,43 @@
+From 277d3b1c49895f070bbf4b73cada011d71fbf9f3 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Thu, 4 Dec 2025 09:04:37 +0100
+Subject: [PATCH] conf.c: Fix stopping scheduler on unknown directive
+
+Change the return value to do not trigger stopping the scheduler in case
+of unknown directive, because stopping the scheduler on config errors
+should only happen in case of syntax errors.
+
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/277d3b1c49895f070bbf4b73cada011d71fbf9f3]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ scheduler/conf.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/scheduler/conf.c b/scheduler/conf.c
+index 7d6da0252..0e7be0ef4 100644
+--- a/scheduler/conf.c
++++ b/scheduler/conf.c
+@@ -2695,16 +2695,16 @@ parse_variable(
+ {
+ /*
+ * Unknown directive! Output an error message and continue...
++ *
++ * Return value 1 is on purpose - we ignore unknown directives to log
++ * error, but do not stop the scheduler in case error in configuration
++ * is set to be fatal.
+ */
+
+- if (!value)
+- cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.",
+- line, linenum, filename);
+- else
+- cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
+- line, linenum, filename);
++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
++ line, linenum, filename);
+
+- return (0);
++ return (1);
+ }
+
+ switch (var->type)
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 09/26] dropbear: patch CVE-2019-6111
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (7 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 08/26] cups: allow unknown directives in conf files Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 10/26] python3-urllib3: patch CVE-2025-66418 Yoann Congal
` (17 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch mentioning this CVE number.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-core/dropbear/dropbear.inc | 1 +
.../dropbear/dropbear/CVE-2019-6111.patch | 157 ++++++++++++++++++
2 files changed, 158 insertions(+)
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch
diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
index 94059df258..cebb1e49c9 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -34,6 +34,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
file://0001-Add-m_snprintf-that-won-t-return-negative.patch \
file://0001-Handle-arbitrary-length-paths-and-commands-in-multih.patch \
file://CVE-2025-47203.patch \
+ file://CVE-2019-6111.patch \
"
PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch b/meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch
new file mode 100644
index 0000000000..84224a5f57
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch
@@ -0,0 +1,157 @@
+From 48a17cff6aa104b8e806ddb2191f83f1024060f1 Mon Sep 17 00:00:00 2001
+From: Matt Johnston <matt@ucc.asn.au>
+Date: Tue, 9 Dec 2025 22:59:19 +0900
+Subject: [PATCH] scp CVE-2019-6111 fix
+
+Cherry-pick from OpenSSH portable
+
+391ffc4b9d31 ("upstream: check in scp client that filenames sent during")
+
+upstream: check in scp client that filenames sent during
+
+remote->local directory copies satisfy the wildcard specified by the user.
+
+This checking provides some protection against a malicious server
+sending unexpected filenames, but it comes at a risk of rejecting wanted
+files due to differences between client and server wildcard expansion rules.
+
+For this reason, this also adds a new -T flag to disable the check.
+
+reported by Harry Sintonen
+fix approach suggested by markus@;
+has been in snaps for ~1wk courtesy deraadt@
+
+CVE: CVE-2019-6111
+Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/48a17cff6aa104b8e806ddb2191f83f1024060f1]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ scp.c | 38 +++++++++++++++++++++++++++++---------
+ 1 file changed, 29 insertions(+), 9 deletions(-)
+
+diff --git a/scp.c b/scp.c
+index 384f2cb..bf98986 100644
+--- a/scp.c
++++ b/scp.c
+@@ -76,6 +76,8 @@
+ #include "includes.h"
+ /*RCSID("$OpenBSD: scp.c,v 1.130 2006/01/31 10:35:43 djm Exp $");*/
+
++#include <fnmatch.h>
++
+ #include "atomicio.h"
+ #include "compat.h"
+ #include "scpmisc.h"
+@@ -291,14 +293,14 @@ void verifydir(char *);
+
+ uid_t userid;
+ int errs, remin, remout;
+-int pflag, iamremote, iamrecursive, targetshouldbedirectory;
++int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory;
+
+ #define CMDNEEDS 64
+ char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */
+
+ int response(void);
+ void rsource(char *, struct stat *);
+-void sink(int, char *[]);
++void sink(int, char *[], const char *);
+ void source(int, char *[]);
+ void tolocal(int, char *[]);
+ void toremote(char *, int, char *[]);
+@@ -325,8 +327,8 @@ main(int argc, char **argv)
+ args.list = NULL;
+ addargs(&args, "%s", ssh_program);
+
+- fflag = tflag = 0;
+- while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1)
++ fflag = Tflag = tflag = 0;
++ while ((ch = getopt(argc, argv, "dfl:prtTvBCc:i:P:q1246S:o:F:")) != -1)
+ switch (ch) {
+ /* User-visible flags. */
+ case '1':
+@@ -389,9 +391,12 @@ main(int argc, char **argv)
+ setmode(0, O_BINARY);
+ #endif
+ break;
++ case 'T':
++ Tflag = 1;
++ break;
+ default:
+ usage();
+- }
++ }
+ argc -= optind;
+ argv += optind;
+
+@@ -409,7 +414,7 @@ main(int argc, char **argv)
+ }
+ if (tflag) {
+ /* Receive data. */
+- sink(argc, argv);
++ sink(argc, argv, NULL);
+ exit(errs != 0);
+ }
+ if (argc < 2)
+@@ -590,7 +595,7 @@ tolocal(int argc, char **argv)
+ continue;
+ }
+ xfree(bp);
+- sink(1, argv + argc - 1);
++ sink(1, argv + argc - 1, src);
+ (void) close(remin);
+ remin = remout = -1;
+ }
+@@ -823,7 +828,7 @@ bwlimit(int amount)
+ }
+
+ void
+-sink(int argc, char **argv)
++sink(int argc, char **argv, const char *src)
+ {
+ static BUF buffer;
+ struct stat stb;
+@@ -837,6 +842,7 @@ sink(int argc, char **argv)
+ off_t size, statbytes;
+ int setimes, targisdir, wrerrno = 0;
+ char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
++ char *src_copy = NULL, *restrict_pattern = NULL;
+ struct timeval tv[2];
+
+ #define atime tv[0]
+@@ -858,6 +864,17 @@ sink(int argc, char **argv)
+ (void) atomicio(vwrite, remout, "", 1);
+ if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
+ targisdir = 1;
++ if (src != NULL && !iamrecursive && !Tflag) {
++ /*
++ * Prepare to try to restrict incoming filenames to match
++ * the requested destination file glob.
++ */
++ if ((src_copy = strdup(src)) == NULL)
++ fatal("strdup failed");
++ if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) {
++ *restrict_pattern++ = '\0';
++ }
++ }
+ for (first = 1;; first = 0) {
+ cp = buf;
+ if (atomicio(read, remin, cp, 1) != 1)
+@@ -940,6 +957,9 @@ sink(int argc, char **argv)
+ run_err("error: unexpected filename: %s", cp);
+ exit(1);
+ }
++ if (restrict_pattern != NULL &&
++ fnmatch(restrict_pattern, cp, 0) != 0)
++ SCREWUP("filename does not match request");
+ if (targisdir) {
+ static char *namebuf = NULL;
+ static size_t cursize = 0;
+@@ -978,7 +998,7 @@ sink(int argc, char **argv)
+ goto bad;
+ }
+ vect[0] = xstrdup(np);
+- sink(1, vect);
++ sink(1, vect, src);
+ if (setimes) {
+ setimes = 0;
+ if (utimes(vect[0], tv) < 0)
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 10/26] python3-urllib3: patch CVE-2025-66418
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (8 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 09/26] dropbear: patch CVE-2019-6111 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:47 ` Patchtest results for " patchtest
2026-01-20 13:37 ` [OE-core][kirkstone 11/26] libpcap: patch CVE-2025-11961 Yoann Congal
` (16 subsequent siblings)
26 siblings, 1 reply; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch per [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-66418
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../python3-urllib3/CVE-2025-66418.patch | 70 +++++++++++++++++++
.../python/python3-urllib3_1.26.20.bb | 1 +
2 files changed, 71 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch
diff --git a/meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch b/meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch
new file mode 100644
index 0000000000..67479010e6
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch
@@ -0,0 +1,70 @@
+From 24d7b67eac89f94e11003424bcf0d8f7b72222a8 Mon Sep 17 00:00:00 2001
+From: Illia Volochii <illia.volochii@gmail.com>
+Date: Fri, 5 Dec 2025 16:41:33 +0200
+Subject: [PATCH] Merge commit from fork
+
+* Add a hard-coded limit for the decompression chain
+
+* Reuse new list
+---
+ changelog/GHSA-gm62-xv2j-4w53.security.rst | 4 ++++
+ src/urllib3/response.py | 12 +++++++++++-
+ test/test_response.py | 10 ++++++++++
+ 3 files changed, 25 insertions(+), 1 deletion(-)
+ create mode 100644 changelog/GHSA-gm62-xv2j-4w53.security.rst
+
+diff --git a/changelog/GHSA-gm62-xv2j-4w53.security.rst b/changelog/GHSA-gm62-xv2j-4w53.security.rst
+new file mode 100644
+index 00000000..6646eaa3
+--- /dev/null
++++ b/changelog/GHSA-gm62-xv2j-4w53.security.rst
+@@ -0,0 +1,4 @@
++Fixed a security issue where an attacker could compose an HTTP response with
++virtually unlimited links in the ``Content-Encoding`` header, potentially
++leading to a denial of service (DoS) attack by exhausting system resources
++during decoding. The number of allowed chained encodings is now limited to 5.
+diff --git a/src/urllib3/response.py b/src/urllib3/response.py
+index 4ba42136..069f726c 100644
+--- a/src/urllib3/response.py
++++ b/src/urllib3/response.py
+@@ -135,8 +135,18 @@ class MultiDecoder(object):
+ they were applied.
+ """
+
++ # Maximum allowed number of chained HTTP encodings in the
++ # Content-Encoding header.
++ max_decode_links = 5
++
+ def __init__(self, modes):
+- self._decoders = [_get_decoder(m.strip()) for m in modes.split(",")]
++ encodings = [m.strip() for m in modes.split(",")]
++ if len(encodings) > self.max_decode_links:
++ raise DecodeError(
++ "Too many content encodings in the chain: "
++ f"{len(encodings)} > {self.max_decode_links}"
++ )
++ self._decoders = [_get_decoder(e) for e in encodings]
+
+ def flush(self):
+ return self._decoders[0].flush()
+diff --git a/test/test_response.py b/test/test_response.py
+index 9592fdd9..d824ae70 100644
+--- a/test/test_response.py
++++ b/test/test_response.py
+@@ -295,6 +295,16 @@ class TestResponse(object):
+
+ assert r.data == b"foo"
+
++ def test_read_multi_decoding_too_many_links(self) -> None:
++ fp = BytesIO(b"foo")
++ with pytest.raises(
++ DecodeError, match="Too many content encodings in the chain: 6 > 5"
++ ):
++ HTTPResponse(
++ fp,
++ headers={"content-encoding": "gzip, deflate, br, zstd, gzip, deflate"},
++ )
++
+ def test_body_blob(self):
+ resp = HTTPResponse(b"foo")
+ assert resp.data == b"foo"
diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.20.bb b/meta/recipes-devtools/python/python3-urllib3_1.26.20.bb
index 58988e4205..1f1132d5b5 100644
--- a/meta/recipes-devtools/python/python3-urllib3_1.26.20.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_1.26.20.bb
@@ -9,6 +9,7 @@ inherit pypi setuptools3
SRC_URI += " \
file://CVE-2025-50181.patch \
+ file://CVE-2025-66418.patch \
"
RDEPENDS:${PN} += "\
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 11/26] libpcap: patch CVE-2025-11961
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (9 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 10/26] python3-urllib3: patch CVE-2025-66418 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 12/26] libpcap: patch CVE-2025-11964 Yoann Congal
` (15 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch per [1].
Also pick additional preparation patch to apply it cleanly.
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-11961
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../libpcap/libpcap/CVE-2025-11961-01.patch | 38 ++
.../libpcap/libpcap/CVE-2025-11961-02.patch | 433 ++++++++++++++++++
.../libpcap/libpcap_1.10.1.bb | 2 +
3 files changed, 473 insertions(+)
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch
new file mode 100644
index 0000000000..73c3ab3f5c
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch
@@ -0,0 +1,38 @@
+From 7224be0fe2f4beb916b7b69141f478facd0f0634 Mon Sep 17 00:00:00 2001
+From: Denis Ovsienko <denis@ovsienko.info>
+Date: Sat, 27 Dec 2025 21:36:11 +0000
+Subject: [PATCH] Rename one of the xdtoi() copies to simplify backporting.
+
+CVE: CVE-2025-11961
+Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/7224be0fe2f4beb916b7b69141f478facd0f0634]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ nametoaddr.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/nametoaddr.c b/nametoaddr.c
+index dc75495c..bdaacbf1 100644
+--- a/nametoaddr.c
++++ b/nametoaddr.c
+@@ -646,7 +646,7 @@ pcap_nametollc(const char *s)
+
+ /* Hex digit to 8-bit unsigned integer. */
+ static inline u_char
+-xdtoi(u_char c)
++pcapint_xdtoi(u_char c)
+ {
+ if (c >= '0' && c <= '9')
+ return (u_char)(c - '0');
+@@ -728,10 +728,10 @@ pcap_ether_aton(const char *s)
+ while (*s) {
+ if (*s == ':' || *s == '.' || *s == '-')
+ s += 1;
+- d = xdtoi(*s++);
++ d = pcapint_xdtoi(*s++);
+ if (PCAP_ISXDIGIT(*s)) {
+ d <<= 4;
+- d |= xdtoi(*s++);
++ d |= pcapint_xdtoi(*s++);
+ }
+ *ep++ = d;
+ }
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch
new file mode 100644
index 0000000000..0b0dc5ac40
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch
@@ -0,0 +1,433 @@
+From b2d2f9a9a0581c40780bde509f7cc715920f1c02 Mon Sep 17 00:00:00 2001
+From: Denis Ovsienko <denis@ovsienko.info>
+Date: Fri, 19 Dec 2025 17:31:13 +0000
+Subject: [PATCH] CVE-2025-11961: Fix OOBR and OOBW in pcap_ether_aton().
+
+pcap_ether_aton() has for a long time required its string argument to be
+a well-formed MAC-48 address, which is always the case when the argument
+comes from other libpcap code, so the function has never validated the
+input and used a simple loop to parse any of the three common MAC-48
+address formats. However, the function has also been a part of the
+public API, so calling it directly with a malformed address can cause
+the loop to read beyond the end of the input string and/or to write
+beyond the end of the allocated output buffer.
+
+To handle invalid input more appropriately, replace the simple loop with
+new functions and require the input to match a supported address format.
+
+This problem was reported by Jin Wei, Kunwei Qian and Ping Chen.
+
+(backported from commit dd08e53e9380e217ae7c7768da9cc3d7bf37bf83)
+
+CVE: CVE-2025-11961
+Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gencode.c | 5 +
+ nametoaddr.c | 367 +++++++++++++++++++++++++++++++++++++++++++++++----
+ 2 files changed, 349 insertions(+), 23 deletions(-)
+
+diff --git a/gencode.c b/gencode.c
+index 3ddd15f8..76fb2d82 100644
+--- a/gencode.c
++++ b/gencode.c
+@@ -7206,6 +7206,11 @@ gen_ecode(compiler_state_t *cstate, const char *s, struct qual q)
+ return (NULL);
+
+ if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
++ /*
++ * Because the lexer guards the input string format, in this
++ * context the function returns NULL iff the implicit malloc()
++ * has failed.
++ */
+ cstate->e = pcap_ether_aton(s);
+ if (cstate->e == NULL)
+ bpf_error(cstate, "malloc");
+diff --git a/nametoaddr.c b/nametoaddr.c
+index f9fcd288..f50d0da5 100644
+--- a/nametoaddr.c
++++ b/nametoaddr.c
+@@ -703,39 +703,360 @@ __pcap_atodn(const char *s, bpf_u_int32 *addr)
+ return(32);
+ }
+
++// Man page: "xxxxxxxxxxxx", regexp: "^[0-9a-fA-F]{12}$".
++static u_char
++pcapint_atomac48_xxxxxxxxxxxx(const char *s, uint8_t *addr)
++{
++ if (strlen(s) == 12 &&
++ PCAP_ISXDIGIT(s[0]) &&
++ PCAP_ISXDIGIT(s[1]) &&
++ PCAP_ISXDIGIT(s[2]) &&
++ PCAP_ISXDIGIT(s[3]) &&
++ PCAP_ISXDIGIT(s[4]) &&
++ PCAP_ISXDIGIT(s[5]) &&
++ PCAP_ISXDIGIT(s[6]) &&
++ PCAP_ISXDIGIT(s[7]) &&
++ PCAP_ISXDIGIT(s[8]) &&
++ PCAP_ISXDIGIT(s[9]) &&
++ PCAP_ISXDIGIT(s[10]) &&
++ PCAP_ISXDIGIT(s[11])) {
++ addr[0] = pcapint_xdtoi(s[0]) << 4 | pcapint_xdtoi(s[1]);
++ addr[1] = pcapint_xdtoi(s[2]) << 4 | pcapint_xdtoi(s[3]);
++ addr[2] = pcapint_xdtoi(s[4]) << 4 | pcapint_xdtoi(s[5]);
++ addr[3] = pcapint_xdtoi(s[6]) << 4 | pcapint_xdtoi(s[7]);
++ addr[4] = pcapint_xdtoi(s[8]) << 4 | pcapint_xdtoi(s[9]);
++ addr[5] = pcapint_xdtoi(s[10]) << 4 | pcapint_xdtoi(s[11]);
++ return 1;
++ }
++ return 0;
++}
++
++// Man page: "xxxx.xxxx.xxxx", regexp: "^[0-9a-fA-F]{4}(\.[0-9a-fA-F]{4}){2}$".
++static u_char
++pcapint_atomac48_xxxx_3_times(const char *s, uint8_t *addr)
++{
++ const char sep = '.';
++ if (strlen(s) == 14 &&
++ PCAP_ISXDIGIT(s[0]) &&
++ PCAP_ISXDIGIT(s[1]) &&
++ PCAP_ISXDIGIT(s[2]) &&
++ PCAP_ISXDIGIT(s[3]) &&
++ s[4] == sep &&
++ PCAP_ISXDIGIT(s[5]) &&
++ PCAP_ISXDIGIT(s[6]) &&
++ PCAP_ISXDIGIT(s[7]) &&
++ PCAP_ISXDIGIT(s[8]) &&
++ s[9] == sep &&
++ PCAP_ISXDIGIT(s[10]) &&
++ PCAP_ISXDIGIT(s[11]) &&
++ PCAP_ISXDIGIT(s[12]) &&
++ PCAP_ISXDIGIT(s[13])) {
++ addr[0] = pcapint_xdtoi(s[0]) << 4 | pcapint_xdtoi(s[1]);
++ addr[1] = pcapint_xdtoi(s[2]) << 4 | pcapint_xdtoi(s[3]);
++ addr[2] = pcapint_xdtoi(s[5]) << 4 | pcapint_xdtoi(s[6]);
++ addr[3] = pcapint_xdtoi(s[7]) << 4 | pcapint_xdtoi(s[8]);
++ addr[4] = pcapint_xdtoi(s[10]) << 4 | pcapint_xdtoi(s[11]);
++ addr[5] = pcapint_xdtoi(s[12]) << 4 | pcapint_xdtoi(s[13]);
++ return 1;
++ }
++ return 0;
++}
++
+ /*
+- * Convert 's', which can have the one of the forms:
++ * Man page: "xx:xx:xx:xx:xx:xx", regexp: "^[0-9a-fA-F]{1,2}(:[0-9a-fA-F]{1,2}){5}$".
++ * Man page: "xx-xx-xx-xx-xx-xx", regexp: "^[0-9a-fA-F]{1,2}(-[0-9a-fA-F]{1,2}){5}$".
++ * Man page: "xx.xx.xx.xx.xx.xx", regexp: "^[0-9a-fA-F]{1,2}(\.[0-9a-fA-F]{1,2}){5}$".
++ * (Any "xx" above can be "x", which is equivalent to "0x".)
+ *
+- * "xx:xx:xx:xx:xx:xx"
+- * "xx.xx.xx.xx.xx.xx"
+- * "xx-xx-xx-xx-xx-xx"
+- * "xxxx.xxxx.xxxx"
+- * "xxxxxxxxxxxx"
++ * An equivalent (and parametrisable for EUI-64) FSM could be implemented using
++ * a smaller graph, but that graph would be neither acyclic nor planar nor
++ * trivial to verify.
+ *
+- * (or various mixes of ':', '.', and '-') into a new
+- * ethernet address. Assumes 's' is well formed.
++ * |
++ * [.] v
++ * +<---------- START
++ * | |
++ * | | [0-9a-fA-F]
++ * | [.] v
++ * +<--------- BYTE0_X ----------+
++ * | | |
++ * | | [0-9a-fA-F] |
++ * | [.] v |
++ * +<--------- BYTE0_XX | [:\.-]
++ * | | |
++ * | | [:\.-] |
++ * | [.] v |
++ * +<----- BYTE0_SEP_BYTE1 <-----+
++ * | |
++ * | | [0-9a-fA-F]
++ * | [.] v
++ * +<--------- BYTE1_X ----------+
++ * | | |
++ * | | [0-9a-fA-F] |
++ * | [.] v |
++ * +<--------- BYTE1_XX | <sep>
++ * | | |
++ * | | <sep> |
++ * | [.] v |
++ * +<----- BYTE1_SEP_BYTE2 <-----+
++ * | |
++ * | | [0-9a-fA-F]
++ * | [.] v
++ * +<--------- BYTE2_X ----------+
++ * | | |
++ * | | [0-9a-fA-F] |
++ * | [.] v |
++ * +<--------- BYTE2_XX | <sep>
++ * | | |
++ * | | <sep> |
++ * | [.] v |
++ * +<----- BYTE2_SEP_BYTE3 <-----+
++ * | |
++ * | | [0-9a-fA-F]
++ * | [.] v
++ * +<--------- BYTE3_X ----------+
++ * | | |
++ * | | [0-9a-fA-F] |
++ * | [.] v |
++ * +<--------- BYTE3_XX | <sep>
++ * | | |
++ * | | <sep> |
++ * | [.] v |
++ * +<----- BYTE3_SEP_BYTE4 <-----+
++ * | |
++ * | | [0-9a-fA-F]
++ * | [.] v
++ * +<--------- BYTE4_X ----------+
++ * | | |
++ * | | [0-9a-fA-F] |
++ * | [.] v |
++ * +<--------- BYTE4_XX | <sep>
++ * | | |
++ * | | <sep> |
++ * | [.] v |
++ * +<----- BYTE4_SEP_BYTE5 <-----+
++ * | |
++ * | | [0-9a-fA-F]
++ * | [.] v
++ * +<--------- BYTE5_X ----------+
++ * | | |
++ * | | [0-9a-fA-F] |
++ * | [.] v |
++ * +<--------- BYTE5_XX | \0
++ * | | |
++ * | | \0 |
++ * | | v
++ * +--> (reject) +---------> (accept)
++ *
++ */
++static u_char
++pcapint_atomac48_x_xx_6_times(const char *s, uint8_t *addr)
++{
++ enum {
++ START,
++ BYTE0_X,
++ BYTE0_XX,
++ BYTE0_SEP_BYTE1,
++ BYTE1_X,
++ BYTE1_XX,
++ BYTE1_SEP_BYTE2,
++ BYTE2_X,
++ BYTE2_XX,
++ BYTE2_SEP_BYTE3,
++ BYTE3_X,
++ BYTE3_XX,
++ BYTE3_SEP_BYTE4,
++ BYTE4_X,
++ BYTE4_XX,
++ BYTE4_SEP_BYTE5,
++ BYTE5_X,
++ BYTE5_XX,
++ } fsm_state = START;
++ uint8_t buf[6];
++ const char *seplist = ":.-";
++ char sep;
++
++ while (*s) {
++ switch (fsm_state) {
++ case START:
++ if (PCAP_ISXDIGIT(*s)) {
++ buf[0] = pcapint_xdtoi(*s);
++ fsm_state = BYTE0_X;
++ break;
++ }
++ goto reject;
++ case BYTE0_X:
++ if (strchr(seplist, *s)) {
++ sep = *s;
++ fsm_state = BYTE0_SEP_BYTE1;
++ break;
++ }
++ if (PCAP_ISXDIGIT(*s)) {
++ buf[0] = buf[0] << 4 | pcapint_xdtoi(*s);
++ fsm_state = BYTE0_XX;
++ break;
++ }
++ goto reject;
++ case BYTE0_XX:
++ if (strchr(seplist, *s)) {
++ sep = *s;
++ fsm_state = BYTE0_SEP_BYTE1;
++ break;
++ }
++ goto reject;
++ case BYTE0_SEP_BYTE1:
++ if (PCAP_ISXDIGIT(*s)) {
++ buf[1] = pcapint_xdtoi(*s);
++ fsm_state = BYTE1_X;
++ break;
++ }
++ goto reject;
++ case BYTE1_X:
++ if (*s == sep) {
++ fsm_state = BYTE1_SEP_BYTE2;
++ break;
++ }
++ if (PCAP_ISXDIGIT(*s)) {
++ buf[1] = buf[1] << 4 | pcapint_xdtoi(*s);
++ fsm_state = BYTE1_XX;
++ break;
++ }
++ goto reject;
++ case BYTE1_XX:
++ if (*s == sep) {
++ fsm_state = BYTE1_SEP_BYTE2;
++ break;
++ }
++ goto reject;
++ case BYTE1_SEP_BYTE2:
++ if (PCAP_ISXDIGIT(*s)) {
++ buf[2] = pcapint_xdtoi(*s);
++ fsm_state = BYTE2_X;
++ break;
++ }
++ goto reject;
++ case BYTE2_X:
++ if (*s == sep) {
++ fsm_state = BYTE2_SEP_BYTE3;
++ break;
++ }
++ if (PCAP_ISXDIGIT(*s)) {
++ buf[2] = buf[2] << 4 | pcapint_xdtoi(*s);
++ fsm_state = BYTE2_XX;
++ break;
++ }
++ goto reject;
++ case BYTE2_XX:
++ if (*s == sep) {
++ fsm_state = BYTE2_SEP_BYTE3;
++ break;
++ }
++ goto reject;
++ case BYTE2_SEP_BYTE3:
++ if (PCAP_ISXDIGIT(*s)) {
++ buf[3] = pcapint_xdtoi(*s);
++ fsm_state = BYTE3_X;
++ break;
++ }
++ goto reject;
++ case BYTE3_X:
++ if (*s == sep) {
++ fsm_state = BYTE3_SEP_BYTE4;
++ break;
++ }
++ if (PCAP_ISXDIGIT(*s)) {
++ buf[3] = buf[3] << 4 | pcapint_xdtoi(*s);
++ fsm_state = BYTE3_XX;
++ break;
++ }
++ goto reject;
++ case BYTE3_XX:
++ if (*s == sep) {
++ fsm_state = BYTE3_SEP_BYTE4;
++ break;
++ }
++ goto reject;
++ case BYTE3_SEP_BYTE4:
++ if (PCAP_ISXDIGIT(*s)) {
++ buf[4] = pcapint_xdtoi(*s);
++ fsm_state = BYTE4_X;
++ break;
++ }
++ goto reject;
++ case BYTE4_X:
++ if (*s == sep) {
++ fsm_state = BYTE4_SEP_BYTE5;
++ break;
++ }
++ if (PCAP_ISXDIGIT(*s)) {
++ buf[4] = buf[4] << 4 | pcapint_xdtoi(*s);
++ fsm_state = BYTE4_XX;
++ break;
++ }
++ goto reject;
++ case BYTE4_XX:
++ if (*s == sep) {
++ fsm_state = BYTE4_SEP_BYTE5;
++ break;
++ }
++ goto reject;
++ case BYTE4_SEP_BYTE5:
++ if (PCAP_ISXDIGIT(*s)) {
++ buf[5] = pcapint_xdtoi(*s);
++ fsm_state = BYTE5_X;
++ break;
++ }
++ goto reject;
++ case BYTE5_X:
++ if (PCAP_ISXDIGIT(*s)) {
++ buf[5] = buf[5] << 4 | pcapint_xdtoi(*s);
++ fsm_state = BYTE5_XX;
++ break;
++ }
++ goto reject;
++ case BYTE5_XX:
++ goto reject;
++ } // switch
++ s++;
++ } // while
++
++ if (fsm_state == BYTE5_X || fsm_state == BYTE5_XX) {
++ // accept
++ memcpy(addr, buf, sizeof(buf));
++ return 1;
++ }
++
++reject:
++ return 0;
++}
++
++// The 'addr' argument must point to an array of at least 6 elements.
++static int
++pcapint_atomac48(const char *s, uint8_t *addr)
++{
++ return s && (
++ pcapint_atomac48_xxxxxxxxxxxx(s, addr) ||
++ pcapint_atomac48_xxxx_3_times(s, addr) ||
++ pcapint_atomac48_x_xx_6_times(s, addr)
++ );
++}
++
++/*
++ * If 's' is a MAC-48 address in one of the forms documented in pcap-filter(7)
++ * for "ether host", return a pointer to an allocated buffer with the binary
++ * value of the address. Return NULL on any error.
+ */
+ u_char *
+ pcap_ether_aton(const char *s)
+ {
+- register u_char *ep, *e;
+- register u_char d;
++ uint8_t tmp[6];
++ if (! pcapint_atomac48(s, tmp))
++ return (NULL);
+
+- e = ep = (u_char *)malloc(6);
++ u_char *e = malloc(6);
+ if (e == NULL)
+ return (NULL);
+-
+- while (*s) {
+- if (*s == ':' || *s == '.' || *s == '-')
+- s += 1;
+- d = pcapint_xdtoi(*s++);
+- if (PCAP_ISXDIGIT(*s)) {
+- d <<= 4;
+- d |= pcapint_xdtoi(*s++);
+- }
+- *ep++ = d;
+- }
+-
++ memcpy(e, tmp, sizeof(tmp));
+ return (e);
+ }
+
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
index 584e98c76d..b3bd4f669a 100644
--- a/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
+++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
@@ -17,6 +17,8 @@ SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
file://CVE-2023-7256-pre4.patch \
file://CVE-2023-7256.patch \
file://CVE-2024-8006.patch \
+ file://CVE-2025-11961-01.patch \
+ file://CVE-2025-11961-02.patch \
"
SRC_URI[sha256sum] = "ed285f4accaf05344f90975757b3dbfe772ba41d1c401c2648b7fa45b711bdd4"
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 12/26] libpcap: patch CVE-2025-11964
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (10 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 11/26] libpcap: patch CVE-2025-11961 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 13/26] python3: fix CVE-2025-13836 Yoann Congal
` (14 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch per [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-11964
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../libpcap/libpcap/CVE-2025-11964.patch | 33 +++++++++++++++++++
.../libpcap/libpcap_1.10.1.bb | 1 +
2 files changed, 34 insertions(+)
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch
new file mode 100644
index 0000000000..003d21fb1f
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch
@@ -0,0 +1,33 @@
+From 7fabf607f2319a36a0bd78444247180acb838e69 Mon Sep 17 00:00:00 2001
+From: Guy Harris <gharris@sonic.net>
+Date: Sun, 7 Sep 2025 12:51:56 -0700
+Subject: [PATCH] Fix a copy-and-pasteo in utf_16le_to_utf_8_truncated().
+
+For the four octets of UTF-8 case, it was decrementing the remaining
+buffer length by 3, not 4.
+
+Thanks to a team of developers from the Univesity of Waterloo for
+reporting this.
+
+(cherry picked from commit aebfca1aea2fc8c177760a26e8f4de27b51d1b3b)
+
+CVE: CVE-2025-11964
+Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/7fabf607f2319a36a0bd78444247180acb838e69]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ fmtutils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fmtutils.c b/fmtutils.c
+index a5a4fe62..78a0f8b7 100644
+--- a/fmtutils.c
++++ b/fmtutils.c
+@@ -235,7 +235,7 @@ utf_16le_to_utf_8_truncated(const wchar_t *utf_16, char *utf_8,
+ *utf_8++ = ((uc >> 12) & 0x3F) | 0x80;
+ *utf_8++ = ((uc >> 6) & 0x3F) | 0x80;
+ *utf_8++ = ((uc >> 0) & 0x3F) | 0x80;
+- utf_8_len -= 3;
++ utf_8_len -= 4;
+ }
+ }
+
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
index b3bd4f669a..5e136e3b1a 100644
--- a/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
+++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
@@ -19,6 +19,7 @@ SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
file://CVE-2024-8006.patch \
file://CVE-2025-11961-01.patch \
file://CVE-2025-11961-02.patch \
+ file://CVE-2025-11964.patch \
"
SRC_URI[sha256sum] = "ed285f4accaf05344f90975757b3dbfe772ba41d1c401c2648b7fa45b711bdd4"
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 13/26] python3: fix CVE-2025-13836
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (11 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 12/26] libpcap: patch CVE-2025-11964 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 14/26] libarchive: fix CVE-2025-60753 regression Yoann Congal
` (13 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../python/python3/CVE-2025-13836.patch | 163 ++++++++++++++++++
.../python/python3_3.10.19.bb | 1 +
2 files changed, 164 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13836.patch
diff --git a/meta/recipes-devtools/python/python3/CVE-2025-13836.patch b/meta/recipes-devtools/python/python3/CVE-2025-13836.patch
new file mode 100644
index 0000000000..c4387b6019
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2025-13836.patch
@@ -0,0 +1,163 @@
+From 289f29b0fe38baf2d7cb5854f4bb573cc34a6a15 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Fri, 5 Dec 2025 16:21:57 +0100
+Subject: [PATCH] [3.13] gh-119451: Fix a potential denial of service in
+ http.client (GH-119454) (#142139)
+
+gh-119451: Fix a potential denial of service in http.client (GH-119454)
+
+Reading the whole body of the HTTP response could cause OOM if
+the Content-Length value is too large even if the server does not send
+a large amount of data. Now the HTTP client reads large data by chunks,
+therefore the amount of consumed memory is proportional to the amount
+of sent data.
+(cherry picked from commit 5a4c4a033a4a54481be6870aa1896fad732555b5)
+
+CVE: CVE-2025-13836
+Upstream-Status: Backport [https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ Lib/http/client.py | 28 ++++++--
+ Lib/test/test_httplib.py | 66 +++++++++++++++++++
+ ...-05-23-11-47-48.gh-issue-119451.qkJe9-.rst | 5 ++
+ 3 files changed, 95 insertions(+), 4 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst
+
+diff --git a/Lib/http/client.py b/Lib/http/client.py
+index d1b7b10..c8ab5b7 100644
+--- a/Lib/http/client.py
++++ b/Lib/http/client.py
+@@ -111,6 +111,11 @@ responses = {v: v.phrase for v in http.HTTPStatus.__members__.values()}
+ _MAXLINE = 65536
+ _MAXHEADERS = 100
+
++# Data larger than this will be read in chunks, to prevent extreme
++# overallocation.
++_MIN_READ_BUF_SIZE = 1 << 20
++
++
+ # Header name/value ABNF (http://tools.ietf.org/html/rfc7230#section-3.2)
+ #
+ # VCHAR = %x21-7E
+@@ -628,10 +633,25 @@ class HTTPResponse(io.BufferedIOBase):
+ reading. If the bytes are truly not available (due to EOF), then the
+ IncompleteRead exception can be used to detect the problem.
+ """
+- data = self.fp.read(amt)
+- if len(data) < amt:
+- raise IncompleteRead(data, amt-len(data))
+- return data
++ cursize = min(amt, _MIN_READ_BUF_SIZE)
++ data = self.fp.read(cursize)
++ if len(data) >= amt:
++ return data
++ if len(data) < cursize:
++ raise IncompleteRead(data, amt - len(data))
++
++ data = io.BytesIO(data)
++ data.seek(0, 2)
++ while True:
++ # This is a geometric increase in read size (never more than
++ # doubling out the current length of data per loop iteration).
++ delta = min(cursize, amt - cursize)
++ data.write(self.fp.read(delta))
++ if data.tell() >= amt:
++ return data.getvalue()
++ cursize += delta
++ if data.tell() < cursize:
++ raise IncompleteRead(data.getvalue(), amt - data.tell())
+
+ def _safe_readinto(self, b):
+ """Same as _safe_read, but for reading into a buffer."""
+diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py
+index 77152cf..89ec5f6 100644
+--- a/Lib/test/test_httplib.py
++++ b/Lib/test/test_httplib.py
+@@ -1226,6 +1226,72 @@ class BasicTest(TestCase):
+ thread.join()
+ self.assertEqual(result, b"proxied data\n")
+
++ def test_large_content_length(self):
++ serv = socket.create_server((HOST, 0))
++ self.addCleanup(serv.close)
++
++ def run_server():
++ [conn, address] = serv.accept()
++ with conn:
++ while conn.recv(1024):
++ conn.sendall(
++ b"HTTP/1.1 200 Ok\r\n"
++ b"Content-Length: %d\r\n"
++ b"\r\n" % size)
++ conn.sendall(b'A' * (size//3))
++ conn.sendall(b'B' * (size - size//3))
++
++ thread = threading.Thread(target=run_server)
++ thread.start()
++ self.addCleanup(thread.join, 1.0)
++
++ conn = client.HTTPConnection(*serv.getsockname())
++ try:
++ for w in range(15, 27):
++ size = 1 << w
++ conn.request("GET", "/")
++ with conn.getresponse() as response:
++ self.assertEqual(len(response.read()), size)
++ finally:
++ conn.close()
++ thread.join(1.0)
++
++ def test_large_content_length_truncated(self):
++ serv = socket.create_server((HOST, 0))
++ self.addCleanup(serv.close)
++
++ def run_server():
++ while True:
++ [conn, address] = serv.accept()
++ with conn:
++ conn.recv(1024)
++ if not size:
++ break
++ conn.sendall(
++ b"HTTP/1.1 200 Ok\r\n"
++ b"Content-Length: %d\r\n"
++ b"\r\n"
++ b"Text" % size)
++
++ thread = threading.Thread(target=run_server)
++ thread.start()
++ self.addCleanup(thread.join, 1.0)
++
++ conn = client.HTTPConnection(*serv.getsockname())
++ try:
++ for w in range(18, 65):
++ size = 1 << w
++ conn.request("GET", "/")
++ with conn.getresponse() as response:
++ self.assertRaises(client.IncompleteRead, response.read)
++ conn.close()
++ finally:
++ conn.close()
++ size = 0
++ conn.request("GET", "/")
++ conn.close()
++ thread.join(1.0)
++
+ def test_putrequest_override_domain_validation(self):
+ """
+ It should be possible to override the default validation
+diff --git a/Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst b/Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst
+new file mode 100644
+index 0000000..6d6f25c
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst
+@@ -0,0 +1,5 @@
++Fix a potential memory denial of service in the :mod:`http.client` module.
++When connecting to a malicious server, it could cause
++an arbitrary amount of memory to be allocated.
++This could have led to symptoms including a :exc:`MemoryError`, swapping, out
++of memory (OOM) killed processes or containers, or even system crashes.
+--
+2.50.1
+
diff --git a/meta/recipes-devtools/python/python3_3.10.19.bb b/meta/recipes-devtools/python/python3_3.10.19.bb
index 6f23d258c1..5140445ad8 100644
--- a/meta/recipes-devtools/python/python3_3.10.19.bb
+++ b/meta/recipes-devtools/python/python3_3.10.19.bb
@@ -38,6 +38,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://0001-test_storlines-skip-due-to-load-variability.patch \
file://0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch \
file://CVE-2025-6075.patch \
+ file://CVE-2025-13836.patch \
"
SRC_URI:append:class-native = " \
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 14/26] libarchive: fix CVE-2025-60753 regression
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (12 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 13/26] python3: fix CVE-2025-13836 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 15/26] curl: patch CVE-2025-14017 Yoann Congal
` (12 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch from PR mentioned in v3.8.5 release notes.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...25-60753.patch => CVE-2025-60753-01.patch} | 0
.../libarchive/CVE-2025-60753-02.patch | 46 +++++++++++++++++++
.../libarchive/libarchive_3.6.2.bb | 3 +-
3 files changed, 48 insertions(+), 1 deletion(-)
rename meta/recipes-extended/libarchive/libarchive/{CVE-2025-60753.patch => CVE-2025-60753-01.patch} (100%)
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-01.patch
similarity index 100%
rename from meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch
rename to meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-01.patch
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch
new file mode 100644
index 0000000000..525ee2462c
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch
@@ -0,0 +1,46 @@
+From cfb02de558d843dc5355c4aa2aeb4af49f88bdb9 Mon Sep 17 00:00:00 2001
+From: Martin Matuska <martin@matuska.de>
+Date: Mon, 8 Dec 2025 21:40:46 +0100
+Subject: [PATCH] tar: fix off-bounds read resulting from #2787 (3150539ed)
+
+CVE: CVE-2025-60753
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/cfb02de558d843dc5355c4aa2aeb4af49f88bdb9]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ tar/subst.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/tar/subst.c b/tar/subst.c
+index a466f653..53497ad0 100644
+--- a/tar/subst.c
++++ b/tar/subst.c
+@@ -239,7 +239,7 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
+
+ char isEnd = 0;
+ do {
+- isEnd = *name == '\0';
++ isEnd = *name == '\0';
+ if (regexec(&rule->re, name, 10, matches, 0))
+ break;
+
+@@ -294,13 +294,13 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
+
+ realloc_strcat(result, rule->result + j);
+ if (matches[0].rm_eo > 0) {
+- name += matches[0].rm_eo;
+- } else {
+- // We skip a character because the match is 0-length
+- // so we need to add it to the output
+- realloc_strncat(result, name, 1);
+- name += 1;
+- }
++ name += matches[0].rm_eo;
++ } else if (!isEnd) {
++ // We skip a character because the match is 0-length
++ // so we need to add it to the output
++ realloc_strncat(result, name, 1);
++ name += 1;
++ }
+ } while (rule->global && !isEnd); // Testing one step after because sed et al. run 0-length patterns a last time on the empty string at the end
+ }
+
diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index 66f30ec89b..e74326b40f 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -48,7 +48,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
file://0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch \
file://0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch \
file://0001-Merge-pull-request-2768-from-Commandoss-master.patch \
- file://CVE-2025-60753.patch \
+ file://CVE-2025-60753-01.patch \
+ file://CVE-2025-60753-02.patch \
"
UPSTREAM_CHECK_URI = "http://libarchive.org/"
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 15/26] curl: patch CVE-2025-14017
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (13 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 14/26] libarchive: fix CVE-2025-60753 regression Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 16/26] curl: patch CVE-2025-15079 Yoann Congal
` (11 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch per [1].
[1] https://curl.se/docs/CVE-2025-14017.html
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../curl/curl/CVE-2025-14017.patch | 115 ++++++++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
2 files changed, 116 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14017.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2025-14017.patch b/meta/recipes-support/curl/curl/CVE-2025-14017.patch
new file mode 100644
index 0000000000..a18e1d74dd
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2025-14017.patch
@@ -0,0 +1,115 @@
+From 39d1976b7f709a516e3243338ebc0443bdd8d56d Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 4 Dec 2025 00:14:20 +0100
+Subject: [PATCH] ldap: call ldap_init() before setting the options
+
+Closes #19830
+
+CVE: CVE-2025-14017
+Upstream-Status: Backport [https://github.com/curl/curl/commit/39d1976b7f709a516e3243338ebc0443bdd8d56d]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/ldap.c | 49 +++++++++++++++++++------------------------------
+ 1 file changed, 19 insertions(+), 30 deletions(-)
+
+diff --git a/lib/ldap.c b/lib/ldap.c
+index 63b2cbc414..0911a9239a 100644
+--- a/lib/ldap.c
++++ b/lib/ldap.c
+@@ -333,16 +333,29 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
+ passwd = conn->passwd;
+ }
+
++#ifdef USE_WIN32_LDAP
++ if(ldap_ssl)
++ server = ldap_sslinit(host, (int)conn->port, 1);
++ else
++#else
++ server = ldap_init(host, (int)conn->port);
++#endif
++ if(!server) {
++ failf(data, "LDAP local: Cannot connect to %s:%ld",
++ conn->host.dispname, conn->port);
++ result = CURLE_COULDNT_CONNECT;
++ goto quit;
++ }
++
+ #ifdef LDAP_OPT_NETWORK_TIMEOUT
+- ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout);
++ ldap_set_option(server, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout);
+ #endif
+- ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
++ ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
+
+ if(ldap_ssl) {
+ #ifdef HAVE_LDAP_SSL
+ #ifdef USE_WIN32_LDAP
+ /* Win32 LDAP SDK doesn't support insecure mode without CA! */
+- server = ldap_sslinit(host, (int)conn->port, 1);
+ ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON);
+ #else
+ int ldap_option;
+@@ -410,7 +423,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
+ goto quit;
+ }
+ infof(data, "LDAP local: using PEM CA cert: %s", ldap_ca);
+- rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ldap_ca);
++ rc = ldap_set_option(server, LDAP_OPT_X_TLS_CACERTFILE, ldap_ca);
+ if(rc != LDAP_SUCCESS) {
+ failf(data, "LDAP local: ERROR setting PEM CA cert: %s",
+ ldap_err2string(rc));
+@@ -422,20 +435,13 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
+ else
+ ldap_option = LDAP_OPT_X_TLS_NEVER;
+
+- rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_option);
++ rc = ldap_set_option(server, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_option);
+ if(rc != LDAP_SUCCESS) {
+ failf(data, "LDAP local: ERROR setting cert verify mode: %s",
+ ldap_err2string(rc));
+ result = CURLE_SSL_CERTPROBLEM;
+ goto quit;
+ }
+- server = ldap_init(host, (int)conn->port);
+- if(!server) {
+- failf(data, "LDAP local: Cannot connect to %s:%ld",
+- conn->host.dispname, conn->port);
+- result = CURLE_COULDNT_CONNECT;
+- goto quit;
+- }
+ ldap_option = LDAP_OPT_X_TLS_HARD;
+ rc = ldap_set_option(server, LDAP_OPT_X_TLS, &ldap_option);
+ if(rc != LDAP_SUCCESS) {
+@@ -444,15 +450,6 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
+ result = CURLE_SSL_CERTPROBLEM;
+ goto quit;
+ }
+-/*
+- rc = ldap_start_tls_s(server, NULL, NULL);
+- if(rc != LDAP_SUCCESS) {
+- failf(data, "LDAP local: ERROR starting SSL/TLS mode: %s",
+- ldap_err2string(rc));
+- result = CURLE_SSL_CERTPROBLEM;
+- goto quit;
+- }
+-*/
+ #else
+ /* we should probably never come up to here since configure
+ should check in first place if we can support LDAP SSL/TLS */
+@@ -469,15 +466,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
+ result = CURLE_NOT_BUILT_IN;
+ goto quit;
+ }
+- else {
+- server = ldap_init(host, (int)conn->port);
+- if(!server) {
+- failf(data, "LDAP local: Cannot connect to %s:%ld",
+- conn->host.dispname, conn->port);
+- result = CURLE_COULDNT_CONNECT;
+- goto quit;
+- }
+- }
++
+ #ifdef USE_WIN32_LDAP
+ ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
+ rc = ldap_win_bind(data, server, user, passwd);
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index 2326392a4f..db3dc01929 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -67,6 +67,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2024-11053-0002.patch \
file://CVE-2025-0167.patch \
file://CVE-2025-9086.patch \
+ file://CVE-2025-14017.patch \
"
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 16/26] curl: patch CVE-2025-15079
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (14 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 15/26] curl: patch CVE-2025-14017 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 17/26] curl: patch CVE-2025-15224 Yoann Congal
` (10 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch per [1].
[1] https://curl.se/docs/CVE-2025-15079.html
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../curl/curl/CVE-2025-15079.patch | 32 +++++++++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
2 files changed, 33 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15079.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2025-15079.patch b/meta/recipes-support/curl/curl/CVE-2025-15079.patch
new file mode 100644
index 0000000000..47fa518309
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2025-15079.patch
@@ -0,0 +1,32 @@
+From adca486c125d9a6d9565b9607a19dce803a8b479 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 24 Dec 2025 17:47:03 +0100
+Subject: [PATCH] libssh: set both knownhosts options to the same file
+
+Reported-by: Harry Sintonen
+
+Closes #20092
+
+CVE: CVE-2025-15079
+Upstream-Status: Backport [https://github.com/curl/curl/commit/adca486c125d9a6d9565b9607a19dce803a8b479]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/vssh/libssh.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
+index 7d5905c83d..98c109ab59 100644
+--- a/lib/vssh/libssh.c
++++ b/lib/vssh/libssh.c
+@@ -2224,6 +2224,11 @@ static CURLcode myssh_connect(struct Curl_easy *data, bool *done)
+ infof(data, "Known hosts: %s", data->set.str[STRING_SSH_KNOWNHOSTS]);
+ rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_KNOWNHOSTS,
+ data->set.str[STRING_SSH_KNOWNHOSTS]);
++ if(rc == SSH_OK)
++ /* libssh has two separate options for this. Set both to the same file
++ to avoid surprises */
++ rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_GLOBAL_KNOWNHOSTS,
++ data->set.str[STRING_SSH_KNOWNHOSTS]);
+ if(rc != SSH_OK) {
+ failf(data, "Could not set known hosts file path");
+ return CURLE_FAILED_INIT;
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index db3dc01929..9c1a90e191 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -68,6 +68,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2025-0167.patch \
file://CVE-2025-9086.patch \
file://CVE-2025-14017.patch \
+ file://CVE-2025-15079.patch \
"
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 17/26] curl: patch CVE-2025-15224
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (15 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 16/26] curl: patch CVE-2025-15079 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 18/26] gnupg: patch CVE-2025-68973 Yoann Congal
` (9 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch per [1].
[1] https://curl.se/docs/CVE-2025-15224.html
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../curl/curl/CVE-2025-15224.patch | 31 +++++++++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
2 files changed, 32 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15224.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2025-15224.patch b/meta/recipes-support/curl/curl/CVE-2025-15224.patch
new file mode 100644
index 0000000000..36f5f1b93a
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2025-15224.patch
@@ -0,0 +1,31 @@
+From 16d5f2a5660c61cc27bd5f1c7f512391d1c927aa Mon Sep 17 00:00:00 2001
+From: Harry Sintonen <sintonen@iki.fi>
+Date: Mon, 29 Dec 2025 16:56:39 +0100
+Subject: [PATCH] libssh: require private key or user-agent for public key auth
+
+Closes #20110
+
+CVE: CVE-2025-15224
+Upstream-Status: Backport [https://github.com/curl/curl/commit/16d5f2a5660c61cc27bd5f1c7f512391d1c927aa]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/vssh/libssh.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
+index 5d5125b526..bde6355f73 100644
+--- a/lib/vssh/libssh.c
++++ b/lib/vssh/libssh.c
+@@ -741,7 +741,11 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
+ }
+
+ sshc->auth_methods = ssh_userauth_list(sshc->ssh_session, NULL);
+- if(sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) {
++ /* For public key auth we need either the private key or
++ CURLSSH_AUTH_AGENT. */
++ if((sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) &&
++ (data->set.str[STRING_SSH_PRIVATE_KEY] ||
++ (data->set.ssh_auth_types & CURLSSH_AUTH_AGENT))) {
+ state(data, SSH_AUTH_PKEY_INIT);
+ infof(data, "Authentication using SSH public key file");
+ }
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index 9c1a90e191..72bd1a2088 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -69,6 +69,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2025-9086.patch \
file://CVE-2025-14017.patch \
file://CVE-2025-15079.patch \
+ file://CVE-2025-15224.patch \
"
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 18/26] gnupg: patch CVE-2025-68973
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (16 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 17/26] curl: patch CVE-2025-15224 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 19/26] binutils: Fix CVE-2025-1181 Yoann Congal
` (8 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch from 2.4 branch per [1].
[1] https://security-tracker.debian.org/tracker/CVE-2025-68973
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../gnupg/gnupg/CVE-2025-68973.patch | 108 ++++++++++++++++++
meta/recipes-support/gnupg/gnupg_2.3.7.bb | 1 +
2 files changed, 109 insertions(+)
create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch
diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch b/meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch
new file mode 100644
index 0000000000..1d5225361b
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch
@@ -0,0 +1,108 @@
+From 4ecc5122f20e10c17172ed72f4fa46c784b5fb48 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 23 Oct 2025 11:36:04 +0200
+Subject: [PATCH] gpg: Fix possible memory corruption in the armor parser.
+
+* g10/armor.c (armor_filter): Fix faulty double increment.
+
+* common/iobuf.c (underflow_target): Assert that the filter
+implementations behave well.
+--
+
+This fixes a bug in a code path which can only be reached with special
+crafted input data and would then error out at an upper layer due to
+corrupt input (every second byte in the buffer is unitialized
+garbage). No fuzzing has yet hit this case and we don't have a test
+case for this code path. However memory corruption can never be
+tolerated as it always has the protential for remode code execution.
+
+Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a
+Fixes-commit: c27c7416d5148865a513e007fb6f0a34993a6073
+which fixed
+Fixes-commit: 7d0efec7cf5ae110c99511abc32587ff0c45b14f
+Backported-from-master: 115d138ba599328005c5321c0ef9f00355838ca9
+
+The bug was introduced on 1999-01-07 by me:
+* armor.c: Rewrote large parts.
+which I fixed on 1999-03-02 but missed to fix the other case:
+* armor.c (armor_filter): Fixed armor bypassing.
+
+Below is base64+gzipped test data which can be used with valgrind to
+show access to uninitalized memory in write(2) in the unpatched code.
+
+--8<---------------cut here---------------start------------->8---
+H4sICIDd+WgCA3h4AO3QMQ6CQBCG0djOKbY3G05gscYFSRAJt/AExp6Di0cQG0ze
+a//MV0zOq3Pt+jFN3ZTKfLvP9ZLafqifJUe8juOjeZbVtSkbRPmRgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgMCXF6dYDgAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7E14AAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwZ94aieId3+8EAA==
+--8<---------------cut here---------------end--------------->8---
+
+CVE: CVE-2025-68973
+Upstream-Status: Backport [https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ common/iobuf.c | 8 +++++++-
+ g10/armor.c | 4 ++--
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/common/iobuf.c b/common/iobuf.c
+index 748e6935d..2497713c1 100644
+--- a/common/iobuf.c
++++ b/common/iobuf.c
+@@ -2041,6 +2041,8 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target)
+ rc = 0;
+ else
+ {
++ size_t tmplen;
++
+ /* If no buffered data and drain buffer has been setup, and drain
+ * buffer is largish, read data directly to drain buffer. */
+ if (a->d.len == 0
+@@ -2053,8 +2055,10 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target)
+ log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes, to external drain)\n",
+ a->no, a->subno, (ulong)len);
+
+- rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
++ tmplen = len; /* Used to check for bugs in the filter. */
++ rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
+ a->e_d.buf, &len);
++ log_assert (len <= tmplen);
+ a->e_d.used = len;
+ len = 0;
+ }
+@@ -2064,8 +2068,10 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target)
+ log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes)\n",
+ a->no, a->subno, (ulong)len);
+
++ tmplen = len; /* Used to check for bugs in the filter. */
+ rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
+ &a->d.buf[a->d.len], &len);
++ log_assert (len <= tmplen);
+ }
+ }
+ a->d.len += len;
+diff --git a/g10/armor.c b/g10/armor.c
+index 81af15339..f8cfa86db 100644
+--- a/g10/armor.c
++++ b/g10/armor.c
+@@ -1312,8 +1312,8 @@ armor_filter( void *opaque, int control,
+ n = 0;
+ if( afx->buffer_len ) {
+ /* Copy the data from AFX->BUFFER to BUF. */
+- for(; n < size && afx->buffer_pos < afx->buffer_len; n++ )
+- buf[n++] = afx->buffer[afx->buffer_pos++];
++ for(; n < size && afx->buffer_pos < afx->buffer_len;)
++ buf[n++] = afx->buffer[afx->buffer_pos++];
+ if( afx->buffer_pos >= afx->buffer_len )
+ afx->buffer_len = 0;
+ }
diff --git a/meta/recipes-support/gnupg/gnupg_2.3.7.bb b/meta/recipes-support/gnupg/gnupg_2.3.7.bb
index 27b2d3682a..f52ae921d4 100644
--- a/meta/recipes-support/gnupg/gnupg_2.3.7.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.3.7.bb
@@ -23,6 +23,7 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://CVE-2025-30258-0003.patch \
file://CVE-2025-30258-0004.patch \
file://CVE-2025-30258-0005.patch \
+ file://CVE-2025-68973.patch \
"
SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \
file://relocate.patch"
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 19/26] binutils: Fix CVE-2025-1181
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (17 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 18/26] gnupg: patch CVE-2025-68973 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 20/26] pseudo: Upgrade to version 1.9.1 Yoann Congal
` (7 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
import patch from ubuntu to fix
CVE-2025-1181
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/binutils/tree/debian/patches?h=ubuntu/jammy-security
Upstream commit
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24
&
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=18cc11a2771d9e40180485da9a4fb660c03efac3]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
[Yoann Congal: Corrected the second patch SHA1 in URLs "18cc11a..."]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../binutils/binutils-2.38.inc | 2 +
.../binutils/binutils/CVE-2025-1181-pre.patch | 149 ++++++++
.../binutils/binutils/CVE-2025-1181.patch | 342 ++++++++++++++++++
3 files changed, 493 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index d268880409..36f9c7ce27 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -89,5 +89,7 @@ SRC_URI = "\
file://0048-CVE-2025-11494.patch \
file://0049-CVE-2025-11839.patch \
file://0050-CVE-2025-11840.patch \
+ file://CVE-2025-1181-pre.patch \
+ file://CVE-2025-1181.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch
new file mode 100644
index 0000000000..ffad871657
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch
@@ -0,0 +1,149 @@
+Backported of:
+
+From 18cc11a2771d9e40180485da9a4fb660c03efac3 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 14:31:10 +0000
+Subject: [PATCH] Prevent illegal memory access when checking relocs in a
+ corrupt ELF binary.
+
+PR 32641
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/binutils/tree/debian/patches/CVE-2025-1181-pre.patch?h=ubuntu/jammy-security
+Upstream commit https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=18cc11a2771d9e40180485da9a4fb660c03efac3]
+CVE: CVE-2025-1181
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ bfd/elf-bfd.h | 3 +++
+ bfd/elf64-x86-64.c | 10 +++++-----
+ bfd/elflink.c | 24 ++++++++++++++++++++++++
+ bfd/elfxx-x86.c | 20 +++++++-------------
+ 4 files changed, 39 insertions(+), 18 deletions(-)
+Index: binutils-2.38/bfd/elf-bfd.h
+===================================================================
+--- binutils-2.38.orig/bfd/elf-bfd.h
++++ binutils-2.38/bfd/elf-bfd.h
+@@ -3007,6 +3007,9 @@ extern bool _bfd_elf_maybe_set_textrel
+ extern bool _bfd_elf_add_dynamic_tags
+ (bfd *, struct bfd_link_info *, bool);
+
++extern struct elf_link_hash_entry * _bfd_elf_get_link_hash_entry
++ (struct elf_link_hash_entry **, unsigned int, Elf_Internal_Shdr *);
++
+ /* Large common section. */
+ extern asection _bfd_elf_large_com_section;
+
+Index: binutils-2.38/bfd/elf64-x86-64.c
+===================================================================
+--- binutils-2.38.orig/bfd/elf64-x86-64.c
++++ binutils-2.38/bfd/elf64-x86-64.c
+@@ -1484,7 +1484,7 @@ elf_x86_64_convert_load_reloc (bfd *abfd
+ bool to_reloc_pc32;
+ bool abs_symbol;
+ bool local_ref;
+- asection *tsec;
++ asection *tsec = NULL;
+ bfd_signed_vma raddend;
+ unsigned int opcode;
+ unsigned int modrm;
+@@ -1639,6 +1639,9 @@ elf_x86_64_convert_load_reloc (bfd *abfd
+ return true;
+ }
+
++ if (tsec == NULL)
++ return false;
++
+ /* Don't convert GOTPCREL relocation against large section. */
+ if (elf_section_data (tsec) != NULL
+ && (elf_section_flags (tsec) & SHF_X86_64_LARGE) != 0)
+@@ -1915,10 +1918,7 @@ elf_x86_64_scan_relocs (bfd *abfd, struc
+ else
+ {
+ isym = NULL;
+- h = sym_hashes[r_symndx - symtab_hdr->sh_info];
+- while (h->root.type == bfd_link_hash_indirect
+- || h->root.type == bfd_link_hash_warning)
+- h = (struct elf_link_hash_entry *) h->root.u.i.link;
++ h = _bfd_elf_get_link_hash_entry (sym_hashes, r_symndx, symtab_hdr);
+ }
+
+ /* Check invalid x32 relocations. */
+Index: binutils-2.38/bfd/elflink.c
+===================================================================
+--- binutils-2.38.orig/bfd/elflink.c
++++ binutils-2.38/bfd/elflink.c
+@@ -62,6 +62,27 @@ struct elf_find_verdep_info
+ static bool _bfd_elf_fix_symbol_flags
+ (struct elf_link_hash_entry *, struct elf_info_failed *);
+
++struct elf_link_hash_entry *
++_bfd_elf_get_link_hash_entry (struct elf_link_hash_entry ** sym_hashes,
++ unsigned int symndx,
++ Elf_Internal_Shdr * symtab_hdr)
++{
++ if (symndx < symtab_hdr->sh_info)
++ return NULL;
++
++ struct elf_link_hash_entry *h = sym_hashes[symndx - symtab_hdr->sh_info];
++
++ /* The hash might be empty. See PR 32641 for an example of this. */
++ if (h == NULL)
++ return NULL;
++
++ while (h->root.type == bfd_link_hash_indirect
++ || h->root.type == bfd_link_hash_warning)
++ h = (struct elf_link_hash_entry *) h->root.u.i.link;
++
++ return h;
++}
++
+ static struct elf_link_hash_entry *
+ get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
+ {
+@@ -75,6 +96,9 @@ get_ext_sym_hash (struct elf_reloc_cooki
+
+ h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
+
++ if (h == NULL)
++ return NULL;
++
+ while (h->root.type == bfd_link_hash_indirect
+ || h->root.type == bfd_link_hash_warning)
+ h = (struct elf_link_hash_entry *) h->root.u.i.link;
+Index: binutils-2.38/bfd/elfxx-x86.c
+===================================================================
+--- binutils-2.38.orig/bfd/elfxx-x86.c
++++ binutils-2.38/bfd/elfxx-x86.c
+@@ -973,15 +973,7 @@ _bfd_x86_elf_check_relocs (bfd *abfd,
+ goto error_return;
+ }
+
+- if (r_symndx < symtab_hdr->sh_info)
+- h = NULL;
+- else
+- {
+- h = sym_hashes[r_symndx - symtab_hdr->sh_info];
+- while (h->root.type == bfd_link_hash_indirect
+- || h->root.type == bfd_link_hash_warning)
+- h = (struct elf_link_hash_entry *) h->root.u.i.link;
+- }
++ h = _bfd_elf_get_link_hash_entry (sym_hashes, r_symndx, symtab_hdr);
+
+ if (X86_NEED_DYNAMIC_RELOC_TYPE_P (is_x86_64, r_type)
+ && NEED_DYNAMIC_RELOCATION_P (is_x86_64, info, true, h, sec,
+@@ -1200,10 +1192,12 @@ _bfd_x86_elf_link_relax_section (bfd *ab
+ else
+ {
+ /* Get H and SEC for GENERATE_DYNAMIC_RELOCATION_P below. */
+- h = sym_hashes[r_symndx - symtab_hdr->sh_info];
+- while (h->root.type == bfd_link_hash_indirect
+- || h->root.type == bfd_link_hash_warning)
+- h = (struct elf_link_hash_entry *) h->root.u.i.link;
++ h = _bfd_elf_get_link_hash_entry (sym_hashes, r_symndx, symtab_hdr);
++ if (h == NULL)
++ {
++ /* FIXMEL: Issue an error message ? */
++ continue;
++ }
+
+ if (h->root.type == bfd_link_hash_defined
+ || h->root.type == bfd_link_hash_defweak)
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch
new file mode 100644
index 0000000000..2bcd55795d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch
@@ -0,0 +1,342 @@
+Backported of:
+
+From 931494c9a89558acb36a03a340c01726545eef24 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 15:43:04 +0000
+Subject: [PATCH] Add even more checks for corrupt input when processing
+ relocations for ELF files.
+
+PR 32643
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/binutils/tree/debian/patches/CVE-2025-1181.patch?h=ubuntu/jammy-security
+Upstream commit https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24]
+CVE: CVE-2025-1181
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+
+Index: binutils-2.38/bfd/elflink.c
+===================================================================
+--- binutils-2.38.orig/bfd/elflink.c
++++ binutils-2.38/bfd/elflink.c
+@@ -62,15 +62,17 @@ struct elf_find_verdep_info
+ static bool _bfd_elf_fix_symbol_flags
+ (struct elf_link_hash_entry *, struct elf_info_failed *);
+
+-struct elf_link_hash_entry *
+-_bfd_elf_get_link_hash_entry (struct elf_link_hash_entry ** sym_hashes,
+- unsigned int symndx,
+- Elf_Internal_Shdr * symtab_hdr)
++static struct elf_link_hash_entry *
++get_link_hash_entry (struct elf_link_hash_entry ** sym_hashes,
++ unsigned int symndx,
++ unsigned int ext_sym_start)
+ {
+- if (symndx < symtab_hdr->sh_info)
++ if (sym_hashes == NULL
++ /* Guard against corrupt input. See PR 32636 for an example. */
++ || symndx < ext_sym_start)
+ return NULL;
+
+- struct elf_link_hash_entry *h = sym_hashes[symndx - symtab_hdr->sh_info];
++ struct elf_link_hash_entry *h = sym_hashes[symndx - ext_sym_start];
+
+ /* The hash might be empty. See PR 32641 for an example of this. */
+ if (h == NULL)
+@@ -83,29 +85,28 @@ _bfd_elf_get_link_hash_entry (struct elf
+ return h;
+ }
+
+-static struct elf_link_hash_entry *
+-get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
++struct elf_link_hash_entry *
++_bfd_elf_get_link_hash_entry (struct elf_link_hash_entry ** sym_hashes,
++ unsigned int symndx,
++ Elf_Internal_Shdr * symtab_hdr)
+ {
+- struct elf_link_hash_entry *h = NULL;
+-
+- if ((r_symndx >= cookie->locsymcount
+- || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
+- /* Guard against corrupt input. See PR 32636 for an example. */
+- && r_symndx >= cookie->extsymoff)
+- {
+-
+- h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
+-
+- if (h == NULL)
+- return NULL;
++ if (symtab_hdr == NULL)
++ return NULL;
+
+- while (h->root.type == bfd_link_hash_indirect
+- || h->root.type == bfd_link_hash_warning)
+- h = (struct elf_link_hash_entry *) h->root.u.i.link;
++ return get_link_hash_entry (sym_hashes, symndx, symtab_hdr->sh_info);
++}
+
+- }
++static struct elf_link_hash_entry *
++get_ext_sym_hash_from_cookie (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
++{
++ if (cookie == NULL || cookie->sym_hashes == NULL)
++ return NULL;
++
++ if (r_symndx >= cookie->locsymcount
++ || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
++ return get_link_hash_entry (cookie->sym_hashes, r_symndx, cookie->extsymoff);
+
+- return h;
++ return NULL;
+ }
+
+ asection *
+@@ -115,7 +116,7 @@ _bfd_elf_section_for_symbol (struct elf_
+ {
+ struct elf_link_hash_entry *h;
+
+- h = get_ext_sym_hash (cookie, r_symndx);
++ h = get_ext_sym_hash_from_cookie (cookie, r_symndx);
+
+ if (h != NULL)
+ {
+@@ -8783,7 +8784,6 @@ set_symbol_value (bfd *bfd_with_globals,
+ size_t symidx,
+ bfd_vma val)
+ {
+- struct elf_link_hash_entry **sym_hashes;
+ struct elf_link_hash_entry *h;
+ size_t extsymoff = locsymcount;
+
+@@ -8806,12 +8806,12 @@ set_symbol_value (bfd *bfd_with_globals,
+
+ /* It is a global symbol: set its link type
+ to "defined" and give it a value. */
+-
+- sym_hashes = elf_sym_hashes (bfd_with_globals);
+- h = sym_hashes [symidx - extsymoff];
+- while (h->root.type == bfd_link_hash_indirect
+- || h->root.type == bfd_link_hash_warning)
+- h = (struct elf_link_hash_entry *) h->root.u.i.link;
++ h = get_link_hash_entry (elf_sym_hashes (bfd_with_globals), symidx, extsymoff);
++ if (h == NULL)
++ {
++ /* FIXMEL What should we do ? */
++ return;
++ }
+ h->root.type = bfd_link_hash_defined;
+ h->root.u.def.value = val;
+ h->root.u.def.section = bfd_abs_section_ptr;
+@@ -11281,10 +11281,19 @@ elf_link_input_bfd (struct elf_final_lin
+ || (elf_bad_symtab (input_bfd)
+ && flinfo->sections[symndx] == NULL))
+ {
+- struct elf_link_hash_entry *h = sym_hashes[symndx - extsymoff];
+- while (h->root.type == bfd_link_hash_indirect
+- || h->root.type == bfd_link_hash_warning)
+- h = (struct elf_link_hash_entry *) h->root.u.i.link;
++ struct elf_link_hash_entry *h;
++
++ h = get_link_hash_entry (sym_hashes, symndx, extsymoff);
++ if (h == NULL)
++ {
++ _bfd_error_handler
++ /* xgettext:c-format */
++ (_("error: %pB: unable to create group section symbol"),
++ input_bfd);
++ bfd_set_error (bfd_error_bad_value);
++ return false;
++ }
++
+ /* Arrange for symbol to be output. */
+ h->indx = -2;
+ elf_section_data (osec)->this_hdr.sh_info = -2;
+@@ -11411,7 +11420,7 @@ elf_link_input_bfd (struct elf_final_lin
+ || (elf_bad_symtab (input_bfd)
+ && flinfo->sections[r_symndx] == NULL))
+ {
+- h = sym_hashes[r_symndx - extsymoff];
++ h = get_link_hash_entry (sym_hashes, r_symndx, extsymoff);
+
+ /* Badly formatted input files can contain relocs that
+ reference non-existant symbols. Check here so that
+@@ -11420,17 +11429,13 @@ elf_link_input_bfd (struct elf_final_lin
+ {
+ _bfd_error_handler
+ /* xgettext:c-format */
+- (_("error: %pB contains a reloc (%#" PRIx64 ") for section %pA "
++ (_("error: %pB contains a reloc (%#" PRIx64 ") for section '%pA' "
+ "that references a non-existent global symbol"),
+ input_bfd, (uint64_t) rel->r_info, o);
+ bfd_set_error (bfd_error_bad_value);
+ return false;
+ }
+
+- while (h->root.type == bfd_link_hash_indirect
+- || h->root.type == bfd_link_hash_warning)
+- h = (struct elf_link_hash_entry *) h->root.u.i.link;
+-
+ s_type = h->type;
+
+ /* If a plugin symbol is referenced from a non-IR file,
+@@ -11646,7 +11651,6 @@ elf_link_input_bfd (struct elf_final_lin
+ && flinfo->sections[r_symndx] == NULL))
+ {
+ struct elf_link_hash_entry *rh;
+- unsigned long indx;
+
+ /* This is a reloc against a global symbol. We
+ have not yet output all the local symbols, so
+@@ -11655,15 +11659,16 @@ elf_link_input_bfd (struct elf_final_lin
+ reloc to point to the global hash table entry
+ for this symbol. The symbol index is then
+ set at the end of bfd_elf_final_link. */
+- indx = r_symndx - extsymoff;
+- rh = elf_sym_hashes (input_bfd)[indx];
+- while (rh->root.type == bfd_link_hash_indirect
+- || rh->root.type == bfd_link_hash_warning)
+- rh = (struct elf_link_hash_entry *) rh->root.u.i.link;
+-
+- /* Setting the index to -2 tells
+- elf_link_output_extsym that this symbol is
+- used by a reloc. */
++ rh = get_link_hash_entry (elf_sym_hashes (input_bfd),
++ r_symndx, extsymoff);
++ if (rh == NULL)
++ {
++ /* FIXME: Generate an error ? */
++ continue;
++ }
++
++ /* Setting the index to -2 tells elf_link_output_extsym
++ that this symbol is used by a reloc. */
+ BFD_ASSERT (rh->indx < 0);
+ rh->indx = -2;
+ *rel_hash = rh;
+@@ -13615,25 +13620,21 @@ _bfd_elf_gc_mark_hook (asection *sec,
+ struct elf_link_hash_entry *h,
+ Elf_Internal_Sym *sym)
+ {
+- if (h != NULL)
++ if (h == NULL)
++ return bfd_section_from_elf_index (sec->owner, sym->st_shndx);
++
++ switch (h->root.type)
+ {
+- switch (h->root.type)
+- {
+- case bfd_link_hash_defined:
+- case bfd_link_hash_defweak:
+- return h->root.u.def.section;
++ case bfd_link_hash_defined:
++ case bfd_link_hash_defweak:
++ return h->root.u.def.section;
+
+- case bfd_link_hash_common:
+- return h->root.u.c.p->section;
++ case bfd_link_hash_common:
++ return h->root.u.c.p->section;
+
+- default:
+- break;
+- }
++ default:
++ return NULL;
+ }
+- else
+- return bfd_section_from_elf_index (sec->owner, sym->st_shndx);
+-
+- return NULL;
+ }
+
+ /* Return the debug definition section. */
+@@ -13682,46 +13683,49 @@ _bfd_elf_gc_mark_rsec (struct bfd_link_i
+ if (r_symndx == STN_UNDEF)
+ return NULL;
+
+- h = get_ext_sym_hash (cookie, r_symndx);
+-
+- if (h != NULL)
++ h = get_ext_sym_hash_from_cookie (cookie, r_symndx);
++ if (h == NULL)
+ {
+- bool was_marked;
++ /* A corrup tinput file can lead to a situation where the index
++ does not reference either a local or an external symbol. */
++ if (r_symndx >= cookie->locsymcount)
++ return NULL;
+
+- was_marked = h->mark;
+- h->mark = 1;
+- /* Keep all aliases of the symbol too. If an object symbol
+- needs to be copied into .dynbss then all of its aliases
+- should be present as dynamic symbols, not just the one used
+- on the copy relocation. */
+- hw = h;
+- while (hw->is_weakalias)
+- {
+- hw = hw->u.alias;
+- hw->mark = 1;
+- }
++ return (*gc_mark_hook) (sec, info, cookie->rel, NULL,
++ &cookie->locsyms[r_symndx]);
++ }
+
+- if (!was_marked && h->start_stop && !h->root.ldscript_def)
+- {
+- if (info->start_stop_gc)
+- return NULL;
++ bool was_marked = h->mark;
+
+- /* To work around a glibc bug, mark XXX input sections
+- when there is a reference to __start_XXX or __stop_XXX
+- symbols. */
+- else if (start_stop != NULL)
+- {
+- asection *s = h->u2.start_stop_section;
+- *start_stop = true;
+- return s;
+- }
+- }
++ h->mark = 1;
++ /* Keep all aliases of the symbol too. If an object symbol
++ needs to be copied into .dynbss then all of its aliases
++ should be present as dynamic symbols, not just the one used
++ on the copy relocation. */
++ hw = h;
++ while (hw->is_weakalias)
++ {
++ hw = hw->u.alias;
++ hw->mark = 1;
++ }
+
+- return (*gc_mark_hook) (sec, info, cookie->rel, h, NULL);
++ if (!was_marked && h->start_stop && !h->root.ldscript_def)
++ {
++ if (info->start_stop_gc)
++ return NULL;
++
++ /* To work around a glibc bug, mark XXX input sections
++ when there is a reference to __start_XXX or __stop_XXX
++ symbols. */
++ else if (start_stop != NULL)
++ {
++ asection *s = h->u2.start_stop_section;
++ *start_stop = true;
++ return s;
++ }
+ }
+
+- return (*gc_mark_hook) (sec, info, cookie->rel, NULL,
+- &cookie->locsyms[r_symndx]);
++ return (*gc_mark_hook) (sec, info, cookie->rel, h, NULL);
+ }
+
+ /* COOKIE->rel describes a relocation against section SEC, which is
+@@ -14735,7 +14739,7 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma
+
+ struct elf_link_hash_entry *h;
+
+- h = get_ext_sym_hash (rcookie, r_symndx);
++ h = get_ext_sym_hash_from_cookie (rcookie, r_symndx);
+
+ if (h != NULL)
+ {
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 20/26] pseudo: Upgrade to version 1.9.1
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (18 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 19/26] binutils: Fix CVE-2025-1181 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 21/26] pseudo: 1.9.0 -> 1.9.2 Yoann Congal
` (6 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
This brings in:
* nftw, nftw64: add wrapper
* ftw, nftw, ftw64, nftw64: add tests
* Move ftw and ftw64 to calling ntfw and nftw64
* makewrappers: Introduce 'array' support
* pseudo_util.c: Avoid warning when we intentionally discard const
* pseudo_client.c: Fix warning
* yocto-older-glibc-symbols.path: Add as a reference patch
* pseudo/pseudo_client: Add wrapper functions to operate correctly with glibc 2.38 onwards
* configure: Prune PIE flags
* test/test-parallel-rename.sh: Add parallel rename test
* test/test-parallel-symlinks.sh: Add parallel symlink test
* ports/linux/guts: Add .gitignore to ignore generated files
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 994e508b2a0ede8b5cc4fe39444cf25dc9a53faf)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../0001-configure-Prune-PIE-flags.patch | 44 -------------
.../pseudo/files/glibc238.patch | 65 -------------------
.../pseudo/files/older-glibc-symbols.patch | 4 +-
meta/recipes-devtools/pseudo/pseudo_git.bb | 4 +-
4 files changed, 3 insertions(+), 114 deletions(-)
delete mode 100644 meta/recipes-devtools/pseudo/files/0001-configure-Prune-PIE-flags.patch
delete mode 100644 meta/recipes-devtools/pseudo/files/glibc238.patch
diff --git a/meta/recipes-devtools/pseudo/files/0001-configure-Prune-PIE-flags.patch b/meta/recipes-devtools/pseudo/files/0001-configure-Prune-PIE-flags.patch
deleted file mode 100644
index 43504eaab9..0000000000
--- a/meta/recipes-devtools/pseudo/files/0001-configure-Prune-PIE-flags.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From b5545c08e6c674c49aef14b47a56a3e92df4d2a7 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 17 Feb 2016 07:36:34 +0000
-Subject: [pseudo][PATCH] configure: Prune PIE flags
-
-LDFLAGS are not taken from environment and CFLAGS is used for LDFLAGS
-however when using security options -fpie and -pie options are coming
-as part of ARCH_FLAGS and they get into LDFLAGS of shared objects as
-well so we end up with conflicting options -shared -pie, which gold
-rejects outright and bfd linker lets the one appearning last in cmdline
-take effect. This create quite a unpleasant situation in OE when
-security flags are enabled and gold or not-gold options are used
-it errors out but errors are not same.
-
-Anyway, with this patch we filter pie options from ARCH_FLAGS
-ouright and take control of generating PIC objects
-
-Helps with errors like
-
-| /mnt/oe/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/5.3.0/ld: pseudo_client.o: relocation R_X86_64_PC32 against symbol `pseudo_util_debug_flags' can not be used when making a shared object; recompile with -fPIC
-| /mnt/oe/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/5.3.0/ld: final link failed: Bad value
-| collect2: error: ld returned 1 exit status
-| make: *** [lib/pseudo/lib64/libpseudo.so] Error 1
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Submitted
-
- configure | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/configure b/configure
-index e5ef9ce..83b0890 100755
---- a/configure
-+++ b/configure
-@@ -339,3 +339,5 @@ sed -e '
- s,@ARCH@,'"$opt_arch"',g
- s,@BITS@,'"$opt_bits"',g
- ' < Makefile.in > Makefile
-+
-+sed -i -e 's/\-[f]*pie//g' Makefile
---
-1.8.3.1
-
diff --git a/meta/recipes-devtools/pseudo/files/glibc238.patch b/meta/recipes-devtools/pseudo/files/glibc238.patch
deleted file mode 100644
index dfb5c283f6..0000000000
--- a/meta/recipes-devtools/pseudo/files/glibc238.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-glibc 2.38 would include __isoc23_strtol and similar symbols. This is trggerd by
-_GNU_SOURCE but we have to set that for other definitions. Therefore play with defines
-to turn this off within pseudo_wrappers.c. Elsewhere we can switch to _DEFAULT_SOURCE
-rather than _GNU_SOURCE.
-
-Upstream-Status: Pending
-
-Index: git/pseudo_wrappers.c
-===================================================================
---- git.orig/pseudo_wrappers.c
-+++ git/pseudo_wrappers.c
-@@ -6,6 +6,18 @@
- * SPDX-License-Identifier: LGPL-2.1-only
- *
- */
-+/* glibc 2.38 would include __isoc23_strtol and similar symbols. This is trggerd by
-+ * _GNU_SOURCE but we have to set that for other definitions. Therefore play with defines
-+ * to turn this off.
-+ */
-+#include <features.h>
-+#undef __GLIBC_USE_ISOC2X
-+#undef __GLIBC_USE_C2X_STRTOL
-+#define __GLIBC_USE_C2X_STRTOL 0
-+#undef __GLIBC_USE_ISOC23
-+#undef __GLIBC_USE_C23_STRTOL
-+#define __GLIBC_USE_C23_STRTOL 0
-+
- #include <assert.h>
- #include <stdlib.h>
- #include <limits.h>
-Index: git/pseudo_util.c
-===================================================================
---- git.orig/pseudo_util.c
-+++ git/pseudo_util.c
-@@ -8,6 +8,17 @@
- */
- /* we need access to RTLD_NEXT for a horrible workaround */
- #define _GNU_SOURCE
-+/* glibc 2.38 would include __isoc23_strtol and similar symbols. This is trggerd by
-+ * _GNU_SOURCE but we have to set that for other definitions. Therefore play with defines
-+ * to turn this off.
-+ */
-+#include <features.h>
-+#undef __GLIBC_USE_ISOC2X
-+#undef __GLIBC_USE_C2X_STRTOL
-+#define __GLIBC_USE_C2X_STRTOL 0
-+#undef __GLIBC_USE_ISOC23
-+#undef __GLIBC_USE_C23_STRTOL
-+#define __GLIBC_USE_C23_STRTOL 0
-
- #include <ctype.h>
- #include <errno.h>
-Index: git/pseudo_client.c
-===================================================================
---- git.orig/pseudo_client.c
-+++ git/pseudo_client.c
-@@ -6,7 +6,7 @@
- * SPDX-License-Identifier: LGPL-2.1-only
- *
- */
--#define _GNU_SOURCE
-+#define _DEFAULT_SOURCE
-
- #include <stdio.h>
- #include <signal.h>
diff --git a/meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch b/meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch
index c453b5f735..f42b32b8d9 100644
--- a/meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch
+++ b/meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch
@@ -28,10 +28,10 @@ diff --git a/Makefile.in b/Makefile.in
@@ -120,7 +120,7 @@ $(PSEUDODB): pseudodb.o $(SHOBJS) $(DBOBJS) pseudo_ipc.o | $(BIN)
libpseudo: $(LIBPSEUDO)
- $(LIBPSEUDO): $(WRAPOBJS) pseudo_client.o pseudo_ipc.o $(SHOBJS) | $(LIB)
+ $(LIBPSEUDO): $(WRAPOBJS) pseudo_client.o pseudo_client_scanf.o pseudo_ipc.o $(SHOBJS) | $(LIB)
- $(CC) $(CFLAGS) $(CFLAGS_PSEUDO) -shared -o $(LIBPSEUDO) \
+ $(CC) $(CFLAGS) -Lprebuilt/$(shell uname -m)-linux/lib/ $(CFLAGS_PSEUDO) -shared -o $(LIBPSEUDO) \
- pseudo_client.o pseudo_ipc.o \
+ pseudo_client.o pseudo_client_scanf.o pseudo_ipc.o \
$(WRAPOBJS) $(SHOBJS) $(LDFLAGS) $(CLIENT_LDFLAGS)
diff --git a/pseudo_wrappers.c b/pseudo_wrappers.c
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 405d2340ae..a4ce08378b 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -1,8 +1,6 @@
require pseudo.inc
SRC_URI = "git://git.yoctoproject.org/pseudo;branch=master \
- file://0001-configure-Prune-PIE-flags.patch \
- file://glibc238.patch \
file://fallback-passwd \
file://fallback-group \
"
@@ -14,7 +12,7 @@ SRC_URI:append:class-nativesdk = " \
file://older-glibc-symbols.patch"
SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
-SRCREV = "28dcefb809ce95db997811b5662f0b893b9923e0"
+SRCREV = "3fac97341f0f8270ca28a91098d0a58ca306a6bd"
S = "${WORKDIR}/git"
PV = "1.9.0+git${SRCPV}"
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 21/26] pseudo: 1.9.0 -> 1.9.2
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (19 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 20/26] pseudo: Upgrade to version 1.9.1 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 22/26] pseudo: Update to pull in memleak fix Yoann Congal
` (5 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 48a42747fd280ce68283e1491971d22273e3bdf2)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/pseudo/pseudo_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index a4ce08378b..a4053ac2b3 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -12,9 +12,9 @@ SRC_URI:append:class-nativesdk = " \
file://older-glibc-symbols.patch"
SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
-SRCREV = "3fac97341f0f8270ca28a91098d0a58ca306a6bd"
+SRCREV = "b4645cb30573c5b3d5e94b9d50e1e2f8beefe9be"
S = "${WORKDIR}/git"
-PV = "1.9.0+git${SRCPV}"
+PV = "1.9.2"
# largefile and 64bit time_t support adds these macros via compiler flags globally
# remove them for pseudo since pseudo intercepts some of the functions which will be
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 22/26] pseudo: Update to pull in memleak fix
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (20 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 21/26] pseudo: 1.9.0 -> 1.9.2 Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 23/26] pseudo: Add hard sstate dependencies for pseudo-native Yoann Congal
` (4 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 42137b6f97da0672af365cd841678f39ce5907d2)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/pseudo/pseudo_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index a4053ac2b3..4e31748cc4 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -12,9 +12,9 @@ SRC_URI:append:class-nativesdk = " \
file://older-glibc-symbols.patch"
SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
-SRCREV = "b4645cb30573c5b3d5e94b9d50e1e2f8beefe9be"
+SRCREV = "d1db9c219abf92f15303486a409292237f1fc790"
S = "${WORKDIR}/git"
-PV = "1.9.2"
+PV = "1.9.2+git"
# largefile and 64bit time_t support adds these macros via compiler flags globally
# remove them for pseudo since pseudo intercepts some of the functions which will be
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 23/26] pseudo: Add hard sstate dependencies for pseudo-native
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (21 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 22/26] pseudo: Update to pull in memleak fix Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 24/26] pseudo: Update to pull in openat2 and efault return code changes Yoann Congal
` (3 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Paul Barker <paul@pbarker.dev>
Where a task (such as do_package) runs under fakeroot, the corresponding
setscene task (do_package_setscene) will also run under fakeroot when
restoring from sstate. Assuming pseudo is used as the fakeroot
implementation, we need pseudo-native and all its runtime dependencies
to be available in the sysroot before running any setscene tasks under
fakeroot.
We already add a hard dependency from all do_package_setscene tasks to
virtual/fakeroot-native:do_populate_sysroot in base.bbclass, but this
does not cover transitive dependencies. So, extend the dependencies of
pseudo-native:do_populate_sysroot_setscene to ensure that the sqlite3
library is also available in the sysroot before running fakeroot
setscene tasks.
[YOCTO #15963]
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2c146ca657440550e00bc5e53d13502ef7aa945b)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/pseudo/pseudo.inc | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/meta/recipes-devtools/pseudo/pseudo.inc b/meta/recipes-devtools/pseudo/pseudo.inc
index 7e09b6d58c..9c191560fb 100644
--- a/meta/recipes-devtools/pseudo/pseudo.inc
+++ b/meta/recipes-devtools/pseudo/pseudo.inc
@@ -156,3 +156,10 @@ do_install:append:class-nativesdk () {
}
BBCLASSEXTEND = "native nativesdk"
+
+# Setscene tasks which run under fakeroot must not be executed before
+# pseudo-native and *all* its runtime dependencies are available in the
+# sysroot.
+PSEUDO_SETSCENE_DEPS = ""
+PSEUDO_SETSCENE_DEPS:class-native = "sqlite3-native:do_populate_sysroot"
+do_populate_sysroot_setscene[depends] += "${PSEUDO_SETSCENE_DEPS}"
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 24/26] pseudo: Update to pull in openat2 and efault return code changes
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (22 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 23/26] pseudo: Add hard sstate dependencies for pseudo-native Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 25/26] pseudo: Update to pull in 'makewrappers: Fix EFAULT implementation' Yoann Congal
` (2 subsequent siblings)
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Pulls in the following fixes:
* makewrappers: Enable a new efault option
* ports/linux/openat2: Add dummy wrapper
* test-syscall: Add a syscall test
* ports/linux/pseudo_wrappers: Avoid openat2 usage via syscall
which should fix issues with the tar CVE fix on Centos/Alma/Rocky 9 distros
that uses openat2 as well as the efault issue breaking rust based uutils.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 51f1388dd1679a28ec3ca468cf16aa0ea32bccf9)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 4e31748cc4..31d473cf67 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -12,7 +12,7 @@ SRC_URI:append:class-nativesdk = " \
file://older-glibc-symbols.patch"
SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
-SRCREV = "d1db9c219abf92f15303486a409292237f1fc790"
+SRCREV = "9ce8c09980af23ebd4ebf072010469882d0459a6"
S = "${WORKDIR}/git"
PV = "1.9.2+git"
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 25/26] pseudo: Update to pull in 'makewrappers: Fix EFAULT implementation'
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (23 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 24/26] pseudo: Update to pull in openat2 and efault return code changes Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 26/26] oeqa: Use 2.14 release of cpio instead of 2.13 Yoann Congal
2026-01-20 19:03 ` [OE-core][kirkstone 00/26] Patch review Yoann Congal
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
The pseudo update was causing hangs in builds, pull in the fix.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8acdbefd0a148c8b7713f46066ae8489984c5d2d)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 31d473cf67..dae4f4bc84 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -12,7 +12,7 @@ SRC_URI:append:class-nativesdk = " \
file://older-glibc-symbols.patch"
SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
-SRCREV = "9ce8c09980af23ebd4ebf072010469882d0459a6"
+SRCREV = "125b020dd2bc46baa37a80784704e382732357b4"
S = "${WORKDIR}/git"
PV = "1.9.2+git"
^ permalink raw reply related [flat|nested] 39+ messages in thread
* [OE-core][kirkstone 26/26] oeqa: Use 2.14 release of cpio instead of 2.13
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (24 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 25/26] pseudo: Update to pull in 'makewrappers: Fix EFAULT implementation' Yoann Congal
@ 2026-01-20 13:37 ` Yoann Congal
2026-01-20 19:03 ` [OE-core][kirkstone 00/26] Patch review Yoann Congal
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 13:37 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
2.13 may not be buildable with latest compilers without patching
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 406a33f896accc35a9cb6ab156f1e0f42dda67d8)
Backport: Fix [YOCTO #16137] by using the same archive as the cpio
recipe, ensuring the archive is in DL_DIR and so, avoiding reaching
unreliable upstream server.
This upgrade is safe to do because this archive is only use to test that
it compiles.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/lib/oeqa/runtime/cases/buildcpio.py | 2 +-
meta/lib/oeqa/sdk/cases/buildcpio.py | 4 ++--
meta/lib/oeqa/selftest/cases/meta_ide.py | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/lib/oeqa/runtime/cases/buildcpio.py b/meta/lib/oeqa/runtime/cases/buildcpio.py
index e29bf16ccb..90abd98c40 100644
--- a/meta/lib/oeqa/runtime/cases/buildcpio.py
+++ b/meta/lib/oeqa/runtime/cases/buildcpio.py
@@ -12,7 +12,7 @@ class BuildCpioTest(OERuntimeTestCase):
@classmethod
def setUpClass(cls):
- uri = 'https://downloads.yoctoproject.org/mirror/sources/cpio-2.13.tar.gz'
+ uri = 'https://downloads.yoctoproject.org/mirror/sources/cpio-2.14.tar.gz'
cls.project = TargetBuildProject(cls.tc.target,
uri,
dl_dir = cls.tc.td['DL_DIR'])
diff --git a/meta/lib/oeqa/sdk/cases/buildcpio.py b/meta/lib/oeqa/sdk/cases/buildcpio.py
index 00088d0ea0..2e9d4f5f18 100644
--- a/meta/lib/oeqa/sdk/cases/buildcpio.py
+++ b/meta/lib/oeqa/sdk/cases/buildcpio.py
@@ -17,10 +17,10 @@ class BuildCpioTest(OESDKTestCase):
"""
def test_cpio(self):
with tempfile.TemporaryDirectory(prefix="cpio-", dir=self.tc.sdk_dir) as testdir:
- tarball = self.fetch(testdir, self.td["DL_DIR"], "https://ftpmirror.gnu.org/gnu/cpio/cpio-2.13.tar.gz")
+ tarball = self.fetch(testdir, self.td["DL_DIR"], "https://ftpmirror.gnu.org/gnu/cpio/cpio-2.14.tar.gz")
dirs = {}
- dirs["source"] = os.path.join(testdir, "cpio-2.13")
+ dirs["source"] = os.path.join(testdir, "cpio-2.14")
dirs["build"] = os.path.join(testdir, "build")
dirs["install"] = os.path.join(testdir, "install")
diff --git a/meta/lib/oeqa/selftest/cases/meta_ide.py b/meta/lib/oeqa/selftest/cases/meta_ide.py
index 3dc81b20a7..1432736b7e 100644
--- a/meta/lib/oeqa/selftest/cases/meta_ide.py
+++ b/meta/lib/oeqa/selftest/cases/meta_ide.py
@@ -40,7 +40,7 @@ class MetaIDE(OESelftestTestCase):
def test_meta_ide_can_build_cpio_project(self):
dl_dir = self.td.get('DL_DIR', None)
self.project = SDKBuildProject(self.tmpdir_metaideQA + "/cpio/", self.environment_script_path,
- "https://ftpmirror.gnu.org/gnu/cpio/cpio-2.13.tar.gz",
+ "https://ftpmirror.gnu.org/gnu/cpio/cpio-2.14.tar.gz",
self.tmpdir_metaideQA, self.td['DATETIME'], dl_dir=dl_dir)
self.project.download_archive()
self.assertEqual(self.project.run_configure('$CONFIGURE_FLAGS --disable-maintainer-mode','sed -i -e "/char \*program_name/d" src/global.c;'), 0,
^ permalink raw reply related [flat|nested] 39+ messages in thread
* Patchtest results for [OE-core][kirkstone 08/26] cups: allow unknown directives in conf files
2026-01-20 13:37 ` [OE-core][kirkstone 08/26] cups: allow unknown directives in conf files Yoann Congal
@ 2026-01-20 13:47 ` patchtest
0 siblings, 0 replies; 39+ messages in thread
From: patchtest @ 2026-01-20 13:47 UTC (permalink / raw)
To: Yoann Congal; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 2184 bytes --]
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch /home/patchtest/share/mboxes/kirkstone-08-26-cups-allow-unknown-directives-in-conf-files.patch
FAIL: test CVE tag format: Missing or incorrectly formatted CVE tag in patch file. Correct or include the CVE tag in the patch with format: "CVE: CVE-YYYY-XXXX" (test_patch.TestPatch.test_cve_tag_format)
PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test Signed-off-by presence (test_patch.TestPatch.test_signed_off_by_presence)
PASS: test Upstream-Status presence (test_patch.TestPatch.test_upstream_status_presence_format)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence)
PASS: test commit message user tags (test_mbox.TestMbox.test_commit_message_user_tags)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)
PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list)
SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint)
SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head)
---
Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!
^ permalink raw reply [flat|nested] 39+ messages in thread
* Patchtest results for [OE-core][kirkstone 10/26] python3-urllib3: patch CVE-2025-66418
2026-01-20 13:37 ` [OE-core][kirkstone 10/26] python3-urllib3: patch CVE-2025-66418 Yoann Congal
@ 2026-01-20 13:47 ` patchtest
2026-01-20 13:53 ` Marko, Peter
0 siblings, 1 reply; 39+ messages in thread
From: patchtest @ 2026-01-20 13:47 UTC (permalink / raw)
To: Yoann Congal; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 2341 bytes --]
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch /home/patchtest/share/mboxes/kirkstone-10-26-python3-urllib3-patch-CVE-2025-66418.patch
FAIL: test CVE tag format: Missing or incorrectly formatted CVE tag in patch file. Correct or include the CVE tag in the patch with format: "CVE: CVE-YYYY-XXXX" (test_patch.TestPatch.test_cve_tag_format)
FAIL: test Signed-off-by presence: A patch file has been added without a Signed-off-by tag: 'CVE-2025-66418.patch' (test_patch.TestPatch.test_signed_off_by_presence)
FAIL: test Upstream-Status presence: Added patch file is missing Upstream-Status: <Valid status> in the commit message (test_patch.TestPatch.test_upstream_status_presence_format)
PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence)
PASS: test commit message user tags (test_mbox.TestMbox.test_commit_message_user_tags)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)
PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list)
SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint)
SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head)
---
Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!
^ permalink raw reply [flat|nested] 39+ messages in thread
* RE: Patchtest results for [OE-core][kirkstone 10/26] python3-urllib3: patch CVE-2025-66418
2026-01-20 13:47 ` Patchtest results for " patchtest
@ 2026-01-20 13:53 ` Marko, Peter
0 siblings, 0 replies; 39+ messages in thread
From: Marko, Peter @ 2026-01-20 13:53 UTC (permalink / raw)
To: Yoann Congal; +Cc: openembedded-core@lists.openembedded.org
This was a real finding, v2 sent out.
Peter
> -----Original Message-----
> From: openembedded-core@lists.openembedded.org <openembedded-
> core@lists.openembedded.org> On Behalf Of Patchtest via
> lists.openembedded.org
> Sent: Tuesday, January 20, 2026 14:47
> To: Yoann Congal <yoann.congal@smile.fr>
> Cc: openembedded-core@lists.openembedded.org
> Subject: Patchtest results for [OE-core][kirkstone 10/26] python3-urllib3: patch
> CVE-2025-66418
>
> Thank you for your submission. Patchtest identified one
> or more issues with the patch. Please see the log below for
> more information:
>
> ---
> Testing patch /home/patchtest/share/mboxes/kirkstone-10-26-python3-urllib3-
> patch-CVE-2025-66418.patch
>
> FAIL: test CVE tag format: Missing or incorrectly formatted CVE tag in patch file.
> Correct or include the CVE tag in the patch with format: "CVE: CVE-YYYY-XXXX"
> (test_patch.TestPatch.test_cve_tag_format)
> FAIL: test Signed-off-by presence: A patch file has been added without a Signed-
> off-by tag: 'CVE-2025-66418.patch'
> (test_patch.TestPatch.test_signed_off_by_presence)
> FAIL: test Upstream-Status presence: Added patch file is missing Upstream-
> Status: <Valid status> in the commit message
> (test_patch.TestPatch.test_upstream_status_presence_format)
>
> PASS: test Signed-off-by presence
> (test_mbox.TestMbox.test_signed_off_by_presence)
> PASS: test author valid (test_mbox.TestMbox.test_author_valid)
> PASS: test commit message presence
> (test_mbox.TestMbox.test_commit_message_presence)
> PASS: test commit message user tags
> (test_mbox.TestMbox.test_commit_message_user_tags)
> PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
> PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
> PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
> PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)
> PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list)
>
> SKIP: pretest pylint: No python related patches, skipping test
> (test_python_pylint.PyLint.pretest_pylint)
> SKIP: test bugzilla entry format: No bug ID found
> (test_mbox.TestMbox.test_bugzilla_entry_format)
> SKIP: test pylint: No python related patches, skipping test
> (test_python_pylint.PyLint.test_pylint)
> SKIP: test series merge on head: Merge test is disabled for now
> (test_mbox.TestMbox.test_series_merge_on_head)
>
> ---
>
> Please address the issues identified and
> submit a new revision of the patch, or alternatively, reply to this
> email with an explanation of why the patch should be accepted. If you
> believe these results are due to an error in patchtest, please submit a
> bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
> under 'Yocto Project Subprojects'). For more information on specific
> failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
> you!
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [OE-core][kirkstone 00/26] Patch review
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
` (25 preceding siblings ...)
2026-01-20 13:37 ` [OE-core][kirkstone 26/26] oeqa: Use 2.14 release of cpio instead of 2.13 Yoann Congal
@ 2026-01-20 19:03 ` Yoann Congal
26 siblings, 0 replies; 39+ messages in thread
From: Yoann Congal @ 2026-01-20 19:03 UTC (permalink / raw)
To: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 8811 bytes --]
Le mar. 20 janv. 2026 à 14:38, Yoann Congal <yoann.congal@smile.fr> a
écrit :
> Please review this set of changes for kirkstone and have comments back by
> end of day Thursday, January 22.
>
> This is the last patch review request for kirkstone 4.0.33 before it is
> built on monday: In addition to normal CVE fixes:
> * pseudo upgrade to fix 16117 – AB-INT: do_package: Error executing a
> python function in exec_func_python() autogenerated
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=16117
> * A oeqa fix for 16137 – AB-INT: core-image-sato.bb:do_testsdk fails on
> ftpmirror.gnu.org returning 502 Bad Gateway
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=16137
>
> Passed (with rebuild) a-full on autobuilder:
> * https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3090
> * via poky-contrib stable/kirkstone-nut :
> * OE-core tip is at
> https://git.yoctoproject.org/poky-contrib/commit/?h=stable/kirkstone-nut&id=08f446ecb3d3b78daaf8e5b90dec1bff6cb1d5d8
> * meta-mingw failed
> https://autobuilder.yoctoproject.org/valkyrie/?#/builders/7/builds/3115
> * Bug is: #16145 – [kirkstone] AB-INT: mingw-sdktest fail with "wine
> %CC" returning 1
> * then, with the same commits, meta-mingw was successfully rebuilt
> https://autobuilder.yoctoproject.org/valkyrie/?#/builders/7/builds/3119
I have now re-run a successful a-full test
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/3097
with the v2 of "python3-urllib3: patch CVE-2025-66418"
https://lists.openembedded.org/g/openembedded-core/topic/kirkstone_patch_v2/117362843
The tip of the stable/kirkstone-nut is now at
https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/kirkstone-nut&id=1ce772b2fd97d2e8364a602fdd313355f2df967e
> The following changes since commit
> 0057fc49725db8637656fac10631d8f89799bad3:
>
> go: Fix CVE-2025-61729 (2025-12-29 08:48:27 -0800)
>
> are available in the Git repository at:
>
> https://git.openembedded.org/openembedded-core-contrib
> stable/kirkstone-nut
>
> https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
>
> for you to fetch changes up to 20ff1a4ac744855b54952d7fad7424696500a230:
>
> oeqa: Use 2.14 release of cpio instead of 2.13 (2026-01-19 23:44:02
> +0100)
>
> ----------------------------------------------------------------
>
> Hitendra Prajapati (1):
> python3: fix CVE-2025-13836
>
> Khem Raj (1):
> oeqa: Use 2.14 release of cpio instead of 2.13
>
> Paul Barker (1):
> pseudo: Add hard sstate dependencies for pseudo-native
>
> Peter Marko (17):
> util-linux: patch CVE-2025-14104
> glib-2.0: patch CVE-2025-13601
> glib-2.0: patch CVE-2025-14087
> glib-2.0: patch CVE-2025-14512
> qemu: ignore CVE-2025-54566 and CVE-2025-54567
> cups: patch CVE-2025-58436
> cups: patch CVE-2025-61915
> cups: allow unknown directives in conf files
> dropbear: patch CVE-2019-6111
> python3-urllib3: patch CVE-2025-66418
> libpcap: patch CVE-2025-11961
> libpcap: patch CVE-2025-11964
> libarchive: fix CVE-2025-60753 regression
> curl: patch CVE-2025-14017
> curl: patch CVE-2025-15079
> curl: patch CVE-2025-15224
> gnupg: patch CVE-2025-68973
>
> Richard Purdie (4):
> pseudo: Upgrade to version 1.9.1
> pseudo: Update to pull in memleak fix
> pseudo: Update to pull in openat2 and efault return code changes
> pseudo: Update to pull in 'makewrappers: Fix EFAULT implementation'
>
> Robert Yang (1):
> pseudo: 1.9.0 -> 1.9.2
>
> Vijay Anusuri (1):
> binutils: Fix CVE-2025-1181
>
> meta/lib/oeqa/runtime/cases/buildcpio.py | 2 +-
> meta/lib/oeqa/sdk/cases/buildcpio.py | 4 +-
> meta/lib/oeqa/selftest/cases/meta_ide.py | 2 +-
> .../libpcap/libpcap/CVE-2025-11961-01.patch | 38 ++
> .../libpcap/libpcap/CVE-2025-11961-02.patch | 433 ++++++++++++
> .../libpcap/libpcap/CVE-2025-11964.patch | 33 +
> .../libpcap/libpcap_1.10.1.bb | 3 +
> meta/recipes-core/dropbear/dropbear.inc | 1 +
> .../dropbear/dropbear/CVE-2019-6111.patch | 157 +++++
> .../glib-2.0/glib-2.0/CVE-2025-13601-01.patch | 125 ++++
> .../glib-2.0/glib-2.0/CVE-2025-13601-02.patch | 128 ++++
> .../glib-2.0/glib-2.0/CVE-2025-14087-01.patch | 69 ++
> .../glib-2.0/glib-2.0/CVE-2025-14087-02.patch | 240 +++++++
> .../glib-2.0/glib-2.0/CVE-2025-14087-03.patch | 150 +++++
> .../glib-2.0/glib-2.0/CVE-2025-14512.patch | 70 ++
> meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 6 +
> meta/recipes-core/util-linux/util-linux.inc | 2 +
> .../util-linux/CVE-2025-14104-01.patch | 33 +
> .../util-linux/CVE-2025-14104-02.patch | 28 +
> .../binutils/binutils-2.38.inc | 2 +
> .../binutils/binutils/CVE-2025-1181-pre.patch | 149 +++++
> .../binutils/binutils/CVE-2025-1181.patch | 342 ++++++++++
> .../0001-configure-Prune-PIE-flags.patch | 44 --
> .../pseudo/files/glibc238.patch | 65 --
> .../pseudo/files/older-glibc-symbols.patch | 4 +-
> meta/recipes-devtools/pseudo/pseudo.inc | 7 +
> meta/recipes-devtools/pseudo/pseudo_git.bb | 6 +-
> .../python3-urllib3/CVE-2025-66418.patch | 70 ++
> .../python/python3-urllib3_1.26.20.bb | 1 +
> .../python/python3/CVE-2025-13836.patch | 163 +++++
> .../python/python3_3.10.19.bb | 1 +
> meta/recipes-devtools/qemu/qemu.inc | 3 +
> meta/recipes-extended/cups/cups.inc | 3 +
> ...pping-scheduler-on-unknown-directive.patch | 43 ++
> .../cups/cups/CVE-2025-58436.patch | 630 ++++++++++++++++++
> .../cups/cups/CVE-2025-61915.patch | 487 ++++++++++++++
> ...25-60753.patch => CVE-2025-60753-01.patch} | 0
> .../libarchive/CVE-2025-60753-02.patch | 46 ++
> .../libarchive/libarchive_3.6.2.bb | 3 +-
> .../curl/curl/CVE-2025-14017.patch | 115 ++++
> .../curl/curl/CVE-2025-15079.patch | 32 +
> .../curl/curl/CVE-2025-15224.patch | 31 +
> meta/recipes-support/curl/curl_7.82.0.bb | 3 +
> .../gnupg/gnupg/CVE-2025-68973.patch | 108 +++
> meta/recipes-support/gnupg/gnupg_2.3.7.bb | 1 +
> 45 files changed, 3763 insertions(+), 120 deletions(-)
> create mode 100644
> meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch
> create mode 100644
> meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch
> create mode 100644
> meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch
> create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch
> create mode 100644
> meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-01.patch
> create mode 100644
> meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-02.patch
> create mode 100644
> meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-01.patch
> create mode 100644
> meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-02.patch
> create mode 100644
> meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-03.patch
> create mode 100644
> meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14512.patch
> create mode 100644
> meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch
> create mode 100644
> meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch
> create mode 100644
> meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch
> create mode 100644
> meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch
> delete mode 100644
> meta/recipes-devtools/pseudo/files/0001-configure-Prune-PIE-flags.patch
> delete mode 100644 meta/recipes-devtools/pseudo/files/glibc238.patch
> create mode 100644
> meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch
> create mode 100644
> meta/recipes-devtools/python/python3/CVE-2025-13836.patch
> create mode 100644
> meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch
> create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-58436.patch
> create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-61915.patch
> rename meta/recipes-extended/libarchive/libarchive/{CVE-2025-60753.patch
> => CVE-2025-60753-01.patch} (100%)
> create mode 100644
> meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14017.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15079.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15224.patch
> create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch
>
>
--
Yoann Congal
Smile ECS
[-- Attachment #2: Type: text/html, Size: 12078 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
end of thread, other threads:[~2026-01-20 19:04 UTC | newest]
Thread overview: 39+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-20 13:37 [OE-core][kirkstone 00/26] Patch review Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 01/26] util-linux: patch CVE-2025-14104 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 02/26] glib-2.0: patch CVE-2025-13601 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 03/26] glib-2.0: patch CVE-2025-14087 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 04/26] glib-2.0: patch CVE-2025-14512 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 05/26] qemu: ignore CVE-2025-54566 and CVE-2025-54567 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 06/26] cups: patch CVE-2025-58436 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 07/26] cups: patch CVE-2025-61915 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 08/26] cups: allow unknown directives in conf files Yoann Congal
2026-01-20 13:47 ` Patchtest results for " patchtest
2026-01-20 13:37 ` [OE-core][kirkstone 09/26] dropbear: patch CVE-2019-6111 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 10/26] python3-urllib3: patch CVE-2025-66418 Yoann Congal
2026-01-20 13:47 ` Patchtest results for " patchtest
2026-01-20 13:53 ` Marko, Peter
2026-01-20 13:37 ` [OE-core][kirkstone 11/26] libpcap: patch CVE-2025-11961 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 12/26] libpcap: patch CVE-2025-11964 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 13/26] python3: fix CVE-2025-13836 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 14/26] libarchive: fix CVE-2025-60753 regression Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 15/26] curl: patch CVE-2025-14017 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 16/26] curl: patch CVE-2025-15079 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 17/26] curl: patch CVE-2025-15224 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 18/26] gnupg: patch CVE-2025-68973 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 19/26] binutils: Fix CVE-2025-1181 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 20/26] pseudo: Upgrade to version 1.9.1 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 21/26] pseudo: 1.9.0 -> 1.9.2 Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 22/26] pseudo: Update to pull in memleak fix Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 23/26] pseudo: Add hard sstate dependencies for pseudo-native Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 24/26] pseudo: Update to pull in openat2 and efault return code changes Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 25/26] pseudo: Update to pull in 'makewrappers: Fix EFAULT implementation' Yoann Congal
2026-01-20 13:37 ` [OE-core][kirkstone 26/26] oeqa: Use 2.14 release of cpio instead of 2.13 Yoann Congal
2026-01-20 19:03 ` [OE-core][kirkstone 00/26] Patch review Yoann Congal
-- strict thread matches above, loose matches on Subject: below --
2022-08-19 2:42 Steve Sakoman
2022-06-02 16:51 Steve Sakoman
2022-06-10 8:39 ` [kirkstone " Sundeep KOKKONDA
2022-06-10 9:12 ` [OE-core] " Martin Jansa
2022-06-10 9:13 ` Martin Jansa
2022-06-10 14:19 ` Steve Sakoman
2022-06-16 2:19 ` Sundeep KOKKONDA
2022-06-16 14:19 ` [OE-core] " Randy MacLeod
2022-06-20 3:09 ` Sundeep KOKKONDA
2022-06-27 12:12 ` Randy MacLeod
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox