diff options
51 files changed, 953 insertions, 250 deletions
diff --git a/meta-filesystems/recipes-filesystems/owfs/owfs/0001-Add-build-rule-for-README.patch b/meta-filesystems/recipes-filesystems/owfs/owfs/0001-Add-build-rule-for-README.patch index 870d0ef056..229c58f1d0 100644 --- a/meta-filesystems/recipes-filesystems/owfs/owfs/0001-Add-build-rule-for-README.patch +++ b/meta-filesystems/recipes-filesystems/owfs/owfs/0001-Add-build-rule-for-README.patch | |||
| @@ -17,11 +17,11 @@ diff --git a/Makefile.am b/Makefile.am | |||
| 17 | index e0c4ad6..0449321 100644 | 17 | index e0c4ad6..0449321 100644 |
| 18 | --- a/Makefile.am | 18 | --- a/Makefile.am |
| 19 | +++ b/Makefile.am | 19 | +++ b/Makefile.am |
| 20 | @@ -35,3 +35,4 @@ rpmcvs: preparerpm | 20 | @@ -30,3 +30,5 @@ rpm: preparerpm |
| 21 | rpmcvs: preparerpm | ||
| 21 | @LN_S@ -f `pwd`/@PACKAGE@-@VERSION@.tar.gz ${RPMDIR}/SOURCES/@PACKAGE@-@VERSION@_cvs_`date +"%Y%m%d"`.tar.gz | 22 | @LN_S@ -f `pwd`/@PACKAGE@-@VERSION@.tar.gz ${RPMDIR}/SOURCES/@PACKAGE@-@VERSION@_cvs_`date +"%Y%m%d"`.tar.gz |
| 22 | cd ${RPMDIR}/SPECS && @RPMBUILD@ -ba @PACKAGE@.spec --define 'cvs 1' | 23 | cd ${RPMDIR}/SPECS && @RPMBUILD@ -ba @PACKAGE@.spec --define 'cvs 1' |
| 23 | 24 | + | |
| 24 | +README: README.md | 25 | +README: README.md |
| 25 | -- | 26 | -- |
| 26 | 2.7.4 | 27 | 2.7.4 |
| 27 | |||
diff --git a/meta-filesystems/recipes-filesystems/owfs/owfs/0001-Fix-compilation-with-GCC10.patch b/meta-filesystems/recipes-filesystems/owfs/owfs/0001-Fix-compilation-with-GCC10.patch deleted file mode 100644 index 6426ecb247..0000000000 --- a/meta-filesystems/recipes-filesystems/owfs/owfs/0001-Fix-compilation-with-GCC10.patch +++ /dev/null | |||
| @@ -1,44 +0,0 @@ | |||
| 1 | From a812202d22a2861318b8e39f1cd74cd222f8e76f Mon Sep 17 00:00:00 2001 | ||
| 2 | From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com> | ||
| 3 | Date: Tue, 9 Jun 2020 11:30:38 +0300 | ||
| 4 | Subject: [PATCH] Fix compilation with GCC10 | ||
| 5 | |||
| 6 | Fixed compilation with -fno-common, which enabled in GCC 10 by default. | ||
| 7 | See https://bugs.gentoo.org/707438. | ||
| 8 | |||
| 9 | Upstream-Status: Backport [https://github.com/owfs/owfs/pull/62] | ||
| 10 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 11 | --- | ||
| 12 | module/owserver/src/c/owserver.c | 2 ++ | ||
| 13 | module/owserver/src/include/owserver.h | 2 +- | ||
| 14 | 2 files changed, 3 insertions(+), 1 deletion(-) | ||
| 15 | |||
| 16 | diff --git a/module/owserver/src/c/owserver.c b/module/owserver/src/c/owserver.c | ||
| 17 | index db29988e..2ed29161 100644 | ||
| 18 | --- a/module/owserver/src/c/owserver.c | ||
| 19 | +++ b/module/owserver/src/c/owserver.c | ||
| 20 | @@ -36,6 +36,8 @@ | ||
| 21 | |||
| 22 | #include "owserver.h" | ||
| 23 | |||
| 24 | +pthread_mutex_t persistence_mutex ; | ||
| 25 | + | ||
| 26 | /* --- Prototypes ------------ */ | ||
| 27 | static void SetupAntiloop(int argc, char **argv); | ||
| 28 | |||
| 29 | diff --git a/module/owserver/src/include/owserver.h b/module/owserver/src/include/owserver.h | ||
| 30 | index 8be582f0..a257ed02 100644 | ||
| 31 | --- a/module/owserver/src/include/owserver.h | ||
| 32 | +++ b/module/owserver/src/include/owserver.h | ||
| 33 | @@ -18,7 +18,7 @@ | ||
| 34 | #include "ow.h" | ||
| 35 | #include "ow_connection.h" | ||
| 36 | |||
| 37 | -pthread_mutex_t persistence_mutex ; | ||
| 38 | +extern pthread_mutex_t persistence_mutex ; | ||
| 39 | #define PERSISTENCELOCK _MUTEX_LOCK( persistence_mutex ) ; | ||
| 40 | #define PERSISTENCEUNLOCK _MUTEX_UNLOCK( persistence_mutex ) ; | ||
| 41 | |||
| 42 | -- | ||
| 43 | 2.28.0 | ||
| 44 | |||
diff --git a/meta-filesystems/recipes-filesystems/owfs/owfs_3.2p3.bb b/meta-filesystems/recipes-filesystems/owfs/owfs_3.2p4.bb index 890c8aecc0..94379939de 100644 --- a/meta-filesystems/recipes-filesystems/owfs/owfs_3.2p3.bb +++ b/meta-filesystems/recipes-filesystems/owfs/owfs_3.2p4.bb | |||
| @@ -8,11 +8,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=628b867016631792781a8735a04760e5 \ | |||
| 8 | file://COPYING.LIB;md5=9021b7435efdd9fb22beef8291134099" | 8 | file://COPYING.LIB;md5=9021b7435efdd9fb22beef8291134099" |
| 9 | 9 | ||
| 10 | DEPENDS = "fuse virtual/libusb0" | 10 | DEPENDS = "fuse virtual/libusb0" |
| 11 | # v3.2p3 | 11 | |
| 12 | SRCREV = "3744375dfaa350e31c9b360eb1e1a517bbeb5c47" | 12 | SRCREV = "c68deb1fc6d30fcc5eabe0a0d9c9dc2ca54e455a" |
| 13 | SRC_URI = "git://github.com/owfs/owfs;branch=master;protocol=https \ | 13 | SRC_URI = "git://github.com/owfs/owfs;branch=master;protocol=https;tag=v${PV} \ |
| 14 | file://0001-Add-build-rule-for-README.patch \ | 14 | file://0001-Add-build-rule-for-README.patch \ |
| 15 | file://0001-Fix-compilation-with-GCC10.patch \ | ||
| 16 | file://owhttpd \ | 15 | file://owhttpd \ |
| 17 | file://owserver \ | 16 | file://owserver \ |
| 18 | " | 17 | " |
diff --git a/meta-filesystems/recipes-filesystems/packageconfigs/packagegroup-meta-filesystems.bb b/meta-filesystems/recipes-filesystems/packagegroups/packagegroup-meta-filesystems.bb index 40f851364d..40f851364d 100644 --- a/meta-filesystems/recipes-filesystems/packageconfigs/packagegroup-meta-filesystems.bb +++ b/meta-filesystems/recipes-filesystems/packagegroups/packagegroup-meta-filesystems.bb | |||
diff --git a/meta-filesystems/recipes-filesystems/zfs/zfs/0001-Define-strndupa-if-it-does-not-exist.patch b/meta-filesystems/recipes-filesystems/zfs/zfs/0001-Define-strndupa-if-it-does-not-exist.patch index 80955b3ca0..c607936e28 100644 --- a/meta-filesystems/recipes-filesystems/zfs/zfs/0001-Define-strndupa-if-it-does-not-exist.patch +++ b/meta-filesystems/recipes-filesystems/zfs/zfs/0001-Define-strndupa-if-it-does-not-exist.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From cc0cd6f71f6ef96fca2d7b730a3f0f6722fec696 Mon Sep 17 00:00:00 2001 | 1 | From 339359b9af5f24dedebe7234edd586e3fcacd436 Mon Sep 17 00:00:00 2001 |
| 2 | From: Khem Raj <raj.khem@gmail.com> | 2 | From: Khem Raj <raj.khem@gmail.com> |
| 3 | Date: Sat, 7 May 2022 12:15:22 -0700 | 3 | Date: Sat, 7 May 2022 12:15:22 -0700 |
| 4 | Subject: [PATCH] Define strndupa if it does not exist | 4 | Subject: [PATCH] Define strndupa if it does not exist |
| @@ -7,13 +7,12 @@ musl e.g. does not supply strndupa, unlike glibc | |||
| 7 | 7 | ||
| 8 | Upstream-Status: Pending | 8 | Upstream-Status: Pending |
| 9 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 9 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
| 10 | |||
| 11 | --- | 10 | --- |
| 12 | etc/systemd/system-generators/zfs-mount-generator.c | 9 +++++++++ | 11 | etc/systemd/system-generators/zfs-mount-generator.c | 9 +++++++++ |
| 13 | 1 file changed, 9 insertions(+) | 12 | 1 file changed, 9 insertions(+) |
| 14 | 13 | ||
| 15 | diff --git a/etc/systemd/system-generators/zfs-mount-generator.c b/etc/systemd/system-generators/zfs-mount-generator.c | 14 | diff --git a/etc/systemd/system-generators/zfs-mount-generator.c b/etc/systemd/system-generators/zfs-mount-generator.c |
| 16 | index f4c6c26..255bee4 100644 | 15 | index ab5dc4d78..d70cd2617 100644 |
| 17 | --- a/etc/systemd/system-generators/zfs-mount-generator.c | 16 | --- a/etc/systemd/system-generators/zfs-mount-generator.c |
| 18 | +++ b/etc/systemd/system-generators/zfs-mount-generator.c | 17 | +++ b/etc/systemd/system-generators/zfs-mount-generator.c |
| 19 | @@ -193,6 +193,15 @@ fopenat(int dirfd, const char *pathname, int flags, | 18 | @@ -193,6 +193,15 @@ fopenat(int dirfd, const char *pathname, int flags, |
diff --git a/meta-filesystems/recipes-filesystems/zfs/zfs/aaf28a4630af60496c9d33db1d06a7d7d8983422.patch b/meta-filesystems/recipes-filesystems/zfs/zfs/0002-fixes-broken-aarch64-inline-assembly-for-gcc-13.1.patch index f5504b389d..63dc71555a 100644 --- a/meta-filesystems/recipes-filesystems/zfs/zfs/aaf28a4630af60496c9d33db1d06a7d7d8983422.patch +++ b/meta-filesystems/recipes-filesystems/zfs/zfs/0002-fixes-broken-aarch64-inline-assembly-for-gcc-13.1.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From aaf28a4630af60496c9d33db1d06a7d7d8983422 Mon Sep 17 00:00:00 2001 | 1 | From d05d2583ae1807e380492ea8570106c1f0a9effb Mon Sep 17 00:00:00 2001 |
| 2 | From: Sebastian Gottschall <s.gottschall@dd-wrt.com> | 2 | From: Sebastian Gottschall <s.gottschall@dd-wrt.com> |
| 3 | Date: Tue, 23 May 2023 13:50:24 +0600 | 3 | Date: Tue, 23 May 2023 13:50:24 +0600 |
| 4 | Subject: [PATCH] fixes broken aarch64 inline assembly for gcc 13.1 | 4 | Subject: [PATCH] fixes broken aarch64 inline assembly for gcc 13.1 |
| @@ -39,9 +39,11 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> | |||
| 39 | module/Kbuild.in | 6 +++--- | 39 | module/Kbuild.in | 6 +++--- |
| 40 | 1 file changed, 3 insertions(+), 3 deletions(-) | 40 | 1 file changed, 3 insertions(+), 3 deletions(-) |
| 41 | 41 | ||
| 42 | diff --git a/module/Kbuild.in b/module/Kbuild.in | ||
| 43 | index a72d2a4cc..c6134baec 100644 | ||
| 42 | --- a/module/Kbuild.in | 44 | --- a/module/Kbuild.in |
| 43 | +++ b/module/Kbuild.in | 45 | +++ b/module/Kbuild.in |
| 44 | @@ -57,9 +57,9 @@ asflags-y := $(ZFS_MODULE_CFLAGS) $(ZFS_ | 46 | @@ -57,9 +57,9 @@ asflags-y := $(ZFS_MODULE_CFLAGS) $(ZFS_MODULE_CPPFLAGS) |
| 45 | ccflags-y := $(ZFS_MODULE_CFLAGS) $(ZFS_MODULE_CPPFLAGS) | 47 | ccflags-y := $(ZFS_MODULE_CFLAGS) $(ZFS_MODULE_CPPFLAGS) |
| 46 | 48 | ||
| 47 | ifeq ($(CONFIG_ARM64),y) | 49 | ifeq ($(CONFIG_ARM64),y) |
diff --git a/meta-filesystems/recipes-filesystems/zfs/zfs/0001-fs-tests-cmd-readmmap-Replace-uint_t-with-uint32_t.patch b/meta-filesystems/recipes-filesystems/zfs/zfs/0003-fs-tests-cmd-readmmap-Replace-uint_t-with-uint32_t.patch index f1cfab4daf..d106bc0cdd 100644 --- a/meta-filesystems/recipes-filesystems/zfs/zfs/0001-fs-tests-cmd-readmmap-Replace-uint_t-with-uint32_t.patch +++ b/meta-filesystems/recipes-filesystems/zfs/zfs/0003-fs-tests-cmd-readmmap-Replace-uint_t-with-uint32_t.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 1f9a5cb860b3509791e59a8cae9d5f265e832ed0 Mon Sep 17 00:00:00 2001 | 1 | From b37f4e0f11186206863f41e1a638ca4e57c3dc53 Mon Sep 17 00:00:00 2001 |
| 2 | From: Khem Raj <raj.khem@gmail.com> | 2 | From: Khem Raj <raj.khem@gmail.com> |
| 3 | Date: Sun, 28 May 2023 16:33:15 -0700 | 3 | Date: Sun, 28 May 2023 16:33:15 -0700 |
| 4 | Subject: [PATCH] fs-tests/cmd/readmmap: Replace uint_t with uint32_t | 4 | Subject: [PATCH] fs-tests/cmd/readmmap: Replace uint_t with uint32_t |
| @@ -12,7 +12,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> | |||
| 12 | 1 file changed, 3 insertions(+), 2 deletions(-) | 12 | 1 file changed, 3 insertions(+), 2 deletions(-) |
| 13 | 13 | ||
| 14 | diff --git a/tests/zfs-tests/cmd/readmmap.c b/tests/zfs-tests/cmd/readmmap.c | 14 | diff --git a/tests/zfs-tests/cmd/readmmap.c b/tests/zfs-tests/cmd/readmmap.c |
| 15 | index 704ffd55c8..a2590e0e8d 100644 | 15 | index a5c8079d0..c22b58e9d 100644 |
| 16 | --- a/tests/zfs-tests/cmd/readmmap.c | 16 | --- a/tests/zfs-tests/cmd/readmmap.c |
| 17 | +++ b/tests/zfs-tests/cmd/readmmap.c | 17 | +++ b/tests/zfs-tests/cmd/readmmap.c |
| 18 | @@ -38,6 +38,7 @@ | 18 | @@ -38,6 +38,7 @@ |
| @@ -23,7 +23,7 @@ index 704ffd55c8..a2590e0e8d 100644 | |||
| 23 | #include <stdio.h> | 23 | #include <stdio.h> |
| 24 | #include <stdlib.h> | 24 | #include <stdlib.h> |
| 25 | #include <unistd.h> | 25 | #include <unistd.h> |
| 26 | @@ -55,7 +56,7 @@ main(int argc, char **argv) | 26 | @@ -56,7 +57,7 @@ main(int argc, char **argv) |
| 27 | char *buf = NULL; | 27 | char *buf = NULL; |
| 28 | char *map = NULL; | 28 | char *map = NULL; |
| 29 | int fd = -1, bytes, retval = 0; | 29 | int fd = -1, bytes, retval = 0; |
| @@ -32,7 +32,7 @@ index 704ffd55c8..a2590e0e8d 100644 | |||
| 32 | 32 | ||
| 33 | if (argc < 2 || optind == argc) { | 33 | if (argc < 2 || optind == argc) { |
| 34 | (void) fprintf(stderr, | 34 | (void) fprintf(stderr, |
| 35 | @@ -92,7 +93,7 @@ main(int argc, char **argv) | 35 | @@ -93,7 +94,7 @@ main(int argc, char **argv) |
| 36 | retval = 1; | 36 | retval = 1; |
| 37 | goto end; | 37 | goto end; |
| 38 | } | 38 | } |
| @@ -41,6 +41,3 @@ index 704ffd55c8..a2590e0e8d 100644 | |||
| 41 | srandom(seed); | 41 | srandom(seed); |
| 42 | 42 | ||
| 43 | idx = random() % size; | 43 | idx = random() % size; |
| 44 | -- | ||
| 45 | 2.40.1 | ||
| 46 | |||
diff --git a/meta-filesystems/recipes-filesystems/zfs/zfs/0004-linux-use-sys-stat.h-instead-of-linux-stat.h.patch b/meta-filesystems/recipes-filesystems/zfs/zfs/0004-linux-use-sys-stat.h-instead-of-linux-stat.h.patch new file mode 100644 index 0000000000..53fa5d9b5c --- /dev/null +++ b/meta-filesystems/recipes-filesystems/zfs/zfs/0004-linux-use-sys-stat.h-instead-of-linux-stat.h.patch | |||
| @@ -0,0 +1,83 @@ | |||
| 1 | From a4d9aadf0094392e5e477dbc8c43f973692dab00 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: classabbyamp <5366828+classabbyamp@users.noreply.github.com> | ||
| 3 | Date: Wed, 27 Aug 2025 17:42:32 -0400 | ||
| 4 | Subject: [PATCH] linux: use sys/stat.h instead of linux/stat.h | ||
| 5 | |||
| 6 | glibc includes linux/stat.h for statx, but musl defines its own statx | ||
| 7 | struct and associated constants, which does not include STATX_MNT_ID | ||
| 8 | yet. Thus, including linux/stat.h directly should be avoided for | ||
| 9 | maximum libc compatibility. | ||
| 10 | |||
| 11 | Tested on: | ||
| 12 | - glibc: x86_64, i686, aarch64, armv7l, armv6l | ||
| 13 | - musl: x86_64, aarch64, armv7l, armv6l | ||
| 14 | |||
| 15 | Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> | ||
| 16 | Tested-By: Achill Gilgenast <achill@achill.org> | ||
| 17 | Signed-off-by: classabbyamp <dev@placeviolette.net> | ||
| 18 | Closes #17675 | ||
| 19 | (cherry picked from commit ccf5a8a6fcfdfbdaa2f0fdca5d787958224bf06d) | ||
| 20 | |||
| 21 | Upstream-Status: Backport [https://github.com/openzfs/zfs/commit/ccf5a8a6fcfdfbdaa2f0fdca5d787958224bf06d] | ||
| 22 | Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> | ||
| 23 | --- | ||
| 24 | config/user-statx.m4 | 6 +++--- | ||
| 25 | include/os/linux/spl/sys/stat.h | 2 +- | ||
| 26 | lib/libspl/include/os/linux/sys/stat.h | 2 +- | ||
| 27 | 3 files changed, 5 insertions(+), 5 deletions(-) | ||
| 28 | |||
| 29 | diff --git a/config/user-statx.m4 b/config/user-statx.m4 | ||
| 30 | index 0315f93e0..1ba74a40e 100644 | ||
| 31 | --- a/config/user-statx.m4 | ||
| 32 | +++ b/config/user-statx.m4 | ||
| 33 | @@ -2,7 +2,7 @@ dnl # | ||
| 34 | dnl # Check for statx() function and STATX_MNT_ID availability | ||
| 35 | dnl # | ||
| 36 | AC_DEFUN([ZFS_AC_CONFIG_USER_STATX], [ | ||
| 37 | - AC_CHECK_HEADERS([linux/stat.h], | ||
| 38 | + AC_CHECK_HEADERS([sys/stat.h], | ||
| 39 | [have_stat_headers=yes], | ||
| 40 | [have_stat_headers=no]) | ||
| 41 | |||
| 42 | @@ -14,7 +14,7 @@ AC_DEFUN([ZFS_AC_CONFIG_USER_STATX], [ | ||
| 43 | AC_MSG_CHECKING([for STATX_MNT_ID]) | ||
| 44 | AC_COMPILE_IFELSE([ | ||
| 45 | AC_LANG_PROGRAM([[ | ||
| 46 | - #include <linux/stat.h> | ||
| 47 | + #include <sys/stat.h> | ||
| 48 | ]], [[ | ||
| 49 | struct statx stx; | ||
| 50 | int mask = STATX_MNT_ID; | ||
| 51 | @@ -29,6 +29,6 @@ AC_DEFUN([ZFS_AC_CONFIG_USER_STATX], [ | ||
| 52 | ]) | ||
| 53 | ]) | ||
| 54 | ], [ | ||
| 55 | - AC_MSG_WARN([linux/stat.h not found; skipping statx support]) | ||
| 56 | + AC_MSG_WARN([sys/stat.h not found; skipping statx support]) | ||
| 57 | ]) | ||
| 58 | ]) dnl end AC_DEFUN | ||
| 59 | diff --git a/include/os/linux/spl/sys/stat.h b/include/os/linux/spl/sys/stat.h | ||
| 60 | index 598784964..5c8cff72e 100644 | ||
| 61 | --- a/include/os/linux/spl/sys/stat.h | ||
| 62 | +++ b/include/os/linux/spl/sys/stat.h | ||
| 63 | @@ -24,6 +24,6 @@ | ||
| 64 | #ifndef _SPL_STAT_H | ||
| 65 | #define _SPL_STAT_H | ||
| 66 | |||
| 67 | -#include <linux/stat.h> | ||
| 68 | +#include <sys/stat.h> | ||
| 69 | |||
| 70 | #endif /* SPL_STAT_H */ | ||
| 71 | diff --git a/lib/libspl/include/os/linux/sys/stat.h b/lib/libspl/include/os/linux/sys/stat.h | ||
| 72 | index 5fbe892ee..ef8738fa8 100644 | ||
| 73 | --- a/lib/libspl/include/os/linux/sys/stat.h | ||
| 74 | +++ b/lib/libspl/include/os/linux/sys/stat.h | ||
| 75 | @@ -32,7 +32,7 @@ | ||
| 76 | |||
| 77 | #ifdef HAVE_STATX | ||
| 78 | #include <fcntl.h> | ||
| 79 | -#include <linux/stat.h> | ||
| 80 | +#include <sys/stat.h> | ||
| 81 | #endif | ||
| 82 | |||
| 83 | /* | ||
diff --git a/meta-filesystems/recipes-filesystems/zfs/zfs_2.2.8.bb b/meta-filesystems/recipes-filesystems/zfs/zfs_2.2.9.bb index 1fc1457b19..22d35516e7 100644 --- a/meta-filesystems/recipes-filesystems/zfs/zfs_2.2.8.bb +++ b/meta-filesystems/recipes-filesystems/zfs/zfs_2.2.9.bb | |||
| @@ -4,11 +4,12 @@ LICENSE = "CDDL-1.0" | |||
| 4 | LIC_FILES_CHKSUM = "file://LICENSE;md5=7087caaf1dc8a2856585619f4a787faa" | 4 | LIC_FILES_CHKSUM = "file://LICENSE;md5=7087caaf1dc8a2856585619f4a787faa" |
| 5 | HOMEPAGE = "https://github.com/openzfs/zfs" | 5 | HOMEPAGE = "https://github.com/openzfs/zfs" |
| 6 | 6 | ||
| 7 | SRCREV = "3e4a3e161c00273303cd9fa9e0dc09ead3499a8a" | 7 | SRCREV = "079ba86d71571bf997ff688da061d8c4aa2fd052" |
| 8 | SRC_URI = "git://github.com/openzfs/zfs;protocol=https;branch=zfs-2.2-release \ | 8 | SRC_URI = "git://github.com/openzfs/zfs;protocol=https;branch=zfs-2.2-release;tag=${BP} \ |
| 9 | file://0001-Define-strndupa-if-it-does-not-exist.patch \ | 9 | file://0001-Define-strndupa-if-it-does-not-exist.patch \ |
| 10 | file://aaf28a4630af60496c9d33db1d06a7d7d8983422.patch \ | 10 | file://0002-fixes-broken-aarch64-inline-assembly-for-gcc-13.1.patch \ |
| 11 | file://0001-fs-tests-cmd-readmmap-Replace-uint_t-with-uint32_t.patch \ | 11 | file://0003-fs-tests-cmd-readmmap-Replace-uint_t-with-uint32_t.patch \ |
| 12 | file://0004-linux-use-sys-stat.h-instead-of-linux-stat.h.patch \ | ||
| 12 | " | 13 | " |
| 13 | 14 | ||
| 14 | 15 | ||
diff --git a/meta-filesystems/recipes-utils/btrfsmaintenance/btrfsmaintenance_0.5.bb b/meta-filesystems/recipes-utils/btrfsmaintenance/btrfsmaintenance_0.5.2.bb index 645e38ca49..6722b63c10 100644 --- a/meta-filesystems/recipes-utils/btrfsmaintenance/btrfsmaintenance_0.5.bb +++ b/meta-filesystems/recipes-utils/btrfsmaintenance/btrfsmaintenance_0.5.2.bb | |||
| @@ -9,11 +9,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=892f569a555ba9c07a568a7c0c4fa63a" | |||
| 9 | 9 | ||
| 10 | SECTION = "base" | 10 | SECTION = "base" |
| 11 | 11 | ||
| 12 | SRC_URI = "git://github.com/kdave/${BPN};branch=master;protocol=https \ | 12 | SRC_URI = "git://github.com/kdave/${BPN};branch=master;protocol=https;tag=v${PV} \ |
| 13 | file://0001-change-sysconfig-path-to-etc-default.patch \ | 13 | file://0001-change-sysconfig-path-to-etc-default.patch \ |
| 14 | file://0002-add-WantedBy-directive-to-btrfsmaintenance-refresh.s.patch \ | 14 | file://0002-add-WantedBy-directive-to-btrfsmaintenance-refresh.s.patch \ |
| 15 | " | 15 | " |
| 16 | SRCREV = "be42cb6267055d125994abd6927cf3a26deab74c" | 16 | SRCREV = "beb9e2d166cbd856297fe8d28e89e8b36961a723" |
| 17 | 17 | ||
| 18 | UPSTREAM_CHECK_URI = "https://github.com/kdave/${BPN}/tags" | 18 | UPSTREAM_CHECK_URI = "https://github.com/kdave/${BPN}/tags" |
| 19 | UPSTREAM_CHECK_REGEX = "${BPN}/releases/tag/v(?P<pver>\d+(?:\.\d+)*)" | 19 | UPSTREAM_CHECK_REGEX = "${BPN}/releases/tag/v(?P<pver>\d+(?:\.\d+)*)" |
diff --git a/meta-filesystems/recipes-utils/btrfsmaintenance/files/0001-change-sysconfig-path-to-etc-default.patch b/meta-filesystems/recipes-utils/btrfsmaintenance/files/0001-change-sysconfig-path-to-etc-default.patch index d425206f0e..b064adcc86 100644 --- a/meta-filesystems/recipes-utils/btrfsmaintenance/files/0001-change-sysconfig-path-to-etc-default.patch +++ b/meta-filesystems/recipes-utils/btrfsmaintenance/files/0001-change-sysconfig-path-to-etc-default.patch | |||
| @@ -1,6 +1,3 @@ | |||
| 1 | From b49dbe17e0d9ae463e5a34e6991aa2d3c70d2fb1 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Claudius Heine <ch@denx.de> | ||
| 3 | Date: Wed, 11 May 2022 14:33:13 +0200 | ||
| 4 | Subject: [PATCH] change sysconfig path to /etc/default | 1 | Subject: [PATCH] change sysconfig path to /etc/default |
| 5 | 2 | ||
| 6 | OE uses /etc/default for service configuration, not /etc/sysconfig which | 3 | OE uses /etc/default for service configuration, not /etc/sysconfig which |
| @@ -11,6 +8,9 @@ Change the files accordingly | |||
| 11 | Upstream-Status: Inappropriate [OE specific] | 8 | Upstream-Status: Inappropriate [OE specific] |
| 12 | 9 | ||
| 13 | Signed-off-by: Claudius Heine <ch@denx.de> | 10 | Signed-off-by: Claudius Heine <ch@denx.de> |
| 11 | |||
| 12 | Update for 0.5.2 | ||
| 13 | Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> | ||
| 14 | --- | 14 | --- |
| 15 | btrfsmaintenance-refresh.path | 4 ++-- | 15 | btrfsmaintenance-refresh.path | 4 ++-- |
| 16 | btrfsmaintenance-refresh.service | 2 +- | 16 | btrfsmaintenance-refresh.service | 2 +- |
| @@ -32,16 +32,16 @@ index d56ad11..f0b4132 100644 | |||
| 32 | [Install] | 32 | [Install] |
| 33 | WantedBy=multi-user.target | 33 | WantedBy=multi-user.target |
| 34 | diff --git a/btrfsmaintenance-refresh.service b/btrfsmaintenance-refresh.service | 34 | diff --git a/btrfsmaintenance-refresh.service b/btrfsmaintenance-refresh.service |
| 35 | index 4ed1eb4..d6225a6 100644 | 35 | index 19e51c0..223fca9 100644 |
| 36 | --- a/btrfsmaintenance-refresh.service | 36 | --- a/btrfsmaintenance-refresh.service |
| 37 | +++ b/btrfsmaintenance-refresh.service | 37 | +++ b/btrfsmaintenance-refresh.service |
| 38 | @@ -1,5 +1,5 @@ | 38 | @@ -1,5 +1,5 @@ |
| 39 | [Unit] | 39 | [Unit] |
| 40 | -Description=Update cron periods from /etc/sysconfig/btrfsmaintenance | 40 | -Description=Configure systemd timer schedule according to /etc/sysconfig/btrfsmaintenance |
| 41 | +Description=Update cron periods from /etc/default/btrfsmaintenance | 41 | +Description=Configure systemd timer schedule according to /etc/default/btrfsmaintenance |
| 42 | Documentation="file:/usr/share/doc/btrfsmaintenance/README.man" | ||
| 43 | Documentation="file:/usr/share/doc/packages/btrfsmaintenance/README.man" | ||
| 42 | 44 | ||
| 43 | [Service] | ||
| 44 | ExecStart=/usr/share/btrfsmaintenance/btrfsmaintenance-refresh-cron.sh systemd-timer | ||
| 45 | -- | 45 | -- |
| 46 | 2.33.3 | 46 | 2.43.0 |
| 47 | 47 | ||
diff --git a/meta-multimedia/recipes-multimedia/bluealsa/bluealsa_4.3.0.bb b/meta-multimedia/recipes-multimedia/bluealsa/bluealsa_4.3.0.bb index 162a51284e..4f15465371 100644 --- a/meta-multimedia/recipes-multimedia/bluealsa/bluealsa_4.3.0.bb +++ b/meta-multimedia/recipes-multimedia/bluealsa/bluealsa_4.3.0.bb | |||
| @@ -58,6 +58,7 @@ EXTRA_OECONF = "\ | |||
| 58 | PACKAGE_BEFORE_PN = "${PN}-aplay" | 58 | PACKAGE_BEFORE_PN = "${PN}-aplay" |
| 59 | 59 | ||
| 60 | FILES:${PN}-aplay += "${bindir}/bluealsa-aplay" | 60 | FILES:${PN}-aplay += "${bindir}/bluealsa-aplay" |
| 61 | FILES:${PN}-staticdev += "${libdir}/alsa-lib/*.a" | ||
| 61 | FILES:${PN} += "${libdir}/alsa-lib/* ${datadir}/dbus-1/system.d" | 62 | FILES:${PN} += "${libdir}/alsa-lib/* ${datadir}/dbus-1/system.d" |
| 62 | 63 | ||
| 63 | RRECOMMENDS:${PN} = "${PN}-aplay" | 64 | RRECOMMENDS:${PN} = "${PN}-aplay" |
diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2025-61147.patch b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2025-61147.patch new file mode 100644 index 0000000000..e3c2ce40e7 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2025-61147.patch | |||
| @@ -0,0 +1,84 @@ | |||
| 1 | From 4f267b389e33e30f9eccfedd5768fb172a64d9c2 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Dirk Farin <dirk.farin@gmail.com> | ||
| 3 | Date: Tue, 9 Sep 2025 15:14:05 +0200 | ||
| 4 | Subject: [PATCH] check for valid integer command line parameters (#484) | ||
| 5 | |||
| 6 | OE comment: | ||
| 7 | This is a partial backport of the below mentioned patch, without raising | ||
| 8 | the required c++ standard. | ||
| 9 | |||
| 10 | CVE: CVE-2025-61147 | ||
| 11 | Upstream-Status: Backport [https://github.com/strukturag/libde265/commit/8b17e0930f77db07f55e0b89399a8f054ddbecf7] | ||
| 12 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 13 | --- | ||
| 14 | dec265/dec265.cc | 35 ++++++++++++++++++++++++++++++++--- | ||
| 15 | 1 file changed, 32 insertions(+), 3 deletions(-) | ||
| 16 | |||
| 17 | diff --git a/dec265/dec265.cc b/dec265/dec265.cc | ||
| 18 | index 79f67cd3..c38b0715 100644 | ||
| 19 | --- a/dec265/dec265.cc | ||
| 20 | +++ b/dec265/dec265.cc | ||
| 21 | @@ -27,6 +27,9 @@ | ||
| 22 | #define DO_MEMORY_LOGGING 0 | ||
| 23 | |||
| 24 | #include "de265.h" | ||
| 25 | +#include <stdexcept> | ||
| 26 | +#include <iostream> | ||
| 27 | + | ||
| 28 | #ifdef HAVE_CONFIG_H | ||
| 29 | #include "config.h" | ||
| 30 | #endif | ||
| 31 | @@ -562,6 +565,32 @@ void (*volatile __malloc_initialize_hook)(void) = init_my_hooks; | ||
| 32 | #endif | ||
| 33 | #endif | ||
| 34 | |||
| 35 | +int parse_param(const char* arg, int lower_bound, const char* arg_name){ | ||
| 36 | + int value; | ||
| 37 | + | ||
| 38 | + try { | ||
| 39 | + size_t len; | ||
| 40 | + value = std::stoi(optarg, &len); | ||
| 41 | + if (arg[len] != 0) { | ||
| 42 | + std::cerr << "invalid argument to " << arg_name << "\n"; | ||
| 43 | + exit(5); | ||
| 44 | + } | ||
| 45 | + } catch (std::invalid_argument const& ex) { | ||
| 46 | + std::cerr << "invalid argument to " << arg_name << "\n"; | ||
| 47 | + exit(5); | ||
| 48 | + } | ||
| 49 | + catch (std::out_of_range const& ex) { | ||
| 50 | + std::cerr << "argument to -T is out of range\n"; | ||
| 51 | + exit(5); | ||
| 52 | + } | ||
| 53 | + | ||
| 54 | + if (value < lower_bound) { | ||
| 55 | + std::cerr << "argument to " << arg_name << " may not be smaller than " << lower_bound << "\n"; | ||
| 56 | + exit(5); | ||
| 57 | + } | ||
| 58 | + | ||
| 59 | + return value; | ||
| 60 | +} | ||
| 61 | |||
| 62 | int main(int argc, char** argv) | ||
| 63 | { | ||
| 64 | @@ -578,9 +607,9 @@ int main(int argc, char** argv) | ||
| 65 | |||
| 66 | switch (c) { | ||
| 67 | case 'q': quiet++; break; | ||
| 68 | - case 't': nThreads=atoi(optarg); break; | ||
| 69 | + case 't': nThreads=parse_param(optarg, 0, "-t"); break; | ||
| 70 | case 'c': check_hash=true; break; | ||
| 71 | - case 'f': max_frames=atoi(optarg); break; | ||
| 72 | + case 'f': max_frames=parse_param(optarg, 1, "-f"); break; | ||
| 73 | case 'o': write_yuv=true; output_filename=optarg; break; | ||
| 74 | case 'h': show_help=true; break; | ||
| 75 | case 'd': dump_headers=true; break; | ||
| 76 | @@ -592,7 +621,7 @@ int main(int argc, char** argv) | ||
| 77 | case 'm': measure_quality=true; reference_filename=optarg; break; | ||
| 78 | case 's': show_ssim_map=true; break; | ||
| 79 | case 'e': show_psnr_map=true; break; | ||
| 80 | - case 'T': highestTID=atoi(optarg); break; | ||
| 81 | + case 'T': highestTID = parse_param(optarg, 0, "-T"); break; | ||
| 82 | case 'v': verbosity++; break; | ||
| 83 | } | ||
| 84 | } | ||
diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.16.bb b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.16.bb index 3e3381b646..2676de5c2e 100644 --- a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.16.bb +++ b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.16.bb | |||
| @@ -8,7 +8,9 @@ LICENSE = "LGPL-3.0-only & MIT" | |||
| 8 | LICENSE_FLAGS = "commercial" | 8 | LICENSE_FLAGS = "commercial" |
| 9 | LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f" | 9 | LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f" |
| 10 | 10 | ||
| 11 | SRC_URI = "git://github.com/strukturag/libde265.git;branch=master;protocol=https;tag=v${PV}" | 11 | SRC_URI = "git://github.com/strukturag/libde265.git;branch=master;protocol=https;tag=v${PV} \ |
| 12 | file://CVE-2025-61147.patch \ | ||
| 13 | " | ||
| 12 | SRCREV = "7ba65889d3d6d8a0d99b5360b028243ba843be3a" | 14 | SRCREV = "7ba65889d3d6d8a0d99b5360b028243ba843be3a" |
| 13 | 15 | ||
| 14 | 16 | ||
diff --git a/meta-networking/recipes-daemons/lldpd/lldpd_1.0.20.bb b/meta-networking/recipes-daemons/lldpd/lldpd_1.0.20.bb index 044f1e0745..b7224d0f3d 100644 --- a/meta-networking/recipes-daemons/lldpd/lldpd_1.0.20.bb +++ b/meta-networking/recipes-daemons/lldpd/lldpd_1.0.20.bb | |||
| @@ -29,7 +29,7 @@ EXTRA_OECONF += "--without-embedded-libevent \ | |||
| 29 | " | 29 | " |
| 30 | 30 | ||
| 31 | PACKAGECONFIG ??= "cdp fdp edp sonmp lldpmed dot1 dot3" | 31 | PACKAGECONFIG ??= "cdp fdp edp sonmp lldpmed dot1 dot3" |
| 32 | PACKAGECONFIG[xml] = "--with-xml,--without-xml,libxm2" | 32 | PACKAGECONFIG[xml] = "--with-xml,--without-xml,libxml2" |
| 33 | PACKAGECONFIG[snmp] = "--with-snmp,--without-snmp,net-snmp" | 33 | PACKAGECONFIG[snmp] = "--with-snmp,--without-snmp,net-snmp" |
| 34 | PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline" | 34 | PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline" |
| 35 | PACKAGECONFIG[seccomp] = "--with-seccomp,--without-seccomp,libseccomp" | 35 | PACKAGECONFIG[seccomp] = "--with-seccomp,--without-seccomp,libseccomp" |
diff --git a/meta-networking/recipes-daemons/postfix/postfix_3.10.6.bb b/meta-networking/recipes-daemons/postfix/postfix_3.10.8.bb index 6c091d9c56..757e6efa8c 100644 --- a/meta-networking/recipes-daemons/postfix/postfix_3.10.6.bb +++ b/meta-networking/recipes-daemons/postfix/postfix_3.10.8.bb | |||
| @@ -28,7 +28,7 @@ SRC_URI = "http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${P | |||
| 28 | file://0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \ | 28 | file://0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \ |
| 29 | " | 29 | " |
| 30 | 30 | ||
| 31 | SRC_URI[sha256sum] = "71b383f57d4cb363201be8a301bcbafe304aadbe7f38ebde41cd5b952248465b" | 31 | SRC_URI[sha256sum] = "31d4b3eb8093d823b5a151f571719ff7c0462571bc95e6440d87ca525bfb096c" |
| 32 | 32 | ||
| 33 | UPSTREAM_CHECK_URI = "https://www.postfix.org/announcements.html" | 33 | UPSTREAM_CHECK_URI = "https://www.postfix.org/announcements.html" |
| 34 | UPSTREAM_CHECK_REGEX = "postfix-(?P<pver>\d+(\.\d+)+)" | 34 | UPSTREAM_CHECK_REGEX = "postfix-(?P<pver>\d+(\.\d+)+)" |
diff --git a/meta-networking/recipes-support/ettercap/ettercap/CVE-2026-3606.patch b/meta-networking/recipes-support/ettercap/ettercap/CVE-2026-3606.patch new file mode 100644 index 0000000000..6d3df3e596 --- /dev/null +++ b/meta-networking/recipes-support/ettercap/ettercap/CVE-2026-3606.patch | |||
| @@ -0,0 +1,48 @@ | |||
| 1 | From 9b281e30a1e7fec481af7e07b40a00cd9edf1cf8 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Alexander Koeppe <alexander@koeppe.rocks> | ||
| 3 | Date: Sun, 8 Mar 2026 17:57:39 +0100 | ||
| 4 | Subject: [PATCH] Fix heap-out-of-bounds read issue in etterfilter | ||
| 5 | (CVE-2026-3606) | ||
| 6 | |||
| 7 | CVE: CVE-2026-3606 | ||
| 8 | Upstream-Status: Backport [https://github.com/Ettercap/ettercap/commit/41c312d4be6f6067968a275bf66b2abd2a0ba385] | ||
| 9 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 10 | --- | ||
| 11 | include/ec.h | 6 ++++++ | ||
| 12 | utils/etterfilter/ef_output.c | 4 ++-- | ||
| 13 | 2 files changed, 8 insertions(+), 2 deletions(-) | ||
| 14 | |||
| 15 | diff --git a/include/ec.h b/include/ec.h | ||
| 16 | index 4e363b0a..66da146e 100644 | ||
| 17 | --- a/include/ec.h | ||
| 18 | +++ b/include/ec.h | ||
| 19 | @@ -81,6 +81,12 @@ | ||
| 20 | ON_ERROR(x, NULL, "virtual memory exhausted"); \ | ||
| 21 | } while(0) | ||
| 22 | |||
| 23 | +#define SAFE_RECALLOC(x, s) do { \ | ||
| 24 | + x = realloc(x, s); \ | ||
| 25 | + ON_ERROR(x, NULL, "virtual memory exhausted"); \ | ||
| 26 | + memset(x, 0, s); \ | ||
| 27 | +} while(0) | ||
| 28 | + | ||
| 29 | #define SAFE_STRDUP(x, s) do{ \ | ||
| 30 | x = strdup(s); \ | ||
| 31 | ON_ERROR(x, NULL, "virtual memory exhausted"); \ | ||
| 32 | diff --git a/utils/etterfilter/ef_output.c b/utils/etterfilter/ef_output.c | ||
| 33 | index 2530e599..2f49177e 100644 | ||
| 34 | --- a/utils/etterfilter/ef_output.c | ||
| 35 | +++ b/utils/etterfilter/ef_output.c | ||
| 36 | @@ -150,10 +150,10 @@ static size_t create_data_segment(u_char** data, struct filter_header *fh, struc | ||
| 37 | static size_t add_data_segment(u_char **data, size_t base, u_char **string, size_t slen) | ||
| 38 | { | ||
| 39 | /* make room for the new string */ | ||
| 40 | - SAFE_REALLOC(*data, base + slen + 1); | ||
| 41 | + SAFE_RECALLOC(*data, base + slen + 1); | ||
| 42 | |||
| 43 | /* copy the string, NULL separated */ | ||
| 44 | - memcpy(*data + base, *string, slen + 1); | ||
| 45 | + memcpy(*data + base, *string, slen); | ||
| 46 | |||
| 47 | /* | ||
| 48 | * change the pointer to the new string location | ||
diff --git a/meta-networking/recipes-support/ettercap/ettercap_0.8.3.1.bb b/meta-networking/recipes-support/ettercap/ettercap_0.8.3.1.bb index 027b6dd190..b3b756dddc 100644 --- a/meta-networking/recipes-support/ettercap/ettercap_0.8.3.1.bb +++ b/meta-networking/recipes-support/ettercap/ettercap_0.8.3.1.bb | |||
| @@ -22,7 +22,9 @@ RDEPENDS:${PN} += "bash ethtool libgcc" | |||
| 22 | 22 | ||
| 23 | SRC_URI = "gitsm://github.com/Ettercap/ettercap;branch=master;protocol=https \ | 23 | SRC_URI = "gitsm://github.com/Ettercap/ettercap;branch=master;protocol=https \ |
| 24 | file://0001-sslstrip-Enhance-the-libcurl-version-check-to-consid.patch \ | 24 | file://0001-sslstrip-Enhance-the-libcurl-version-check-to-consid.patch \ |
| 25 | file://0002-allow-build-with-cmake-4.patch" | 25 | file://0002-allow-build-with-cmake-4.patch \ |
| 26 | file://CVE-2026-3606.patch \ | ||
| 27 | " | ||
| 26 | 28 | ||
| 27 | SRCREV = "7281fbddb7da7478beb1d21e3cb105fff3778b31" | 29 | SRCREV = "7281fbddb7da7478beb1d21e3cb105fff3778b31" |
| 28 | 30 | ||
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-devtools/bpftrace/bpftrace_0.24.1.bb b/meta-oe/dynamic-layers/meta-python/recipes-devtools/bpftrace/bpftrace_0.24.1.bb index add2ff01a8..33de2f4054 100644 --- a/meta-oe/dynamic-layers/meta-python/recipes-devtools/bpftrace/bpftrace_0.24.1.bb +++ b/meta-oe/dynamic-layers/meta-python/recipes-devtools/bpftrace/bpftrace_0.24.1.bb | |||
| @@ -15,9 +15,6 @@ DEPENDS += "bison-native \ | |||
| 15 | " | 15 | " |
| 16 | DEPENDS += "${@bb.utils.contains('PTEST_ENABLED', '1', 'pahole-native llvm-native', '', d)}" | 16 | DEPENDS += "${@bb.utils.contains('PTEST_ENABLED', '1', 'pahole-native llvm-native', '', d)}" |
| 17 | 17 | ||
| 18 | RDEPENDS:${PN} += "bash python3 xz" | ||
| 19 | RDEPENDS:${PN}-ptest += "bpftool" | ||
| 20 | |||
| 21 | SRC_URI = "git://github.com/iovisor/bpftrace;branch=release/0.24.x;protocol=https;tag=v${PV} \ | 18 | SRC_URI = "git://github.com/iovisor/bpftrace;branch=release/0.24.x;protocol=https;tag=v${PV} \ |
| 22 | file://run-ptest \ | 19 | file://run-ptest \ |
| 23 | file://0002-CMakeLists.txt-allow-to-set-BISON_FLAGS-like-l.patch \ | 20 | file://0002-CMakeLists.txt-allow-to-set-BISON_FLAGS-like-l.patch \ |
| @@ -41,9 +38,9 @@ do_install_ptest() { | |||
| 41 | cp -rf ${B}/tests/test* ${D}${PTEST_PATH}/tests | 38 | cp -rf ${B}/tests/test* ${D}${PTEST_PATH}/tests |
| 42 | fi | 39 | fi |
| 43 | for f in testlibs/cmake_install.cmake \ | 40 | for f in testlibs/cmake_install.cmake \ |
| 44 | testprogs/cmake_install.cmake \ | 41 | testprogs/cmake_install.cmake \ |
| 45 | testlibs/CTestTestfile.cmake \ | 42 | testlibs/CTestTestfile.cmake \ |
| 46 | testprogs/CTestTestfile.cmake | 43 | testprogs/CTestTestfile.cmake |
| 47 | do | 44 | do |
| 48 | sed -i -e 's|${STAGING_BINDIR_TOOLCHAIN}/||' ${D}${libdir}/bpftrace/ptest/tests/$f | 45 | sed -i -e 's|${STAGING_BINDIR_TOOLCHAIN}/||' ${D}${libdir}/bpftrace/ptest/tests/$f |
| 49 | sed -i -e 's|${S}/||' ${D}${libdir}/bpftrace/ptest/tests/$f | 46 | sed -i -e 's|${S}/||' ${D}${libdir}/bpftrace/ptest/tests/$f |
| @@ -59,6 +56,8 @@ EXTRA_OECMAKE = " \ | |||
| 59 | -DBISON_FLAGS='--file-prefix-map=${WORKDIR}=' \ | 56 | -DBISON_FLAGS='--file-prefix-map=${WORKDIR}=' \ |
| 60 | " | 57 | " |
| 61 | 58 | ||
| 59 | RDEPENDS:${PN}-ptest += "bash bpftool python3" | ||
| 60 | |||
| 62 | COMPATIBLE_HOST = "(x86_64.*|aarch64.*|powerpc64.*|riscv64.*)-linux" | 61 | COMPATIBLE_HOST = "(x86_64.*|aarch64.*|powerpc64.*|riscv64.*)-linux" |
| 63 | 62 | ||
| 64 | INHIBIT_PACKAGE_STRIP_FILES += "\ | 63 | INHIBIT_PACKAGE_STRIP_FILES += "\ |
diff --git a/meta-oe/recipes-connectivity/ser2net/ser2net_4.6.6.bb b/meta-oe/recipes-connectivity/ser2net/ser2net_4.6.7.bb index 56ade35bc7..db442e41dc 100644 --- a/meta-oe/recipes-connectivity/ser2net/ser2net_4.6.6.bb +++ b/meta-oe/recipes-connectivity/ser2net/ser2net_4.6.7.bb | |||
| @@ -11,7 +11,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/project/ser2net/ser2net/ser2net-${PV}.tar.gz \ | |||
| 11 | file://ser2net.service \ | 11 | file://ser2net.service \ |
| 12 | " | 12 | " |
| 13 | 13 | ||
| 14 | SRC_URI[sha256sum] = "a468073c7bf8166c78c61d30bba487916dc4088e98f96e190b37ea8100a94fd4" | 14 | SRC_URI[sha256sum] = "6b921bc7efb1b9a8a78268d63332701902cc1c8dbac51842d46ede6ffb5fa2a4" |
| 15 | 15 | ||
| 16 | UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/ser2net/files/ser2net" | 16 | UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/ser2net/files/ser2net" |
| 17 | 17 | ||
diff --git a/meta-oe/recipes-dbs/mysql/mariadb-native_11.4.9.bb b/meta-oe/recipes-dbs/mysql/mariadb-native_11.4.10.bb index ff48dcd806..ff48dcd806 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb-native_11.4.9.bb +++ b/meta-oe/recipes-dbs/mysql/mariadb-native_11.4.10.bb | |||
diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc index 4fcb5a1e40..9470184d3d 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb.inc +++ b/meta-oe/recipes-dbs/mysql/mariadb.inc | |||
| @@ -23,12 +23,10 @@ SRC_URI = "https://archive.mariadb.org/${BP}/source/${BP}.tar.gz \ | |||
| 23 | file://lfs64.patch \ | 23 | file://lfs64.patch \ |
| 24 | file://0001-Add-missing-includes-cstdint-and-cstdio.patch \ | 24 | file://0001-Add-missing-includes-cstdint-and-cstdio.patch \ |
| 25 | file://riscv32.patch \ | 25 | file://riscv32.patch \ |
| 26 | file://0001-Remove-x86-specific-loop-in-my_convert.patch \ | ||
| 27 | file://0001-support-reproducible-builds.patch \ | 26 | file://0001-support-reproducible-builds.patch \ |
| 28 | file://0001-storage-mroonga-CMakeLists.txt-fix-reproducible-buil.patch \ | 27 | file://0001-storage-mroonga-CMakeLists.txt-fix-reproducible-buil.patch \ |
| 29 | file://0001-MDEV-38029-my_tzinfo-t-fails-for-certain-TZ-values-o.patch \ | ||
| 30 | " | 28 | " |
| 31 | SRC_URI[sha256sum] = "8e481ca29b5a740444d45451c8ea2d93711cf525d6fa5d27bc9512cf8973b075" | 29 | SRC_URI[sha256sum] = "14783ddc5edd966ff05aa0efd5ed6d3d369ed5b9e4080a448f00f87a9f0a4a6b" |
| 32 | 30 | ||
| 33 | UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/tags" | 31 | UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/tags" |
| 34 | 32 | ||
diff --git a/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-38029-my_tzinfo-t-fails-for-certain-TZ-values-o.patch b/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-38029-my_tzinfo-t-fails-for-certain-TZ-values-o.patch deleted file mode 100644 index f1e07e304a..0000000000 --- a/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-38029-my_tzinfo-t-fails-for-certain-TZ-values-o.patch +++ /dev/null | |||
| @@ -1,47 +0,0 @@ | |||
| 1 | From 61bc216ff9e1d0a8a7fafce57ba916018cd6ac6d Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Vladislav Vaintroub <vvaintroub@gmail.com> | ||
| 3 | Date: Wed, 19 Nov 2025 13:01:56 +0100 | ||
| 4 | Subject: [PATCH] MDEV-38029 my_tzinfo-t fails for certain TZ values on musl | ||
| 5 | |||
| 6 | From: Vladislav Vaintroub <vvaintroub@gmail.com> | ||
| 7 | |||
| 8 | The test fails for TZ values such as `PST8PDT` (present but outdated in | ||
| 9 | tzdb) and custom forms like `GST-1GDT`. On musl, these values do not | ||
| 10 | trigger the expected DST transitions, leading to incorrect DST offsets | ||
| 11 | or abbreviations. | ||
| 12 | |||
| 13 | This appears to be a musl libc bug; the same TZ values behave correctly | ||
| 14 | elsewhere, including Windows. We work around it by skipping the | ||
| 15 | affected tests when musl is detected. | ||
| 16 | |||
| 17 | Upstream-Status: Submitted [https://github.com/MariaDB/server/pull/4452] | ||
| 18 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 19 | --- | ||
| 20 | unittest/mysys/my_tzinfo-t.c | 14 ++++++++++++++ | ||
| 21 | 1 file changed, 14 insertions(+) | ||
| 22 | |||
| 23 | diff --git a/unittest/mysys/my_tzinfo-t.c b/unittest/mysys/my_tzinfo-t.c | ||
| 24 | index b38ebd37..585d52f8 100644 | ||
| 25 | --- a/unittest/mysys/my_tzinfo-t.c | ||
| 26 | +++ b/unittest/mysys/my_tzinfo-t.c | ||
| 27 | @@ -112,6 +112,20 @@ void test_timezone(const char *tz_env, const char **expected_tznames, | ||
| 28 | } | ||
| 29 | } | ||
| 30 | ok(found, "%s: timezone_name = %s", tz_env, timezone_name); | ||
| 31 | + | ||
| 32 | +#if defined __linux__ && !defined __GLIBC__ && !defined __UCLIBC__ | ||
| 33 | + /* | ||
| 34 | + MUSL incorrectly calculates UTC offsets and abbreviations | ||
| 35 | + for certain values of TZ (DST related). See MDEV-38029 | ||
| 36 | + Skip tests in this case. | ||
| 37 | + */ | ||
| 38 | + if (!strcmp(tz_env, "PST8PDT") || !strcmp(tz_env, "GST-1GDT")) | ||
| 39 | + { | ||
| 40 | + skip(6, "musl UTC offset/abbreviation bug, tzname %s, see MDEV-38029", tz_env); | ||
| 41 | + return; | ||
| 42 | + } | ||
| 43 | +#endif | ||
| 44 | + | ||
| 45 | my_tzinfo(SUMMER_TIMESTAMP, &tz); | ||
| 46 | ok(summer_gmt_off == tz.seconds_offset, "%s: Summer GMT offset %ld", tz_env, tz.seconds_offset); | ||
| 47 | check_utc_offset(SUMMER_TIMESTAMP,tz.seconds_offset, tz_env); | ||
diff --git a/meta-oe/recipes-dbs/mysql/mariadb/0001-Remove-x86-specific-loop-in-my_convert.patch b/meta-oe/recipes-dbs/mysql/mariadb/0001-Remove-x86-specific-loop-in-my_convert.patch deleted file mode 100644 index afcf4fe843..0000000000 --- a/meta-oe/recipes-dbs/mysql/mariadb/0001-Remove-x86-specific-loop-in-my_convert.patch +++ /dev/null | |||
| @@ -1,93 +0,0 @@ | |||
| 1 | From 79d2a95391abc133e86688696ae21628b7035b2d Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Zolt=C3=A1n=20B=C3=B6sz=C3=B6rm=C3=A9nyi?= | ||
| 3 | <zboszor@gmail.com> | ||
| 4 | Date: Wed, 1 Oct 2025 09:29:04 +0200 | ||
| 5 | Subject: [PATCH] Remove x86 specific loop in my_convert() | ||
| 6 | MIME-Version: 1.0 | ||
| 7 | Content-Type: text/plain; charset=UTF-8 | ||
| 8 | Content-Transfer-Encoding: 8bit | ||
| 9 | |||
| 10 | mysqldump/mariadb-dump crashes with this backtrace: | ||
| 11 | |||
| 12 | | (gdb) bt | ||
| 13 | | #0 my_convert (to=<optimized out>, to_length=160, to_cs=0x55b5740fbda0 <my_charset_utf8mb4_general_ci>, from=<optimized out>, from_length=40, | ||
| 14 | | from_cs=0x55b57408bda0 <my_charset_utf8mb3_unicode_ci>, errors=0x7f950c35cd6c) at /usr/src/debug/mariadb/11.8.3/strings/ctype.c:1256 | ||
| 15 | | #1 0x000055b572d9f4a0 in copy_and_convert (to=0x7f94fc00c9db "Configuratiogicate_log\020automagicate_log\017is_done_message\017is_done_message", | ||
| 16 | | to_length=<optimized out>, to_cs=<optimized out>, from=0x7f94fc059f37 "Configuration downloading from portal...", from_length=40, from_cs=<optimized out>, | ||
| 17 | | errors=0x7f950c35cd6c) at /usr/src/debug/mariadb/11.8.3/sql/sql_string.h:53 | ||
| 18 | | #2 Protocol::net_store_data_cs (this=0x7f94fc001260, from=0x7f94fc059f37 "Configuration downloading from portal...", length=40, from_cs=<optimized out>, | ||
| 19 | | to_cs=<optimized out>) at /usr/src/debug/mariadb/11.8.3/sql/protocol.cc:114 | ||
| 20 | | #3 0x000055b572da103f in Protocol::send_result_set_row (this=this@entry=0x7f94fc001260, row_items=row_items@entry=0x7f94fc013418) | ||
| 21 | | at /usr/src/debug/mariadb/11.8.3/sql/protocol.cc:1359 | ||
| 22 | | #4 0x000055b572e19442 in select_send::send_data (this=0x7f94fc014f78, items=...) at /usr/src/debug/mariadb/11.8.3/sql/sql_class.cc:3294 | ||
| 23 | | #5 0x000055b572ef7c69 in select_result_sink::send_data_with_check (u=<optimized out>, sent=<optimized out>, this=<optimized out>, items=...) | ||
| 24 | | at /usr/src/debug/mariadb/11.8.3/sql/sql_class.h:6264 | ||
| 25 | | #6 select_result_sink::send_data_with_check (this=<optimized out>, items=..., u=<optimized out>, sent=<optimized out>) | ||
| 26 | | at /usr/src/debug/mariadb/11.8.3/sql/sql_class.h:6254 | ||
| 27 | | #7 end_send (join=<optimized out>, join_tab=<optimized out>, end_of_records=<optimized out>) at /usr/src/debug/mariadb/11.8.3/sql/sql_select.cc:25629 | ||
| 28 | | #8 0x000055b572ec38b6 in evaluate_join_record (join=join@entry=0x7f94fc014fa0, join_tab=join_tab@entry=0x7f94fc016940, error=error@entry=0) | ||
| 29 | | at /usr/src/debug/mariadb/11.8.3/sql/sql_select.cc:24523 | ||
| 30 | | #9 0x000055b572edcbf2 in sub_select (join=0x7f94fc014fa0, join_tab=0x7f94fc016940, end_of_records=<optimized out>) | ||
| 31 | | at /usr/src/debug/mariadb/11.8.3/sql/sql_select.cc:24290 | ||
| 32 | | #10 0x000055b572f119c6 in do_select (join=0x7f94fc014fa0, procedure=<optimized out>) at /usr/src/debug/mariadb/11.8.3/sql/sql_select.cc:23801 | ||
| 33 | | #11 JOIN::exec_inner (this=this@entry=0x7f94fc014fa0) at /usr/src/debug/mariadb/11.8.3/sql/sql_select.cc:5071 | ||
| 34 | | #12 0x000055b572f11d43 in JOIN::exec (this=this@entry=0x7f94fc014fa0) at /usr/src/debug/mariadb/11.8.3/sql/sql_select.cc:4859 | ||
| 35 | | #13 0x000055b572f0ffe6 in mysql_select (thd=thd@entry=0x7f94fc000cd8, tables=0x7f94fc013f38, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, | ||
| 36 | | proc_param=0x0, select_options=551922436864, result=0x7f94fc014f78, unit=0x7f94fc005038, select_lex=0x7f94fc013160) | ||
| 37 | | at /usr/src/debug/mariadb/11.8.3/sql/sql_select.cc:5387 | ||
| 38 | | #14 0x000055b572f107dd in handle_select (thd=thd@entry=0x7f94fc000cd8, lex=lex@entry=0x7f94fc004f58, result=result@entry=0x7f94fc014f78, | ||
| 39 | | setup_tables_done_option=setup_tables_done_option@entry=0) at /usr/src/debug/mariadb/11.8.3/sql/sql_select.cc:633 | ||
| 40 | | #15 0x000055b572e77d9e in execute_sqlcom_select (thd=thd@entry=0x7f94fc000cd8, all_tables=0x7f94fc013f38) at /usr/src/debug/mariadb/11.8.3/sql/sql_parse.cc:6190 | ||
| 41 | | #16 0x000055b572e877be in mysql_execute_command (thd=thd@entry=0x7f94fc000cd8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) | ||
| 42 | | at /usr/src/debug/mariadb/11.8.3/sql/sql_parse.cc:3975 | ||
| 43 | | #17 0x000055b572e88e03 in mysql_parse (thd=0x7f94fc000cd8, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) | ||
| 44 | | at /usr/src/debug/mariadb/11.8.3/sql/sql_parse.cc:7905 | ||
| 45 | | #18 0x000055b572e8b2a1 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f94fc000cd8, packet=packet@entry=0x7f94fc0088a9 "", | ||
| 46 | | packet_length=packet_length@entry=152, blocking=blocking@entry=true) at /usr/src/debug/mariadb/11.8.3/sql/sql_parse.cc:1903 | ||
| 47 | | #19 0x000055b572e8cf7c in do_command (thd=thd@entry=0x7f94fc000cd8, blocking=blocking@entry=true) at /usr/src/debug/mariadb/11.8.3/sql/sql_parse.cc:1416 | ||
| 48 | | #20 0x000055b572fcfc0d in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /usr/src/debug/mariadb/11.8.3/sql/sql_connect.cc:1415 | ||
| 49 | | #21 0x000055b572fcffc5 in handle_one_connection (arg=arg@entry=0x55b57943cbd8) at /usr/src/debug/mariadb/11.8.3/sql/sql_connect.cc:1327 | ||
| 50 | | #22 0x000055b573382440 in pfs_spawn_thread (arg=0x55b5795eb598) at /usr/src/debug/mariadb/11.8.3/storage/perfschema/pfs.cc:2198 | ||
| 51 | | #23 0x00007f952e8571dd in start_thread (arg=<optimized out>) at pthread_create.c:448 | ||
| 52 | | #24 0x00007f952e8d318c in __GI___clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78 | ||
| 53 | |||
| 54 | See also: | ||
| 55 | https://jira.mariadb.org/browse/MDEV-37786 | ||
| 56 | https://jira.mariadb.org/browse/MDEV-37148 | ||
| 57 | |||
| 58 | Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> | ||
| 59 | Upstream-Status: Inappropriate [oe specific] | ||
| 60 | --- | ||
| 61 | strings/ctype.c | 16 ---------------- | ||
| 62 | 1 file changed, 16 deletions(-) | ||
| 63 | |||
| 64 | diff --git a/strings/ctype.c b/strings/ctype.c | ||
| 65 | index 629514e5e9c..d7e788c693b 100644 | ||
| 66 | --- a/strings/ctype.c | ||
| 67 | +++ b/strings/ctype.c | ||
| 68 | @@ -1243,22 +1243,6 @@ my_convert(char *to, uint32 to_length, CHARSET_INFO *to_cs, | ||
| 69 | |||
| 70 | length= length2= MY_MIN(to_length, from_length); | ||
| 71 | |||
| 72 | -#if defined(__i386__) || defined(__x86_64__) | ||
| 73 | - /* | ||
| 74 | - Special loop for i386, it allows to refer to a | ||
| 75 | - non-aligned memory block as UINT32, which makes | ||
| 76 | - it possible to copy four bytes at once. This | ||
| 77 | - gives about 10% performance improvement comparing | ||
| 78 | - to byte-by-byte loop. | ||
| 79 | - */ | ||
| 80 | - for ( ; length >= 4; length-= 4, from+= 4, to+= 4) | ||
| 81 | - { | ||
| 82 | - if ((*(uint32*)from) & 0x80808080) | ||
| 83 | - break; | ||
| 84 | - *((uint32*) to)= *((const uint32*) from); | ||
| 85 | - } | ||
| 86 | -#endif /* __i386__ */ | ||
| 87 | - | ||
| 88 | for (; ; *to++= *from++, length--) | ||
| 89 | { | ||
| 90 | if (!length) | ||
| 91 | -- | ||
| 92 | 2.51.0 | ||
| 93 | |||
diff --git a/meta-oe/recipes-dbs/mysql/mariadb_11.4.9.bb b/meta-oe/recipes-dbs/mysql/mariadb_11.4.10.bb index b1d1355e2b..b1d1355e2b 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb_11.4.9.bb +++ b/meta-oe/recipes-dbs/mysql/mariadb_11.4.10.bb | |||
diff --git a/meta-oe/recipes-devtools/capnproto/capnproto/CVE-2026-32239_CVE-2026-32240.patch b/meta-oe/recipes-devtools/capnproto/capnproto/CVE-2026-32239_CVE-2026-32240.patch new file mode 100644 index 0000000000..803a0d55ad --- /dev/null +++ b/meta-oe/recipes-devtools/capnproto/capnproto/CVE-2026-32239_CVE-2026-32240.patch | |||
| @@ -0,0 +1,160 @@ | |||
| 1 | From 0e77b95c0829c83a31be5e219aee2a4e3f9895a7 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Kenton Varda <kenton@cloudflare.com> | ||
| 3 | Date: Tue, 10 Mar 2026 18:16:14 -0500 | ||
| 4 | Subject: [PATCH] Fix HTTP body size integer overflow bugs. | ||
| 5 | |||
| 6 | The KJ-HTTP library was discovered to have two bugs related to integer overflows while handling message body sizes: | ||
| 7 | 1. A negative `Content-Length` value was converted to unsigned, treating it as an impossibly large length instead. | ||
| 8 | 2. When using `Transfer-Encoding: chunked`, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. | ||
| 9 | |||
| 10 | In theory, these bugs could enable HTTP request/response smuggling, although it would require integration with a proxy that has bugs of its own. | ||
| 11 | |||
| 12 | For more details, see (in a future commit): security-advisories/2026-03-10-1-http-size-validation.md | ||
| 13 | |||
| 14 | CVE: CVE-2026-32239 CVE-2026-32240 | ||
| 15 | Upstream-Status: Backport [https://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36] | ||
| 16 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 17 | --- | ||
| 18 | c++/src/kj/compat/http-test.c++ | 64 +++++++++++++++++++++++++++++++++ | ||
| 19 | c++/src/kj/compat/http.c++ | 28 +++++++++++---- | ||
| 20 | 2 files changed, 86 insertions(+), 6 deletions(-) | ||
| 21 | |||
| 22 | diff --git a/c++/src/kj/compat/http-test.c++ b/c++/src/kj/compat/http-test.c++ | ||
| 23 | index f10ff8d1..daf08992 100644 | ||
| 24 | --- a/c++/src/kj/compat/http-test.c++ | ||
| 25 | +++ b/c++/src/kj/compat/http-test.c++ | ||
| 26 | @@ -4038,6 +4038,70 @@ KJ_TEST("HttpServer invalid method") { | ||
| 27 | KJ_EXPECT(expectedResponse == response, expectedResponse, response); | ||
| 28 | } | ||
| 29 | |||
| 30 | +KJ_TEST("HttpServer rejects negative Content-Length") { | ||
| 31 | + KJ_HTTP_TEST_SETUP_IO; | ||
| 32 | + kj::TimerImpl timer(kj::origin<kj::TimePoint>()); | ||
| 33 | + auto pipe = KJ_HTTP_TEST_CREATE_2PIPE; | ||
| 34 | + | ||
| 35 | + HttpHeaderTable table; | ||
| 36 | + BrokenHttpService service; | ||
| 37 | + HttpServer server(timer, table, service, { | ||
| 38 | + .canceledUploadGraceBytes = 1024 * 1024, | ||
| 39 | + }); | ||
| 40 | + | ||
| 41 | + auto listenTask = server.listenHttp(kj::mv(pipe.ends[0])); | ||
| 42 | + | ||
| 43 | + auto msg = | ||
| 44 | + "POST / HTTP/1.1\r\n" | ||
| 45 | + "Content-Length: -1\r\n" | ||
| 46 | + "\r\n" | ||
| 47 | + "foo"_kj.asBytes(); | ||
| 48 | + | ||
| 49 | + auto writePromise = pipe.ends[1]->write(msg.begin(), msg.size()); | ||
| 50 | + auto response = pipe.ends[1]->readAllText().wait(waitScope); | ||
| 51 | + | ||
| 52 | + // The server should reject the negative Content-Length. The KJ_FAIL_REQUIRE in getEntityBody() | ||
| 53 | + // gets caught by the server loop and turned into a 500 error. | ||
| 54 | + KJ_EXPECT(response.startsWith("HTTP/1.1 500 Internal Server Error"), response); | ||
| 55 | + | ||
| 56 | + KJ_EXPECT(writePromise.poll(waitScope)); | ||
| 57 | + writePromise.catch_([](kj::Exception&&) {}).wait(waitScope); | ||
| 58 | +} | ||
| 59 | + | ||
| 60 | +KJ_TEST("HttpServer rejects chunked body with overflowing chunk size") { | ||
| 61 | + KJ_HTTP_TEST_SETUP_IO; | ||
| 62 | + kj::TimerImpl timer(kj::origin<kj::TimePoint>()); | ||
| 63 | + auto pipe = KJ_HTTP_TEST_CREATE_2PIPE; | ||
| 64 | + | ||
| 65 | + HttpHeaderTable table; | ||
| 66 | + BrokenHttpService service; | ||
| 67 | + HttpServer server(timer, table, service, { | ||
| 68 | + .canceledUploadGraceBytes = 1024 * 1024, | ||
| 69 | + }); | ||
| 70 | + | ||
| 71 | + auto listenTask = server.listenHttp(kj::mv(pipe.ends[0])); | ||
| 72 | + | ||
| 73 | + // 17 hex digits: 0x10000000000000000 = 2^64, which overflows uint64_t. | ||
| 74 | + auto msg = | ||
| 75 | + "POST / HTTP/1.1\r\n" | ||
| 76 | + "Transfer-Encoding: chunked\r\n" | ||
| 77 | + "\r\n" | ||
| 78 | + "10000000000000000\r\n" | ||
| 79 | + "x\r\n" | ||
| 80 | + "0\r\n" | ||
| 81 | + "\r\n"_kj.asBytes(); | ||
| 82 | + | ||
| 83 | + auto writePromise = pipe.ends[1]->write(msg.begin(), msg.size()); | ||
| 84 | + auto response = pipe.ends[1]->readAllText().wait(waitScope); | ||
| 85 | + | ||
| 86 | + // The chunk size overflow causes a KJ_REQUIRE failure during body reading, which the server | ||
| 87 | + // catches and turns into a 500 error. | ||
| 88 | + KJ_EXPECT(response.startsWith("HTTP/1.1 500 Internal Server Error"), response); | ||
| 89 | + | ||
| 90 | + KJ_EXPECT(writePromise.poll(waitScope)); | ||
| 91 | + writePromise.catch_([](kj::Exception&&) {}).wait(waitScope); | ||
| 92 | +} | ||
| 93 | + | ||
| 94 | // Ensure that HttpServerSettings can continue to be constexpr. | ||
| 95 | KJ_UNUSED static constexpr HttpServerSettings STATIC_CONSTEXPR_SETTINGS {}; | ||
| 96 | |||
| 97 | diff --git a/c++/src/kj/compat/http.c++ b/c++/src/kj/compat/http.c++ | ||
| 98 | index aae47ad1..da705e66 100644 | ||
| 99 | --- a/c++/src/kj/compat/http.c++ | ||
| 100 | +++ b/c++/src/kj/compat/http.c++ | ||
| 101 | @@ -1406,16 +1406,20 @@ public: | ||
| 102 | |||
| 103 | uint64_t value = 0; | ||
| 104 | for (char c: text) { | ||
| 105 | + uint64_t digit; | ||
| 106 | if ('0' <= c && c <= '9') { | ||
| 107 | - value = value * 16 + (c - '0'); | ||
| 108 | + digit = c - '0'; | ||
| 109 | } else if ('a' <= c && c <= 'f') { | ||
| 110 | - value = value * 16 + (c - 'a' + 10); | ||
| 111 | + digit = c - 'a' + 10; | ||
| 112 | } else if ('A' <= c && c <= 'F') { | ||
| 113 | - value = value * 16 + (c - 'A' + 10); | ||
| 114 | + digit = c - 'A' + 10; | ||
| 115 | } else { | ||
| 116 | KJ_FAIL_REQUIRE("invalid HTTP chunk size", text, text.asBytes()) { break; } | ||
| 117 | return value; | ||
| 118 | } | ||
| 119 | + KJ_REQUIRE(value <= (uint64_t(kj::maxValue) >> 4), | ||
| 120 | + "HTTP chunk size overflow", text, text.asBytes()) { break; } | ||
| 121 | + value = value * 16 + digit; | ||
| 122 | } | ||
| 123 | |||
| 124 | return value; | ||
| 125 | @@ -1942,7 +1946,15 @@ kj::Own<kj::AsyncInputStream> HttpInputStreamImpl::getEntityBody( | ||
| 126 | // Body elided. | ||
| 127 | kj::Maybe<uint64_t> length; | ||
| 128 | KJ_IF_MAYBE(cl, headers.get(HttpHeaderId::CONTENT_LENGTH)) { | ||
| 129 | - length = strtoull(cl->cStr(), nullptr, 10); | ||
| 130 | + // Validate that the Content-Length is a non-negative integer. Note that strtoull() accepts | ||
| 131 | + // leading '-' signs and silently converts negative values to large unsigned values, so we | ||
| 132 | + // must explicitly check for a leading digit. | ||
| 133 | + char* end; | ||
| 134 | + uint64_t parsedValue = strtoull(cl->cStr(), &end, 10); | ||
| 135 | + if ((*cl)[0] >= '0' && (*cl)[0] <= '9' && end > cl->begin() && *end == '\0') { | ||
| 136 | + length = parsedValue; | ||
| 137 | + } | ||
| 138 | + // If invalid, we just leave `length` as nullptr, since the body is elided anyway. | ||
| 139 | } else if (headers.get(HttpHeaderId::TRANSFER_ENCODING) == nullptr) { | ||
| 140 | // HACK: Neither Content-Length nor Transfer-Encoding header in response to HEAD | ||
| 141 | // request. Propagate this fact with a 0 expected body length. | ||
| 142 | @@ -1991,12 +2003,16 @@ kj::Own<kj::AsyncInputStream> HttpInputStreamImpl::getEntityBody( | ||
| 143 | // "Content-Length: 5, 5, 5". Hopefully no one actually does that... | ||
| 144 | char* end; | ||
| 145 | uint64_t length = strtoull(cl->cStr(), &end, 10); | ||
| 146 | - if (end > cl->begin() && *end == '\0') { | ||
| 147 | + // Note that strtoull() accepts leading '-' signs and silently converts negative values to | ||
| 148 | + // large unsigned values, so we must explicitly check for a leading digit. | ||
| 149 | + if ((*cl)[0] >= '0' && (*cl)[0] <= '9' && end > cl->begin() && *end == '\0') { | ||
| 150 | // #5 | ||
| 151 | return kj::heap<HttpFixedLengthEntityReader>(*this, length); | ||
| 152 | } else { | ||
| 153 | // #4 (bad content-length) | ||
| 154 | - KJ_FAIL_REQUIRE("invalid Content-Length header value", *cl); | ||
| 155 | + KJ_FAIL_REQUIRE("invalid Content-Length header value", *cl) { break; } | ||
| 156 | + // To pass the -fno-exceptions test (but KJ-HTTP is really not safe to use in that mode). | ||
| 157 | + return kj::heap<HttpNullEntityReader>(*this, uint64_t(0)); | ||
| 158 | } | ||
| 159 | } | ||
| 160 | |||
diff --git a/meta-oe/recipes-devtools/capnproto/capnproto_1.0.2.bb b/meta-oe/recipes-devtools/capnproto/capnproto_1.0.2.bb index 0ea243fd20..22c4b7cd0a 100644 --- a/meta-oe/recipes-devtools/capnproto/capnproto_1.0.2.bb +++ b/meta-oe/recipes-devtools/capnproto/capnproto_1.0.2.bb | |||
| @@ -6,7 +6,9 @@ LICENSE = "MIT" | |||
| 6 | LIC_FILES_CHKSUM = "file://../LICENSE;md5=a05663ae6cca874123bf667a60dca8c9" | 6 | LIC_FILES_CHKSUM = "file://../LICENSE;md5=a05663ae6cca874123bf667a60dca8c9" |
| 7 | 7 | ||
| 8 | SRC_URI = "git://github.com/sandstorm-io/capnproto.git;branch=release-${PV};protocol=https \ | 8 | SRC_URI = "git://github.com/sandstorm-io/capnproto.git;branch=release-${PV};protocol=https \ |
| 9 | file://0001-Export-binaries-only-for-native-build.patch" | 9 | file://0001-Export-binaries-only-for-native-build.patch \ |
| 10 | file://CVE-2026-32239_CVE-2026-32240.patch;patchdir=.. \ | ||
| 11 | " | ||
| 10 | SRCREV = "1a0e12c0a3ba1f0dbbad45ddfef555166e0a14fc" | 12 | SRCREV = "1a0e12c0a3ba1f0dbbad45ddfef555166e0a14fc" |
| 11 | 13 | ||
| 12 | S = "${UNPACKDIR}/${BP}/c++" | 14 | S = "${UNPACKDIR}/${BP}/c++" |
diff --git a/meta-oe/recipes-devtools/php/php_8.4.18.bb b/meta-oe/recipes-devtools/php/php_8.4.19.bb index a9be742317..4a5a5fa5b8 100644 --- a/meta-oe/recipes-devtools/php/php_8.4.18.bb +++ b/meta-oe/recipes-devtools/php/php_8.4.19.bb | |||
| @@ -32,7 +32,7 @@ UPSTREAM_CHECK_REGEX = "releases/tag/php-(?P<pver>\d+(\.\d+)+)" | |||
| 32 | 32 | ||
| 33 | S = "${UNPACKDIR}/php-${PV}" | 33 | S = "${UNPACKDIR}/php-${PV}" |
| 34 | 34 | ||
| 35 | SRC_URI[sha256sum] = "586b32d92cebcfbca495c5f6ad1a33640553d0a9c0bfd2e6715334d959cf9858" | 35 | SRC_URI[sha256sum] = "bceb7798ed37b442fe523ae7ef345ccc2231db0b022d30735c2e378d3254a0d4" |
| 36 | 36 | ||
| 37 | CVE_STATUS_GROUPS += "CVE_STATUS_PHP" | 37 | CVE_STATUS_GROUPS += "CVE_STATUS_PHP" |
| 38 | CVE_STATUS_PHP[status] = "fixed-version: The name of this product is exactly the same as github.com/emlog/emlog. CVE can be safely ignored." | 38 | CVE_STATUS_PHP[status] = "fixed-version: The name of this product is exactly the same as github.com/emlog/emlog. CVE can be safely ignored." |
diff --git a/meta-oe/recipes-graphics/jasper/jasper_4.2.8.bb b/meta-oe/recipes-graphics/jasper/jasper_4.2.9.bb index e00b56ddbf..b48fff7081 100644 --- a/meta-oe/recipes-graphics/jasper/jasper_4.2.8.bb +++ b/meta-oe/recipes-graphics/jasper/jasper_4.2.9.bb | |||
| @@ -4,7 +4,7 @@ LICENSE = "MIT" | |||
| 4 | LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a80440d1d8f17d041c71c7271d6e06eb" | 4 | LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a80440d1d8f17d041c71c7271d6e06eb" |
| 5 | 5 | ||
| 6 | SRC_URI = "https://github.com/jasper-software/${BPN}/releases/download/version-${PV}/${BP}.tar.gz" | 6 | SRC_URI = "https://github.com/jasper-software/${BPN}/releases/download/version-${PV}/${BP}.tar.gz" |
| 7 | SRC_URI[sha256sum] = "98058a94fbff57ec6e31dcaec37290589de0ba6f47c966f92654681a56c71fae" | 7 | SRC_URI[sha256sum] = "f71cf643937a5fcaedcfeb30a22ba406912948ad4413148214df280afc425454" |
| 8 | 8 | ||
| 9 | UPSTREAM_CHECK_URI = "https://github.com/jasper-software/jasper/releases" | 9 | UPSTREAM_CHECK_URI = "https://github.com/jasper-software/jasper/releases" |
| 10 | UPSTREAM_CHECK_REGEX = "releases/tag/version-(?P<pver>\d+(\.\d+)+)" | 10 | UPSTREAM_CHECK_REGEX = "releases/tag/version-(?P<pver>\d+(\.\d+)+)" |
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884-1.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884-1.patch new file mode 100644 index 0000000000..a2b41adcef --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884-1.patch | |||
| @@ -0,0 +1,69 @@ | |||
| 1 | From 237f63c2abcd6c346bf5d27044ab76f5388bb4e8 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Kevin Backhouse <kevinbackhouse@github.com> | ||
| 3 | Date: Sat, 7 Feb 2026 22:50:46 +0000 | ||
| 4 | Subject: [PATCH] Regression test for | ||
| 5 | https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp | ||
| 6 | |||
| 7 | CVE: CVE-2026-25884 | ||
| 8 | Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/191138fef73f331de1311e735d8e6359a36fa786] | ||
| 9 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 10 | --- | ||
| 11 | test/data/issue_ghsa_9mxq_4j5g_5wrp.crw | Bin 0 -> 74 bytes | ||
| 12 | .../github/test_issue_ghsa_9mxq_4j5g_5wrp.py | 24 ++++++++++++++++++ | ||
| 13 | .../test_regression_allfiles.py | 1 + | ||
| 14 | 3 files changed, 25 insertions(+) | ||
| 15 | create mode 100644 test/data/issue_ghsa_9mxq_4j5g_5wrp.crw | ||
| 16 | create mode 100644 tests/bugfixes/github/test_issue_ghsa_9mxq_4j5g_5wrp.py | ||
| 17 | |||
| 18 | diff --git a/test/data/issue_ghsa_9mxq_4j5g_5wrp.crw b/test/data/issue_ghsa_9mxq_4j5g_5wrp.crw | ||
| 19 | new file mode 100644 | ||
| 20 | index 0000000000000000000000000000000000000000..816af2663b3ec93d0d4de4755a02b5d0f5d09640 | ||
| 21 | GIT binary patch | ||
| 22 | literal 74 | ||
| 23 | zcmebDRA69W@NjhuaCUYH`mcZv7#X+>WPvJpfmnfwK>?&13|Kip6i5oF1;hjZi0B7h | ||
| 24 | |||
| 25 | literal 0 | ||
| 26 | HcmV?d00001 | ||
| 27 | |||
| 28 | diff --git a/tests/bugfixes/github/test_issue_ghsa_9mxq_4j5g_5wrp.py b/tests/bugfixes/github/test_issue_ghsa_9mxq_4j5g_5wrp.py | ||
| 29 | new file mode 100644 | ||
| 30 | index 000000000..199328f25 | ||
| 31 | --- /dev/null | ||
| 32 | +++ b/tests/bugfixes/github/test_issue_ghsa_9mxq_4j5g_5wrp.py | ||
| 33 | @@ -0,0 +1,24 @@ | ||
| 34 | +# -*- coding: utf-8 -*- | ||
| 35 | + | ||
| 36 | +from system_tests import CaseMeta, CopyTmpFiles, path | ||
| 37 | + | ||
| 38 | + | ||
| 39 | +class CrwMap_decode0x0805_OutOfBoundsRead(metaclass=CaseMeta): | ||
| 40 | + """ | ||
| 41 | + Regression test for the bug described in: | ||
| 42 | + https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp | ||
| 43 | + """ | ||
| 44 | + | ||
| 45 | + url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp" | ||
| 46 | + | ||
| 47 | + filename = path("$data_path/issue_ghsa_9mxq_4j5g_5wrp.crw") | ||
| 48 | + commands = ["$exiv2 $filename"] | ||
| 49 | + stdout = ["""File name : $filename | ||
| 50 | +File size : 74 Bytes | ||
| 51 | +MIME type : image/x-canon-crw | ||
| 52 | +Image size : 0 x 0 | ||
| 53 | +""" | ||
| 54 | +] | ||
| 55 | + stderr = ["""$filename: No Exif data found in the file | ||
| 56 | +"""] | ||
| 57 | + retval = [253] | ||
| 58 | diff --git a/tests/regression_tests/test_regression_allfiles.py b/tests/regression_tests/test_regression_allfiles.py | ||
| 59 | index d1bec2ed3..87caa9798 100644 | ||
| 60 | --- a/tests/regression_tests/test_regression_allfiles.py | ||
| 61 | +++ b/tests/regression_tests/test_regression_allfiles.py | ||
| 62 | @@ -122,6 +122,7 @@ def get_valid_files(data_dir): | ||
| 63 | "issue_ghsa_g9xm_7538_mq8w_poc.mov", | ||
| 64 | "issue_ghsa_38h4_fx85_qcx7_poc.tiff", | ||
| 65 | "issue_ghsa_496f_x7cq_cq39_poc.jpg", | ||
| 66 | + "issue_ghsa_9mxq_4j5g_5wrp.crw", | ||
| 67 | "pocIssue283.jpg", | ||
| 68 | "poc_1522.jp2", | ||
| 69 | "xmpsdk.xmp", | ||
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884-2.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884-2.patch new file mode 100644 index 0000000000..b461e09c71 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884-2.patch | |||
| @@ -0,0 +1,25 @@ | |||
| 1 | From 5c5ab83247997396b8a7de8e4425a1a04db01c14 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Kevin Backhouse <kevinbackhouse@github.com> | ||
| 3 | Date: Sat, 31 Jan 2026 15:31:55 +0000 | ||
| 4 | Subject: [PATCH] Fix out-of-bounds read. | ||
| 5 | |||
| 6 | CVE: CVE-2026-25884 | ||
| 7 | Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/5b8f1f4d92b8f27a5a80e0c3d3eb9dce7620d9f1] | ||
| 8 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 9 | --- | ||
| 10 | src/crwimage_int.cpp | 2 +- | ||
| 11 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 12 | |||
| 13 | diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp | ||
| 14 | index 9e2c1c6a4..1d2378a61 100644 | ||
| 15 | --- a/src/crwimage_int.cpp | ||
| 16 | +++ b/src/crwimage_int.cpp | ||
| 17 | @@ -646,7 +646,7 @@ const CrwMapping* CrwMap::crwMapping(uint16_t crwDir, uint16_t crwTagId) { | ||
| 18 | |||
| 19 | void CrwMap::decode0x0805(const CiffComponent& ciffComponent, const CrwMapping* /*pCrwMapping*/, Image& image, | ||
| 20 | ByteOrder /*byteOrder*/) { | ||
| 21 | - std::string s(reinterpret_cast<const char*>(ciffComponent.pData())); | ||
| 22 | + auto s = std::string(reinterpret_cast<const char*>(ciffComponent.pData()), ciffComponent.size()); | ||
| 23 | image.setComment(s); | ||
| 24 | } // CrwMap::decode0x0805 | ||
| 25 | |||
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27596-1.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27596-1.patch new file mode 100644 index 0000000000..9f99937a71 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27596-1.patch | |||
| @@ -0,0 +1,71 @@ | |||
| 1 | From f42720d294852c3372fb34c328859e7442128b04 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Kevin Backhouse <kevinbackhouse@github.com> | ||
| 3 | Date: Thu, 26 Feb 2026 20:44:18 +0000 | ||
| 4 | Subject: [PATCH] Regression test for | ||
| 5 | https://github.com/Exiv2/exiv2/issues/3511 | ||
| 6 | |||
| 7 | CVE: CVE-2026-27596 | ||
| 8 | Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/fe0d0154ab2886feb503e6cfd38c3b6d5722921f] | ||
| 9 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 10 | --- | ||
| 11 | test/data/issue_3511_poc.eps | 13 +++++++++++++ | ||
| 12 | tests/bugfixes/github/test_issue_3511.py | 17 +++++++++++++++++ | ||
| 13 | .../test_regression_allfiles.py | 1 + | ||
| 14 | 3 files changed, 31 insertions(+) | ||
| 15 | create mode 100644 test/data/issue_3511_poc.eps | ||
| 16 | create mode 100644 tests/bugfixes/github/test_issue_3511.py | ||
| 17 | |||
| 18 | diff --git a/test/data/issue_3511_poc.eps b/test/data/issue_3511_poc.eps | ||
| 19 | new file mode 100644 | ||
| 20 | index 000000000..4d403cc51 | ||
| 21 | --- /dev/null | ||
| 22 | +++ b/test/data/issue_3511_poc.eps | ||
| 23 | @@ -0,0 +1,13 @@ | ||
| 24 | +%!PS-Adobe-3.0 EPSF-3.0 | ||
| 25 | +%%BoundingBox: 0 0 100 100 | ||
| 26 | +%%EndComments | ||
| 27 | +%%BeginProlog | ||
| 28 | +%%EndProlog | ||
| 29 | +%%Page: 1 1 | ||
| 30 | +%%BeginPageSetup | ||
| 31 | +%%EndPageSetup | ||
| 32 | +%BeginPhotoshop: 16 | ||
| 33 | +3842494D040C00000000000441424344 | ||
| 34 | +%EndPhotoshop | ||
| 35 | +%%PageTrailer | ||
| 36 | +%%EOF | ||
| 37 | diff --git a/tests/bugfixes/github/test_issue_3511.py b/tests/bugfixes/github/test_issue_3511.py | ||
| 38 | new file mode 100644 | ||
| 39 | index 000000000..1825550a1 | ||
| 40 | --- /dev/null | ||
| 41 | +++ b/tests/bugfixes/github/test_issue_3511.py | ||
| 42 | @@ -0,0 +1,17 @@ | ||
| 43 | +# -*- coding: utf-8 -*- | ||
| 44 | + | ||
| 45 | +import system_tests | ||
| 46 | + | ||
| 47 | + | ||
| 48 | +class test_issue_3511_sigma_LoaderNative_getData(metaclass=system_tests.CaseMeta): | ||
| 49 | + url = "https://github.com/Exiv2/exiv2/issues/3511" | ||
| 50 | + | ||
| 51 | + filename = "$data_path/issue_3511_poc.eps" | ||
| 52 | + commands = ["$exiv2 -pp $filename"] | ||
| 53 | + retval = [1] | ||
| 54 | + stderr = [ | ||
| 55 | + """$exiv2_exception_message $filename: | ||
| 56 | +$kerCorruptedMetadata | ||
| 57 | +""" | ||
| 58 | + ] | ||
| 59 | + stdout = [""] | ||
| 60 | diff --git a/tests/regression_tests/test_regression_allfiles.py b/tests/regression_tests/test_regression_allfiles.py | ||
| 61 | index 87caa9798..6a230e6fc 100644 | ||
| 62 | --- a/tests/regression_tests/test_regression_allfiles.py | ||
| 63 | +++ b/tests/regression_tests/test_regression_allfiles.py | ||
| 64 | @@ -126,6 +126,7 @@ def get_valid_files(data_dir): | ||
| 65 | "pocIssue283.jpg", | ||
| 66 | "poc_1522.jp2", | ||
| 67 | "xmpsdk.xmp", | ||
| 68 | + "issue_3511_poc.eps", | ||
| 69 | # large file that creates 11Mb of output so let's exclude it | ||
| 70 | "ReaganLargeTiff.tiff", | ||
| 71 | # files that don't create any output | ||
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27596-2.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27596-2.patch new file mode 100644 index 0000000000..0cabc1ec55 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27596-2.patch | |||
| @@ -0,0 +1,24 @@ | |||
| 1 | From 8e017375e1cf8b1e5a0c37951152fc7f4c2b3409 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Kevin Backhouse <kevinbackhouse@github.com> | ||
| 3 | Date: Thu, 26 Feb 2026 20:44:54 +0000 | ||
| 4 | Subject: [PATCH] Check for integer overflow. | ||
| 5 | |||
| 6 | CVE: CVE-2026-27596 | ||
| 7 | Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/2cb728a850b4aa048a683711906d716c5f9a32ac] | ||
| 8 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 9 | --- | ||
| 10 | src/preview.cpp | 1 + | ||
| 11 | 1 file changed, 1 insertion(+) | ||
| 12 | |||
| 13 | diff --git a/src/preview.cpp b/src/preview.cpp | ||
| 14 | index 993c3b749..90f60146f 100644 | ||
| 15 | --- a/src/preview.cpp | ||
| 16 | +++ b/src/preview.cpp | ||
| 17 | @@ -422,6 +422,7 @@ DataBuf LoaderNative::getData() const { | ||
| 18 | #endif | ||
| 19 | return {}; | ||
| 20 | } | ||
| 21 | + Internal::enforce(sizeData >= 28, ErrorCode::kerCorruptedMetadata); | ||
| 22 | return {record + sizeHdr + 28, sizeData - 28}; | ||
| 23 | } | ||
| 24 | throw Error(ErrorCode::kerErrorMessage, "Invalid native preview filter: " + nativePreview_.filter_); | ||
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27631-1.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27631-1.patch new file mode 100644 index 0000000000..0f85053091 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27631-1.patch | |||
| @@ -0,0 +1,63 @@ | |||
| 1 | From 7a93f203cd72a895b26bb633d51b2448a0f629a3 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Kevin Backhouse <kevinbackhouse@github.com> | ||
| 3 | Date: Thu, 26 Feb 2026 21:14:10 +0000 | ||
| 4 | Subject: [PATCH] Regression test for | ||
| 5 | https://github.com/Exiv2/exiv2/issues/3513 | ||
| 6 | |||
| 7 | CVE: CVE-2026-27631 | ||
| 8 | Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/7adedce8c779e9c7bce843cbaf9eff26bc1659b6] | ||
| 9 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 10 | --- | ||
| 11 | test/data/issue_3513_poc.psd | Bin 0 -> 206 bytes | ||
| 12 | tests/bugfixes/github/test_issue_3513.py | 17 +++++++++++++++++ | ||
| 13 | .../test_regression_allfiles.py | 1 + | ||
| 14 | 3 files changed, 18 insertions(+) | ||
| 15 | create mode 100644 test/data/issue_3513_poc.psd | ||
| 16 | create mode 100644 tests/bugfixes/github/test_issue_3513.py | ||
| 17 | |||
| 18 | diff --git a/test/data/issue_3513_poc.psd b/test/data/issue_3513_poc.psd | ||
| 19 | new file mode 100644 | ||
| 20 | index 0000000000000000000000000000000000000000..b8cf982ccc29e4574783b1317347a8494bce4240 | ||
| 21 | GIT binary patch | ||
| 22 | literal 206 | ||
| 23 | zcmcC;3J7LkWXND(VPIfj2I6QSp2oldW&@cF4i-+HzAOnKCIbVQ%?V)xNk#^S{{sU! | ||
| 24 | VK$eS7U=ZX2Ii>-KnHh{ttN=+HebfK| | ||
| 25 | |||
| 26 | literal 0 | ||
| 27 | HcmV?d00001 | ||
| 28 | |||
| 29 | diff --git a/tests/bugfixes/github/test_issue_3513.py b/tests/bugfixes/github/test_issue_3513.py | ||
| 30 | new file mode 100644 | ||
| 31 | index 000000000..5383470e4 | ||
| 32 | --- /dev/null | ||
| 33 | +++ b/tests/bugfixes/github/test_issue_3513.py | ||
| 34 | @@ -0,0 +1,17 @@ | ||
| 35 | +# -*- coding: utf-8 -*- | ||
| 36 | + | ||
| 37 | +import system_tests | ||
| 38 | + | ||
| 39 | + | ||
| 40 | +class test_issue_3513_PsdImage_readResourceBlock(metaclass=system_tests.CaseMeta): | ||
| 41 | + url = "https://github.com/Exiv2/exiv2/issues/3513" | ||
| 42 | + | ||
| 43 | + filename = "$data_path/issue_3513_poc.psd" | ||
| 44 | + commands = ["$exiv2 -pp $filename"] | ||
| 45 | + retval = [1] | ||
| 46 | + stderr = [ | ||
| 47 | + """$exiv2_exception_message $filename: | ||
| 48 | +$kerCorruptedMetadata | ||
| 49 | +""" | ||
| 50 | + ] | ||
| 51 | + stdout = [""] | ||
| 52 | diff --git a/tests/regression_tests/test_regression_allfiles.py b/tests/regression_tests/test_regression_allfiles.py | ||
| 53 | index 6a230e6fc..31f9c844a 100644 | ||
| 54 | --- a/tests/regression_tests/test_regression_allfiles.py | ||
| 55 | +++ b/tests/regression_tests/test_regression_allfiles.py | ||
| 56 | @@ -126,6 +126,7 @@ def get_valid_files(data_dir): | ||
| 57 | "pocIssue283.jpg", | ||
| 58 | "poc_1522.jp2", | ||
| 59 | "xmpsdk.xmp", | ||
| 60 | + "issue_3513_poc.psd", | ||
| 61 | "issue_3511_poc.eps", | ||
| 62 | # large file that creates 11Mb of output so let's exclude it | ||
| 63 | "ReaganLargeTiff.tiff", | ||
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27631-2.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27631-2.patch new file mode 100644 index 0000000000..712b40e22d --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27631-2.patch | |||
| @@ -0,0 +1,26 @@ | |||
| 1 | From 1748fd9763e89a341bdf8a451534067abb964ab2 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Kevin Backhouse <kevinbackhouse@github.com> | ||
| 3 | Date: Fri, 27 Feb 2026 10:38:22 +0000 | ||
| 4 | Subject: [PATCH] Check for integer overflow. | ||
| 5 | |||
| 6 | CVE: CVE-2026-27631 | ||
| 7 | Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/284b4e20229dd6edf492e712871878ae320801fc] | ||
| 8 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 9 | --- | ||
| 10 | src/psdimage.cpp | 3 +++ | ||
| 11 | 1 file changed, 3 insertions(+) | ||
| 12 | |||
| 13 | diff --git a/src/psdimage.cpp b/src/psdimage.cpp | ||
| 14 | index 1a8e4c61c..b2f5247a2 100644 | ||
| 15 | --- a/src/psdimage.cpp | ||
| 16 | +++ b/src/psdimage.cpp | ||
| 17 | @@ -287,6 +287,9 @@ void PsdImage::readResourceBlock(uint16_t resourceId, uint32_t resourceSize) { | ||
| 18 | nativePreview.height_ = getLong(buf + 8, bigEndian); | ||
| 19 | const uint32_t format = getLong(buf + 0, bigEndian); | ||
| 20 | |||
| 21 | + Internal::enforce(nativePreview.size_ <= static_cast<size_t>(std::numeric_limits<long>::max()), | ||
| 22 | + Exiv2::ErrorCode::kerCorruptedMetadata); | ||
| 23 | + | ||
| 24 | if (nativePreview.size_ > 0 && nativePreview.position_ > 0) { | ||
| 25 | io_->seek(static_cast<long>(nativePreview.size_), BasicIo::cur); | ||
| 26 | if (io_->error() || io_->eof()) | ||
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.7.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.7.bb index e1f57ae8c7..25f35e203a 100644 --- a/meta-oe/recipes-support/exiv2/exiv2_0.28.7.bb +++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.7.bb | |||
| @@ -4,7 +4,16 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2" | |||
| 4 | 4 | ||
| 5 | DEPENDS = "zlib expat brotli libinih" | 5 | DEPENDS = "zlib expat brotli libinih" |
| 6 | 6 | ||
| 7 | SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x;tag=v${PV}" | 7 | SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x;tag=v${PV} \ |
| 8 | file://CVE-2026-25884-1.patch \ | ||
| 9 | file://CVE-2026-25884-2.patch \ | ||
| 10 | file://CVE-2026-27596-1.patch \ | ||
| 11 | file://CVE-2026-27596-2.patch \ | ||
| 12 | file://CVE-2026-27631-1.patch \ | ||
| 13 | file://CVE-2026-27631-2.patch \ | ||
| 14 | " | ||
| 8 | SRCREV = "afcb7a8ba84a7de36d2f1ee7689394e078697956" | 15 | SRCREV = "afcb7a8ba84a7de36d2f1ee7689394e078697956" |
| 9 | 16 | ||
| 17 | PATCHTOOL = "git" | ||
| 18 | |||
| 10 | inherit cmake gettext | 19 | inherit cmake gettext |
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-15.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-17.bb index d48fae6bd3..989e87af3d 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-15.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-17.bb | |||
| @@ -17,7 +17,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt | |||
| 17 | file://imagemagick-ptest.sh \ | 17 | file://imagemagick-ptest.sh \ |
| 18 | " | 18 | " |
| 19 | 19 | ||
| 20 | SRCREV = "b5fdb90dac0e6d0bf1bbd95704bbd60216a5bc23" | 20 | SRCREV = "3f2f629405c62106d3569547c03634bc46fcd07d" |
| 21 | 21 | ||
| 22 | 22 | ||
| 23 | inherit autotools pkgconfig update-alternatives ptest | 23 | inherit autotools pkgconfig update-alternatives ptest |
diff --git a/meta-oe/recipes-support/imapfilter/imapfilter_2.8.3.bb b/meta-oe/recipes-support/imapfilter/imapfilter_2.8.5.bb index f4905e3c0b..754e793faa 100644 --- a/meta-oe/recipes-support/imapfilter/imapfilter_2.8.3.bb +++ b/meta-oe/recipes-support/imapfilter/imapfilter_2.8.5.bb | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | SUMMARY = "IMAPFilter is a mail filtering utility that processes mailboxes based on IMAP queries" | 1 | SUMMARY = "IMAPFilter is a mail filtering utility that processes mailboxes based on IMAP queries" |
| 2 | LICENSE = "MIT" | 2 | LICENSE = "MIT" |
| 3 | LIC_FILES_CHKSUM = "file://LICENSE;md5=f8d2fc4954306888fd0e4b27bef83525" | 3 | LIC_FILES_CHKSUM = "file://LICENSE;md5=c9e8d74e78283c6319317d3cb15eded4" |
| 4 | 4 | ||
| 5 | # v2.7.6 | 5 | # v2.7.6 |
| 6 | SRCREV = "72f7fa621357299bb6c8f5d29b4efbafcbd34bf7" | 6 | SRCREV = "23b693f7f7cad8b459beb5cf748078f9cc0e5dc8" |
| 7 | SRC_URI = "git://github.com/lefcha/imapfilter;protocol=https;branch=master;tag=v${PV} \ | 7 | SRC_URI = "git://github.com/lefcha/imapfilter;protocol=https;branch=master;tag=v${PV} \ |
| 8 | file://ldflags.patch \ | 8 | file://ldflags.patch \ |
| 9 | " | 9 | " |
diff --git a/meta-oe/recipes-support/libnice/libnice_0.1.23.bb b/meta-oe/recipes-support/libnice/libnice_0.1.23.bb index bcdcf0ad7f..4411de955c 100644 --- a/meta-oe/recipes-support/libnice/libnice_0.1.23.bb +++ b/meta-oe/recipes-support/libnice/libnice_0.1.23.bb | |||
| @@ -14,8 +14,11 @@ SRC_URI[sha256sum] = "618fc4e8de393b719b1641c1d8eec01826d4d39d15ade92679d221c7f5 | |||
| 14 | UPSTREAM_CHECK_URI = "https://gitlab.freedesktop.org/libnice/libnice/-/tags" | 14 | UPSTREAM_CHECK_URI = "https://gitlab.freedesktop.org/libnice/libnice/-/tags" |
| 15 | UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)" | 15 | UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)" |
| 16 | 16 | ||
| 17 | DEPENDS = "glib-2.0 gnutls ${@bb.utils.contains('DISTRO_FEATURES', 'api-documentation', 'graphviz-native', '', d)}" | 17 | DEPENDS = "glib-2.0 ${@bb.utils.contains('DISTRO_FEATURES', 'api-documentation', 'graphviz-native', '', d)}" |
| 18 | 18 | ||
| 19 | PACKAGECONFIG ??= "gnutls" | ||
| 20 | PACKAGECONFIG[gnutls] = "-Dcrypto-library=gnutls,,gnutls" | ||
| 21 | PACKAGECONFIG[openssl] = "-Dcrypto-library=openssl,,openssl" | ||
| 19 | PACKAGECONFIG[gupnp] = "-Dgupnp=enabled,-Dgupnp=disabled,gupnp" | 22 | PACKAGECONFIG[gupnp] = "-Dgupnp=enabled,-Dgupnp=disabled,gupnp" |
| 20 | PACKAGECONFIG[gstreamer] = "-Dgstreamer=enabled,-Dgstreamer=disabled,gstreamer1.0" | 23 | PACKAGECONFIG[gstreamer] = "-Dgstreamer=enabled,-Dgstreamer=disabled,gstreamer1.0" |
| 21 | PACKAGECONFIG[introspection] = "-Dintrospection=enabled,-Dintrospection=disabled," | 24 | PACKAGECONFIG[introspection] = "-Dintrospection=enabled,-Dintrospection=disabled," |
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731_p1.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731_p1.patch new file mode 100644 index 0000000000..bf1fbcc027 --- /dev/null +++ b/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731_p1.patch | |||
| @@ -0,0 +1,35 @@ | |||
| 1 | From 04d2f831fa8da74c973538cd3f621061a7656771 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jakub Jelen <jjelen@redhat.com> | ||
| 3 | Date: Thu, 11 Dec 2025 13:22:44 +0100 | ||
| 4 | Subject: [PATCH 1/2] sftp: Fix out-of-bound read from sftp extensions | ||
| 5 | MIME-Version: 1.0 | ||
| 6 | Content-Type: text/plain; charset=UTF-8 | ||
| 7 | Content-Transfer-Encoding: 8bit | ||
| 8 | |||
| 9 | CVE: CVE-2026-3731 | ||
| 10 | Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=f80670a7aba86cbb442c9b115c9eaf4ca04601b8] | ||
| 11 | |||
| 12 | Signed-off-by: Jakub Jelen <jjelen@redhat.com> | ||
| 13 | Reviewed-by: Pavol Žáčik <pzacik@redhat.com> | ||
| 14 | (cherry picked from commit 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60) | ||
| 15 | (cherry picked from commit f80670a7aba86cbb442c9b115c9eaf4ca04601b8) | ||
| 16 | Signed-off-by: Deepak Rathore <deeratho@cisco.com> | ||
| 17 | --- | ||
| 18 | src/sftp.c | 2 +- | ||
| 19 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 20 | |||
| 21 | diff --git a/src/sftp.c b/src/sftp.c | ||
| 22 | index 37b4133b..05e05019 100644 | ||
| 23 | --- a/src/sftp.c | ||
| 24 | +++ b/src/sftp.c | ||
| 25 | @@ -583,7 +583,7 @@ const char *sftp_extensions_get_name(sftp_session sftp, unsigned int idx) { | ||
| 26 | return NULL; | ||
| 27 | } | ||
| 28 | |||
| 29 | - if (idx > sftp->ext->count) { | ||
| 30 | + if (idx >= sftp->ext->count) { | ||
| 31 | ssh_set_error_invalid(sftp->session); | ||
| 32 | return NULL; | ||
| 33 | } | ||
| 34 | -- | ||
| 35 | 2.35.6 | ||
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731_p2.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731_p2.patch new file mode 100644 index 0000000000..b5a267b808 --- /dev/null +++ b/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731_p2.patch | |||
| @@ -0,0 +1,102 @@ | |||
| 1 | From df01168bb3863306ba0f35b50e5b2e5dd00ba9f6 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jakub Jelen <jjelen@redhat.com> | ||
| 3 | Date: Thu, 11 Dec 2025 13:21:23 +0100 | ||
| 4 | Subject: [PATCH 2/2] Reproducer for out of bounds read of SFTP extensions | ||
| 5 | MIME-Version: 1.0 | ||
| 6 | Content-Type: text/plain; charset=UTF-8 | ||
| 7 | Content-Transfer-Encoding: 8bit | ||
| 8 | |||
| 9 | CVE: CVE-2026-3731 | ||
| 10 | Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=02c6f5f7ec8629a7cff6a28cde9701ab10304540] | ||
| 11 | |||
| 12 | Signed-off-by: Jakub Jelen <jjelen@redhat.com> | ||
| 13 | Reviewed-by: Pavol Žáčik <pzacik@redhat.com> | ||
| 14 | (cherry picked from commit b90b7f24517efa7ab21506db9379aa3dce9fee7d) | ||
| 15 | (cherry picked from commit 02c6f5f7ec8629a7cff6a28cde9701ab10304540) | ||
| 16 | Signed-off-by: Deepak Rathore <deeratho@cisco.com> | ||
| 17 | --- | ||
| 18 | tests/client/torture_sftp_init.c | 62 +++++++++++++++++++++++++++++++- | ||
| 19 | 1 file changed, 61 insertions(+), 1 deletion(-) | ||
| 20 | |||
| 21 | diff --git a/tests/client/torture_sftp_init.c b/tests/client/torture_sftp_init.c | ||
| 22 | index a17f01fe..cdc24426 100644 | ||
| 23 | --- a/tests/client/torture_sftp_init.c | ||
| 24 | +++ b/tests/client/torture_sftp_init.c | ||
| 25 | @@ -72,6 +72,63 @@ static void session_setup_channel(void **state) | ||
| 26 | assert_non_null(s->ssh.tsftp); | ||
| 27 | } | ||
| 28 | |||
| 29 | +static void session_setup_extensions(void **state) | ||
| 30 | +{ | ||
| 31 | + struct torture_state *s = *state; | ||
| 32 | + struct passwd *pwd = NULL; | ||
| 33 | + int rc, count; | ||
| 34 | + const char *name = NULL, *data = NULL; | ||
| 35 | + sftp_session sftp = NULL; | ||
| 36 | + | ||
| 37 | + pwd = getpwnam("bob"); | ||
| 38 | + assert_non_null(pwd); | ||
| 39 | + | ||
| 40 | + rc = setuid(pwd->pw_uid); | ||
| 41 | + assert_return_code(rc, errno); | ||
| 42 | + | ||
| 43 | + s->ssh.session = torture_ssh_session(s, | ||
| 44 | + TORTURE_SSH_SERVER, | ||
| 45 | + NULL, | ||
| 46 | + TORTURE_SSH_USER_ALICE, | ||
| 47 | + NULL); | ||
| 48 | + assert_non_null(s->ssh.session); | ||
| 49 | + | ||
| 50 | + s->ssh.tsftp = torture_sftp_session(s->ssh.session); | ||
| 51 | + assert_non_null(s->ssh.tsftp); | ||
| 52 | + sftp = s->ssh.tsftp->sftp; | ||
| 53 | + | ||
| 54 | + /* null parameter */ | ||
| 55 | + count = sftp_extensions_get_count(NULL); | ||
| 56 | + assert_int_equal(count, 0); | ||
| 57 | + | ||
| 58 | + count = sftp_extensions_get_count(sftp); | ||
| 59 | + assert_int_not_equal(count, 0); | ||
| 60 | + | ||
| 61 | + /* first null parameter */ | ||
| 62 | + name = sftp_extensions_get_name(NULL, 0); | ||
| 63 | + assert_null(name); | ||
| 64 | + data = sftp_extensions_get_data(NULL, 0); | ||
| 65 | + assert_null(data); | ||
| 66 | + | ||
| 67 | + /* First extension */ | ||
| 68 | + name = sftp_extensions_get_name(sftp, 0); | ||
| 69 | + assert_non_null(name); | ||
| 70 | + data = sftp_extensions_get_data(sftp, 0); | ||
| 71 | + assert_non_null(data); | ||
| 72 | + | ||
| 73 | + /* Last extension */ | ||
| 74 | + name = sftp_extensions_get_name(sftp, count - 1); | ||
| 75 | + assert_non_null(name); | ||
| 76 | + data = sftp_extensions_get_data(sftp, count - 1); | ||
| 77 | + assert_non_null(data); | ||
| 78 | + | ||
| 79 | + /* Overrun */ | ||
| 80 | + name = sftp_extensions_get_name(sftp, count); | ||
| 81 | + assert_null(name); | ||
| 82 | + data = sftp_extensions_get_data(sftp, count); | ||
| 83 | + assert_null(data); | ||
| 84 | +} | ||
| 85 | + | ||
| 86 | static int session_teardown(void **state) | ||
| 87 | { | ||
| 88 | struct torture_state *s = *state; | ||
| 89 | @@ -92,7 +149,10 @@ int torture_run_tests(void) { | ||
| 90 | session_teardown), | ||
| 91 | cmocka_unit_test_setup_teardown(session_setup_channel, | ||
| 92 | NULL, | ||
| 93 | - session_teardown) | ||
| 94 | + session_teardown), | ||
| 95 | + cmocka_unit_test_setup_teardown(session_setup_extensions, | ||
| 96 | + NULL, | ||
| 97 | + session_teardown), | ||
| 98 | }; | ||
| 99 | |||
| 100 | ssh_init(); | ||
| 101 | -- | ||
| 102 | 2.35.6 | ||
diff --git a/meta-oe/recipes-support/libssh/libssh_0.11.3.bb b/meta-oe/recipes-support/libssh/libssh_0.11.3.bb index 5928581312..ab47931fa3 100644 --- a/meta-oe/recipes-support/libssh/libssh_0.11.3.bb +++ b/meta-oe/recipes-support/libssh/libssh_0.11.3.bb | |||
| @@ -9,6 +9,8 @@ DEPENDS = "zlib openssl" | |||
| 9 | SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.11;tag=${BPN}-${PV} \ | 9 | SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.11;tag=${BPN}-${PV} \ |
| 10 | file://0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch \ | 10 | file://0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch \ |
| 11 | file://run-ptest \ | 11 | file://run-ptest \ |
| 12 | file://CVE-2026-3731_p1.patch \ | ||
| 13 | file://CVE-2026-3731_p2.patch \ | ||
| 12 | " | 14 | " |
| 13 | 15 | ||
| 14 | SRC_URI:append:toolchain-clang = " file://0001-CompilerChecks.cmake-drop-Wunused-variable-flag.patch" | 16 | SRC_URI:append:toolchain-clang = " file://0001-CompilerChecks.cmake-drop-Wunused-variable-flag.patch" |
diff --git a/meta-oe/recipes-support/pcp/pcp.inc b/meta-oe/recipes-support/pcp/pcp.inc index 07de1d5328..7c6ecc2e22 100644 --- a/meta-oe/recipes-support/pcp/pcp.inc +++ b/meta-oe/recipes-support/pcp/pcp.inc | |||
| @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=37ab75b580d5aad4ada04260efa3702f \ | |||
| 7 | " | 7 | " |
| 8 | COMPATIBLE_HOST:libc-musl = "null" | 8 | COMPATIBLE_HOST:libc-musl = "null" |
| 9 | 9 | ||
| 10 | SRC_URI = "git://github.com/performancecopilot/pcp;branch=stable;protocol=https;tag=${PV} \ | 10 | SRC_URI = "git://github.com/performancecopilot/pcp;nobranch=1;protocol=https;tag=${PV} \ |
| 11 | file://0001-configure-Limit-the-header-search-to-sysroot.patch \ | 11 | file://0001-configure-Limit-the-header-search-to-sysroot.patch \ |
| 12 | file://0001-htop-Change-dependency-order-of-header-and-sourcefil.patch \ | 12 | file://0001-htop-Change-dependency-order-of-header-and-sourcefil.patch \ |
| 13 | file://config.linux \ | 13 | file://config.linux \ |
diff --git a/meta-python/recipes-devtools/python/python3-django_4.2.28.bb b/meta-python/recipes-devtools/python/python3-django_4.2.29.bb index 2c6d33991c..ded9e6fc1f 100644 --- a/meta-python/recipes-devtools/python/python3-django_4.2.28.bb +++ b/meta-python/recipes-devtools/python/python3-django_4.2.29.bb | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | require python3-django.inc | 1 | require python3-django.inc |
| 2 | inherit python_setuptools_build_meta | 2 | inherit python_setuptools_build_meta |
| 3 | 3 | ||
| 4 | SRC_URI[sha256sum] = "a4b9cd881991add394cafa8bb3b11ad1742d1e1470ba99c3ef53dc540316ccfe" | 4 | SRC_URI[sha256sum] = "86d91bc8086569c8d08f9c55888b583a921ac1f95ed3bdc7d5659d4709542014" |
| 5 | 5 | ||
| 6 | RDEPENDS:${PN} += "\ | 6 | RDEPENDS:${PN} += "\ |
| 7 | python3-sqlparse \ | 7 | python3-sqlparse \ |
diff --git a/meta-python/recipes-devtools/python/python3-django_5.2.11.bb b/meta-python/recipes-devtools/python/python3-django_5.2.12.bb index edf9aabb79..a7567265b5 100644 --- a/meta-python/recipes-devtools/python/python3-django_5.2.11.bb +++ b/meta-python/recipes-devtools/python/python3-django_5.2.12.bb | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | require python3-django.inc | 1 | require python3-django.inc |
| 2 | inherit python_setuptools_build_meta | 2 | inherit python_setuptools_build_meta |
| 3 | 3 | ||
| 4 | SRC_URI[sha256sum] = "7f2d292ad8b9ee35e405d965fbbad293758b858c34bbf7f3df551aeeac6f02d3" | 4 | SRC_URI[sha256sum] = "6b809af7165c73eff5ce1c87fdae75d4da6520d6667f86401ecf55b681eb1eeb" |
| 5 | 5 | ||
| 6 | RDEPENDS:${PN} += "\ | 6 | RDEPENDS:${PN} += "\ |
| 7 | python3-sqlparse \ | 7 | python3-sqlparse \ |
diff --git a/meta-python/recipes-devtools/python/python3-gpiod_2.4.0.bb b/meta-python/recipes-devtools/python/python3-gpiod_2.4.1.bb index 405951fe0c..61a3fb929e 100644 --- a/meta-python/recipes-devtools/python/python3-gpiod_2.4.0.bb +++ b/meta-python/recipes-devtools/python/python3-gpiod_2.4.1.bb | |||
| @@ -1,13 +1,11 @@ | |||
| 1 | SUMMARY = "Python bindings for libgpiod." | 1 | SUMMARY = "Python bindings for libgpiod." |
| 2 | 2 | ||
| 3 | LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later & CC-BY-SA-4.0" | 3 | LICENSE = "LGPL-2.1-or-later" |
| 4 | # The actual license files live in the upstream libgpiod from which the pypi | 4 | LIC_FILES_CHKSUM = "file://LICENSE;md5=4b54a1fd55a448865a0b32d41598759d" |
| 5 | # package is spun out. | ||
| 6 | LIC_FILES_CHKSUM = "file://pyproject.toml;beginline=13;endline=13;md5=0fbc720d3e48432ee239eedb6adb0f07" | ||
| 7 | 5 | ||
| 8 | SRC_URI += "file://run-ptest" | 6 | SRC_URI += "file://run-ptest" |
| 9 | 7 | ||
| 10 | SRC_URI[sha256sum] = "9243a1a59d084ec749d1df4a1e2f238ffb9d94515b0d9f5335460175143c3aa1" | 8 | SRC_URI[sha256sum] = "d29a1e8b2a065f7ed82f00a96009bc1486fc705bb2ad25820a8ae962ec6d7688" |
| 11 | 9 | ||
| 12 | inherit python_setuptools_build_meta python_pep517 ptest pypi | 10 | inherit python_setuptools_build_meta python_pep517 ptest pypi |
| 13 | 11 | ||
diff --git a/meta-python/recipes-devtools/python/python3-marshmallow_4.1.2.bb b/meta-python/recipes-devtools/python/python3-marshmallow_4.1.2.bb index f3a905a36c..f058bd7123 100644 --- a/meta-python/recipes-devtools/python/python3-marshmallow_4.1.2.bb +++ b/meta-python/recipes-devtools/python/python3-marshmallow_4.1.2.bb | |||
| @@ -30,3 +30,5 @@ RDEPENDS:${PN} += " \ | |||
| 30 | python3-pprint \ | 30 | python3-pprint \ |
| 31 | python3-packaging \ | 31 | python3-packaging \ |
| 32 | " | 32 | " |
| 33 | |||
| 34 | CVE_STATUS[CVE-2025-68480] = "fixed-version: fixed in 4.1.2" | ||
diff --git a/meta-python/recipes-devtools/python/python3-pyjwt/CVE-2026-32597.patch b/meta-python/recipes-devtools/python/python3-pyjwt/CVE-2026-32597.patch new file mode 100644 index 0000000000..7fec45e13c --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pyjwt/CVE-2026-32597.patch | |||
| @@ -0,0 +1,79 @@ | |||
| 1 | From c77d816548bd768df262ba0204904168584c0bd1 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Jos=C3=A9=20Padilla?= <jpadilla@webapplicate.com> | ||
| 3 | Date: Thu, 12 Mar 2026 12:46:08 -0400 | ||
| 4 | Subject: [PATCH] Merge commit from fork | ||
| 5 | MIME-Version: 1.0 | ||
| 6 | Content-Type: text/plain; charset=UTF-8 | ||
| 7 | Content-Transfer-Encoding: 8bit | ||
| 8 | |||
| 9 | Co-authored-by: José Padilla <jpadilla@users.noreply.github.com> | ||
| 10 | |||
| 11 | CVE: CVE-2026-32597 | ||
| 12 | Upstream-Status: Backport [https://github.com/jpadilla/pyjwt/commit/051ea341b5573fe3edcd53042f347929b92c2b92] | ||
| 13 | |||
| 14 | Dropped changes to the changelog, version bump and tests during backport. | ||
| 15 | |||
| 16 | Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> | ||
| 17 | --- | ||
| 18 | jwt/api_jws.py | 27 +++++++++++++++++++++++++-- | ||
| 19 | 1 file changed, 25 insertions(+), 2 deletions(-) | ||
| 20 | |||
| 21 | diff --git a/jwt/api_jws.py b/jwt/api_jws.py | ||
| 22 | index 654ee0b..db2c80f 100644 | ||
| 23 | --- a/jwt/api_jws.py | ||
| 24 | +++ b/jwt/api_jws.py | ||
| 25 | @@ -137,7 +137,7 @@ class PyJWS: | ||
| 26 | header: dict[str, Any] = {"typ": self.header_typ, "alg": algorithm_} | ||
| 27 | |||
| 28 | if headers: | ||
| 29 | - self._validate_headers(headers) | ||
| 30 | + self._validate_headers(headers, encoding=True) | ||
| 31 | header.update(headers) | ||
| 32 | |||
| 33 | if not header["typ"]: | ||
| 34 | @@ -208,6 +208,8 @@ class PyJWS: | ||
| 35 | |||
| 36 | payload, signing_input, header, signature = self._load(jwt) | ||
| 37 | |||
| 38 | + self._validate_headers(header) | ||
| 39 | + | ||
| 40 | if header.get("b64", True) is False: | ||
| 41 | if detached_payload is None: | ||
| 42 | raise DecodeError( | ||
| 43 | @@ -327,14 +329,35 @@ class PyJWS: | ||
| 44 | if not alg_obj.verify(signing_input, prepared_key, signature): | ||
| 45 | raise InvalidSignatureError("Signature verification failed") | ||
| 46 | |||
| 47 | - def _validate_headers(self, headers: dict[str, Any]) -> None: | ||
| 48 | + # Extensions that PyJWT actually understands and supports | ||
| 49 | + _supported_crit: set[str] = {"b64"} | ||
| 50 | + | ||
| 51 | + def _validate_headers( | ||
| 52 | + self, headers: dict[str, Any], *, encoding: bool = False | ||
| 53 | + ) -> None: | ||
| 54 | if "kid" in headers: | ||
| 55 | self._validate_kid(headers["kid"]) | ||
| 56 | + if not encoding and "crit" in headers: | ||
| 57 | + self._validate_crit(headers) | ||
| 58 | |||
| 59 | def _validate_kid(self, kid: Any) -> None: | ||
| 60 | if not isinstance(kid, str): | ||
| 61 | raise InvalidTokenError("Key ID header parameter must be a string") | ||
| 62 | |||
| 63 | + def _validate_crit(self, headers: dict[str, Any]) -> None: | ||
| 64 | + crit = headers["crit"] | ||
| 65 | + if not isinstance(crit, list) or len(crit) == 0: | ||
| 66 | + raise InvalidTokenError("Invalid 'crit' header: must be a non-empty list") | ||
| 67 | + for ext in crit: | ||
| 68 | + if not isinstance(ext, str): | ||
| 69 | + raise InvalidTokenError("Invalid 'crit' header: values must be strings") | ||
| 70 | + if ext not in self._supported_crit: | ||
| 71 | + raise InvalidTokenError(f"Unsupported critical extension: {ext}") | ||
| 72 | + if ext not in headers: | ||
| 73 | + raise InvalidTokenError( | ||
| 74 | + f"Critical extension '{ext}' is missing from headers" | ||
| 75 | + ) | ||
| 76 | + | ||
| 77 | |||
| 78 | _jws_global_obj = PyJWS() | ||
| 79 | encode = _jws_global_obj.encode | ||
diff --git a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb b/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb index 3954c526f5..981f79a743 100644 --- a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb +++ b/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb | |||
| @@ -5,6 +5,8 @@ HOMEPAGE = "https://github.com/jpadilla/pyjwt" | |||
| 5 | LICENSE = "MIT" | 5 | LICENSE = "MIT" |
| 6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=e4b56d2c9973d8cf54655555be06e551" | 6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=e4b56d2c9973d8cf54655555be06e551" |
| 7 | 7 | ||
| 8 | SRC_URI += "file://CVE-2026-32597.patch" | ||
| 9 | |||
| 8 | SRC_URI[sha256sum] = "3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9381953" | 10 | SRC_URI[sha256sum] = "3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9381953" |
| 9 | 11 | ||
| 10 | PYPI_PACKAGE = "pyjwt" | 12 | PYPI_PACKAGE = "pyjwt" |
diff --git a/meta-python/recipes-devtools/python/python3-tornado_6.5.4.bb b/meta-python/recipes-devtools/python/python3-tornado_6.5.5.bb index 9b43d98e1c..8e433fde2f 100644 --- a/meta-python/recipes-devtools/python/python3-tornado_6.5.4.bb +++ b/meta-python/recipes-devtools/python/python3-tornado_6.5.5.bb | |||
| @@ -6,7 +6,7 @@ HOMEPAGE = "https://www.tornadoweb.org/en/stable/" | |||
| 6 | LICENSE = "Apache-2.0" | 6 | LICENSE = "Apache-2.0" |
| 7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" | 7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" |
| 8 | 8 | ||
| 9 | SRC_URI[sha256sum] = "a22fa9047405d03260b483980635f0b041989d8bcc9a313f8fe18b411d84b1d7" | 9 | SRC_URI[sha256sum] = "192b8f3ea91bd7f1f50c06955416ed76c6b72f96779b962f07f911b91e8d30e9" |
| 10 | 10 | ||
| 11 | inherit pypi python_setuptools_build_meta | 11 | inherit pypi python_setuptools_build_meta |
| 12 | 12 | ||
diff --git a/meta-webserver/recipes-httpd/hiawatha/hiawatha_11.7.bb b/meta-webserver/recipes-httpd/hiawatha/hiawatha_11.7.bb index 4e7e5fa31d..dfa99c3d90 100644 --- a/meta-webserver/recipes-httpd/hiawatha/hiawatha_11.7.bb +++ b/meta-webserver/recipes-httpd/hiawatha/hiawatha_11.7.bb | |||
| @@ -6,7 +6,7 @@ DEPENDS = "libxml2 libxslt virtual/crypt" | |||
| 6 | 6 | ||
| 7 | SECTION = "net" | 7 | SECTION = "net" |
| 8 | 8 | ||
| 9 | SRC_URI = "https://hiawatha.leisink.net/files/hiawatha-${PV}.tar.gz \ | 9 | SRC_URI = "https://hiawatha.leisink.net/files/download/hiawatha-11/hiawatha-${PV}.tar.gz \ |
| 10 | file://0001-Add-__attribute__-nonstring-to-remove-unterminated-s.patch;patchdir=mbedtls \ | 10 | file://0001-Add-__attribute__-nonstring-to-remove-unterminated-s.patch;patchdir=mbedtls \ |
| 11 | file://0002-Replace-__attribute__-nonstring-with-macro-MBEDTLS_A.patch;patchdir=mbedtls \ | 11 | file://0002-Replace-__attribute__-nonstring-with-macro-MBEDTLS_A.patch;patchdir=mbedtls \ |
| 12 | file://define-MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch;patchdir=mbedtls \ | 12 | file://define-MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch;patchdir=mbedtls \ |
