4 files changed, 4 insertions, 193 deletions
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7539.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7539.patch
deleted file mode 100644
index e41596959b..0000000000
--- a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7539.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From 389e2344f86319265fb72ae590b470716e038fdc Mon Sep 17 00:00:00 2001
-From: Sicelo A. Mhlongo <absicsz@gmail.com>
-Date: Tue, 17 Dec 2024 11:31:29 +0200
-Subject: [PATCH] ussd: ensure ussd content fits in buffers
-Fixes: CVE-2024-7539
-CVE: CVE-2024-7539
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=389e2344f86319265fb72ae590b470716e038fdc]
-Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
- drivers/atmodem/ussd.c      | 5 ++++-
- drivers/huaweimodem/ussd.c  | 5 ++++-
- drivers/speedupmodem/ussd.c | 5 ++++-
- 3 files changed, 12 insertions(+), 3 deletions(-)
-diff --git a/drivers/atmodem/ussd.c b/drivers/atmodem/ussd.c
-index 32a9fe9..99da559 100644
--- a/drivers/atmodem/ussd.c
-+++ b/drivers/atmodem/ussd.c
-@@ -93,7 +93,7 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
-        const char *content;
-        int dcs;
-        enum sms_charset charset;
-       unsigned char msg[160];
-+       unsigned char msg[160] = {0};
-        const unsigned char *msg_ptr = NULL;
-        long msg_len;
-@@ -113,6 +113,9 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
-        if (!g_at_result_iter_next_number(&iter, &dcs))
-                dcs = 0;
-+       if (strlen(content) > sizeof(msg) * 2)
-+               goto out;
-+
-        if (!cbs_dcs_decode(dcs, NULL, NULL, &charset, NULL, NULL, NULL)) {
-                ofono_error("Unsupported USSD data coding scheme (%02x)", dcs);
-                status = 4; /* Not supported */
-diff --git a/drivers/huaweimodem/ussd.c b/drivers/huaweimodem/ussd.c
-index 5e1c907..3d165c8 100644
--- a/drivers/huaweimodem/ussd.c
-+++ b/drivers/huaweimodem/ussd.c
-@@ -38,7 +38,7 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
-        int status;
-        int dcs = 0;
-        const char *content;
-       unsigned char msg[160];
-+       unsigned char msg[160] = {0};
-        const unsigned char *msg_ptr = NULL;
-        long msg_len;
-@@ -55,6 +55,9 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
-        g_at_result_iter_next_number(&iter, &dcs);
-+       if (strlen(content) > sizeof(msg) * 2)
-+               goto out;
-+
-        msg_ptr = decode_hex_own_buf(content, -1, &msg_len, 0, msg);
- out:
-diff --git a/drivers/speedupmodem/ussd.c b/drivers/speedupmodem/ussd.c
-index aafa4bc..a5efde0 100644
--- a/drivers/speedupmodem/ussd.c
-+++ b/drivers/speedupmodem/ussd.c
-@@ -37,7 +37,7 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
-        int status;
-        int dcs = 0;
-        const char *content;
-       unsigned char msg[160];
-+       unsigned char msg[160] = {0};
-        const unsigned char *msg_ptr = NULL;
-        long msg_len;
-@@ -54,6 +54,9 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
-        g_at_result_iter_next_number(&iter, &dcs);
-+       if (strlen(content) > sizeof(msg) * 2)
-+               goto out;
-+
-        msg_ptr = decode_hex_own_buf(content, -1, &msg_len, 0, msg);
- out:
--
-2.40.0
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch
deleted file mode 100644
index fd97d4b51b..0000000000
--- a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 29ff6334b492504ace101be748b256e6953d2c2f Mon Sep 17 00:00:00 2001
-From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
-Date: Tue, 17 Dec 2024 11:31:28 +0200
-Subject: [PATCH] atmodem: sms: ensure buffer is initialized before use
-Fixes: CVE-2024-7540
-Fixes: CVE-2024-7541
-Fixes: CVE-2024-7542
-CVE: CVE-2024-7540
-CVE: CVE-2024-7541
-CVE: CVE-2024-7542
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=29ff6334b492504ace101be748b256e6953d2c2f]
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
- drivers/atmodem/sms.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-diff --git a/drivers/atmodem/sms.c b/drivers/atmodem/sms.c
-index d994856b..0668c631 100644
--- a/drivers/atmodem/sms.c
-+++ b/drivers/atmodem/sms.c
-@@ -399,7 +399,7 @@ static void at_cmt_notify(GAtResult *result, gpointer user_data)
-        struct sms_data *data = ofono_sms_get_data(sms);
-        GAtResultIter iter;
-        const char *hexpdu;
-       unsigned char pdu[176];
-+       unsigned char pdu[176] = {0};
-        long pdu_len;
-        int tpdu_len;
- 
-@@ -466,7 +466,7 @@ static void at_cmgr_notify(GAtResult *result, gpointer user_data)
-        struct sms_data *data = ofono_sms_get_data(sms);
-        GAtResultIter iter;
-        const char *hexpdu;
-       unsigned char pdu[176];
-+       unsigned char pdu[176] = {0};
-        long pdu_len;
-        int tpdu_len;
- 
-@@ -648,7 +648,7 @@ static void at_cmgl_notify(GAtResult *result, gpointer user_data)
-        struct sms_data *data = ofono_sms_get_data(sms);
-        GAtResultIter iter;
-        const char *hexpdu;
-       unsigned char pdu[176];
-+       unsigned char pdu[176] = {0};
-        long pdu_len;
-        int tpdu_len;
-        int index;
-- 
-2.30.2
diff --git a/meta/recipes-connectivity/ofono/ofono/rmnet.patch b/meta/recipes-connectivity/ofono/ofono/rmnet.patch
deleted file mode 100644
index 11dfd5db18..0000000000
--- a/meta/recipes-connectivity/ofono/ofono/rmnet.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From git@z Thu Jan  1 00:00:00 1970
-Subject: [PATCH] rmnet: Handle toolchains with old kernel headers
-From: Richard Purdie <richard.purdie@linuxfoundation.org>
-Date: Thu, 19 Dec 2024 13:47:15 +0000
-Message-Id: <e2b6a94dd9a3789e31dafadfc70c53b565d1db04.camel@linuxfoundation.org>
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 7bit
-The RMNET_FLAGS_*GRESS_MAP_CKSUMV5 defines were added to the kernel in
-5.14[1] and some toolchains use older headers, so add fallback defines
-in case they are needed.
-[1] linux b6e5d27e32ef6089d316ce7e1ecaf595584d4b84
-Upstream-Status: Submitted [https://lore.kernel.org/ofono/e2b6a94dd9a3789e31dafadfc70c53b565d1db04.camel@linuxfoundation.org/T/#u]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
---
- src/rmnet.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-diff --git a/src/rmnet.c b/src/rmnet.c
-index 42b03249..9a7f52fb 100644
--- a/src/rmnet.c
-+++ b/src/rmnet.c
-@@ -27,6 +27,16 @@
- #define MAX_MUX_IDS 254U
- #define DEFAULT_MTU 1400U
- 
-+/*
-+ * These were added in 5.14 so define them here if the toolchain's kernel headers are old.
-+ */
-+#ifndef RMNET_FLAGS_INGRESS_MAP_CKSUMV5
-+#define RMNET_FLAGS_INGRESS_MAP_CKSUMV5 (1U << 4)
-+#endif
-+#ifndef RMNET_FLAGS_EGRESS_MAP_CKSUMV5
-+#define RMNET_FLAGS_EGRESS_MAP_CKSUMV5 (1U << 5)
-+#endif
-+
- struct rmnet_request {
-        uint32_t parent_ifindex;
-        rmnet_new_interfaces_func_t new_cb;
-- 
-2.43.0
diff --git a/meta/recipes-connectivity/ofono/ofono_2.14.bb b/meta/recipes-connectivity/ofono/ofono_2.15.bb
index 9a91afaa7b..40eeb3a086 100644
--- a/meta/recipes-connectivity/ofono/ofono_2.14.bb
+++ b/meta/recipes-connectivity/ofono/ofono_2.15.bb
@@ -7,14 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
                    file://src/ofono.h;beginline=1;endline=6;md5=13e42133935ceecfc9bcb547f256e277"
 DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell"
-SRC_URI = "\
+SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
-    ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+           file://ofono \
-    file://rmnet.patch \
+           "
-    file://ofono \
+SRC_URI[sha256sum] = "1af93ab72a70502452fe3d0297a6eaea13750cacae1fff3b643dd2245a6408ca"
-    file://CVE-2024-7539.patch \
-    file://CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch \
-"
-SRC_URI[sha256sum] = "983cbfd5e1e1a410ba7ad2db7f50fadc91e50b29f1ede40cdc73f941da7ba95f"
 inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data

diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7539.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7539.patch deleted file mode 100644 index e41596959b..0000000000 --- a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7539.patch +++ /dev/null
@@ -1,88 +0,0 @@
1	From 389e2344f86319265fb72ae590b470716e038fdc Mon Sep 17 00:00:00 2001
2	From: Sicelo A. Mhlongo <absicsz@gmail.com>
3	Date: Tue, 17 Dec 2024 11:31:29 +0200
4	Subject: [PATCH] ussd: ensure ussd content fits in buffers
5
6	Fixes: CVE-2024-7539
7
8	CVE: CVE-2024-7539
9	Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=389e2344f86319265fb72ae590b470716e038fdc]
10
11	Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
12	---
13	drivers/atmodem/ussd.c \| 5 ++++-
14	drivers/huaweimodem/ussd.c \| 5 ++++-
15	drivers/speedupmodem/ussd.c \| 5 ++++-
16	3 files changed, 12 insertions(+), 3 deletions(-)
17
18	diff --git a/drivers/atmodem/ussd.c b/drivers/atmodem/ussd.c
19	index 32a9fe9..99da559 100644
20	--- a/drivers/atmodem/ussd.c
21	+++ b/drivers/atmodem/ussd.c
22	@@ -93,7 +93,7 @@ static void cusd_parse(GAtResult result, struct ofono_ussd ussd)
23	const char *content;
24	int dcs;
25	enum sms_charset charset;
26	- unsigned char msg[160];
27	+ unsigned char msg[160] = {0};
28	const unsigned char *msg_ptr = NULL;
29	long msg_len;
30
31	@@ -113,6 +113,9 @@ static void cusd_parse(GAtResult result, struct ofono_ussd ussd)
32	if (!g_at_result_iter_next_number(&iter, &dcs))
33	dcs = 0;
34
35	+ if (strlen(content) > sizeof(msg) * 2)
36	+ goto out;
37	+
38	if (!cbs_dcs_decode(dcs, NULL, NULL, &charset, NULL, NULL, NULL)) {
39	ofono_error("Unsupported USSD data coding scheme (%02x)", dcs);
40	status = 4; /* Not supported */
41	diff --git a/drivers/huaweimodem/ussd.c b/drivers/huaweimodem/ussd.c
42	index 5e1c907..3d165c8 100644
43	--- a/drivers/huaweimodem/ussd.c
44	+++ b/drivers/huaweimodem/ussd.c
45	@@ -38,7 +38,7 @@ static void cusd_parse(GAtResult result, struct ofono_ussd ussd)
46	int status;
47	int dcs = 0;
48	const char *content;
49	- unsigned char msg[160];
50	+ unsigned char msg[160] = {0};
51	const unsigned char *msg_ptr = NULL;
52	long msg_len;
53
54	@@ -55,6 +55,9 @@ static void cusd_parse(GAtResult result, struct ofono_ussd ussd)
55
56	g_at_result_iter_next_number(&iter, &dcs);
57
58	+ if (strlen(content) > sizeof(msg) * 2)
59	+ goto out;
60	+
61	msg_ptr = decode_hex_own_buf(content, -1, &msg_len, 0, msg);
62
63	out:
64	diff --git a/drivers/speedupmodem/ussd.c b/drivers/speedupmodem/ussd.c
65	index aafa4bc..a5efde0 100644
66	--- a/drivers/speedupmodem/ussd.c
67	+++ b/drivers/speedupmodem/ussd.c
68	@@ -37,7 +37,7 @@ static void cusd_parse(GAtResult result, struct ofono_ussd ussd)
69	int status;
70	int dcs = 0;
71	const char *content;
72	- unsigned char msg[160];
73	+ unsigned char msg[160] = {0};
74	const unsigned char *msg_ptr = NULL;
75	long msg_len;
76
77	@@ -54,6 +54,9 @@ static void cusd_parse(GAtResult result, struct ofono_ussd ussd)
78
79	g_at_result_iter_next_number(&iter, &dcs);
80
81	+ if (strlen(content) > sizeof(msg) * 2)
82	+ goto out;
83	+
84	msg_ptr = decode_hex_own_buf(content, -1, &msg_len, 0, msg);
85
86	out:
87	--
88	2.40.0


diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch deleted file mode 100644 index fd97d4b51b..0000000000 --- a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch +++ /dev/null
@@ -1,52 +0,0 @@
1	From 29ff6334b492504ace101be748b256e6953d2c2f Mon Sep 17 00:00:00 2001
2	From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
3	Date: Tue, 17 Dec 2024 11:31:28 +0200
4	Subject: [PATCH] atmodem: sms: ensure buffer is initialized before use
5
6	Fixes: CVE-2024-7540
7	Fixes: CVE-2024-7541
8	Fixes: CVE-2024-7542
9
10	CVE: CVE-2024-7540
11	CVE: CVE-2024-7541
12	CVE: CVE-2024-7542
13	Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=29ff6334b492504ace101be748b256e6953d2c2f]
14	Signed-off-by: Peter Marko <peter.marko@siemens.com>
15	---
16	drivers/atmodem/sms.c \| 6 +++---
17	1 file changed, 3 insertions(+), 3 deletions(-)
18
19	diff --git a/drivers/atmodem/sms.c b/drivers/atmodem/sms.c
20	index d994856b..0668c631 100644
21	--- a/drivers/atmodem/sms.c
22	+++ b/drivers/atmodem/sms.c
23	@@ -399,7 +399,7 @@ static void at_cmt_notify(GAtResult *result, gpointer user_data)
24	struct sms_data *data = ofono_sms_get_data(sms);
25	GAtResultIter iter;
26	const char *hexpdu;
27	- unsigned char pdu[176];
28	+ unsigned char pdu[176] = {0};
29	long pdu_len;
30	int tpdu_len;
31
32	@@ -466,7 +466,7 @@ static void at_cmgr_notify(GAtResult *result, gpointer user_data)
33	struct sms_data *data = ofono_sms_get_data(sms);
34	GAtResultIter iter;
35	const char *hexpdu;
36	- unsigned char pdu[176];
37	+ unsigned char pdu[176] = {0};
38	long pdu_len;
39	int tpdu_len;
40
41	@@ -648,7 +648,7 @@ static void at_cmgl_notify(GAtResult *result, gpointer user_data)
42	struct sms_data *data = ofono_sms_get_data(sms);
43	GAtResultIter iter;
44	const char *hexpdu;
45	- unsigned char pdu[176];
46	+ unsigned char pdu[176] = {0};
47	long pdu_len;
48	int tpdu_len;
49	int index;
50	--
51	2.30.2
52


diff --git a/meta/recipes-connectivity/ofono/ofono/rmnet.patch b/meta/recipes-connectivity/ofono/ofono/rmnet.patch deleted file mode 100644 index 11dfd5db18..0000000000 --- a/meta/recipes-connectivity/ofono/ofono/rmnet.patch +++ /dev/null
@@ -1,45 +0,0 @@
1	From git@z Thu Jan 1 00:00:00 1970
2	Subject: [PATCH] rmnet: Handle toolchains with old kernel headers
3	From: Richard Purdie <richard.purdie@linuxfoundation.org>
4	Date: Thu, 19 Dec 2024 13:47:15 +0000
5	Message-Id: <e2b6a94dd9a3789e31dafadfc70c53b565d1db04.camel@linuxfoundation.org>
6	MIME-Version: 1.0
7	Content-Type: text/plain; charset="utf-8"
8	Content-Transfer-Encoding: 7bit
9
10	The RMNET_FLAGS_*GRESS_MAP_CKSUMV5 defines were added to the kernel in
11	5.14[1] and some toolchains use older headers, so add fallback defines
12	in case they are needed.
13
14	[1] linux b6e5d27e32ef6089d316ce7e1ecaf595584d4b84
15
16	Upstream-Status: Submitted [https://lore.kernel.org/ofono/e2b6a94dd9a3789e31dafadfc70c53b565d1db04.camel@linuxfoundation.org/T/#u]
17	Signed-off-by: Ross Burton <ross.burton@arm.com>
18	---
19	src/rmnet.c \| 10 ++++++++++
20	1 file changed, 10 insertions(+)
21
22	diff --git a/src/rmnet.c b/src/rmnet.c
23	index 42b03249..9a7f52fb 100644
24	--- a/src/rmnet.c
25	+++ b/src/rmnet.c
26	@@ -27,6 +27,16 @@
27	#define MAX_MUX_IDS 254U
28	#define DEFAULT_MTU 1400U
29
30	+/*
31	+ * These were added in 5.14 so define them here if the toolchain's kernel headers are old.
32	+ */
33	+#ifndef RMNET_FLAGS_INGRESS_MAP_CKSUMV5
34	+#define RMNET_FLAGS_INGRESS_MAP_CKSUMV5 (1U << 4)
35	+#endif
36	+#ifndef RMNET_FLAGS_EGRESS_MAP_CKSUMV5
37	+#define RMNET_FLAGS_EGRESS_MAP_CKSUMV5 (1U << 5)
38	+#endif
39	+
40	struct rmnet_request {
41	uint32_t parent_ifindex;
42	rmnet_new_interfaces_func_t new_cb;
43	--
44	2.43.0
45


diff --git a/meta/recipes-connectivity/ofono/ofono_2.14.bb b/meta/recipes-connectivity/ofono/ofono_2.15.bb index 9a91afaa7b..40eeb3a086 100644 --- a/meta/recipes-connectivity/ofono/ofono_2.14.bb +++ b/meta/recipes-connectivity/ofono/ofono_2.15.bb
@@ -7,14 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
7	file://src/ofono.h;beginline=1;endline=6;md5=13e42133935ceecfc9bcb547f256e277"	7	file://src/ofono.h;beginline=1;endline=6;md5=13e42133935ceecfc9bcb547f256e277"
8	DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell"	8	DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell"
9		9
10	SRC_URI = "\	10	SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
11	${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \	11	file://ofono \
12	file://rmnet.patch \	12	"
13	file://ofono \	13	SRC_URI[sha256sum] = "1af93ab72a70502452fe3d0297a6eaea13750cacae1fff3b643dd2245a6408ca"
14	file://CVE-2024-7539.patch \
15	file://CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch \
16	"
17	SRC_URI[sha256sum] = "983cbfd5e1e1a410ba7ad2db7f50fadc91e50b29f1ede40cdc73f941da7ba95f"
18		14
19	inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data	15	inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data
20		16