Changqing Li
60f859e4be
libsoup: fix CVE-2025-4945
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/448
(From OE-Core rev: 6455484a26edc69be806c1356314c018d1940294)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-07-11 08:11:53 -07:00
Changqing Li
7ec28bad4d
libsoup-2.4: fix CVE-2025-4945
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/448
(From OE-Core rev: 92039926b164fae418eed988f6fa172c3554b9e7)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-07-11 08:11:53 -07:00
Changqing Li
e9cf2ef270
libsoup-2.4: refresh CVE-2025-4969.patch
...
refresh CVE-2025-4969.patch to fix the following build failure for
libsoup-2.4-native on fedora40/41:
../libsoup-2.74.3/tests/multipart-test.c:578:63: error: passing argument 2 of ‘soup_multipart_new_from_message’ from incompatible pointer type [-Wincompatible-pointer-types]
578 | multipart = soup_multipart_new_from_message (headers, bytes);
| ^~~~~
| |
| GBytes * {aka struct _GBytes *}
(From OE-Core rev: aaeea20b5c0f0c5a9d6554dd5e9693a9432cfa54)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-07-11 08:11:53 -07:00
Changqing Li
851774c757
icu: fix CVE-2025-5222
...
CVE-2025-5222:
A stack buffer overflow was found in Internationl components for unicode
(ICU ). While running the genrb binary, the 'subtag' struct overflowed
at the SRBRoot::addTag function. This issue may lead to memory
corruption and local arbitrary code execution.
Refer:
https://nvd.nist.gov/vuln/detail/CVE-2025-5222
https://unicode-org.atlassian.net/browse/ICU-22957
2c667e31cf
2025-07-11 08:11:53 -07:00
Virendra Thakur
36526677db
curl: set conditional CVE_STATUS for CVE-2025-5025
...
If openssl packageconfig is enabled, set CVE_STATUS as not-applicable.
This CVE is applicable only when curl built with wolfSSL support.
Reference: https://curl.se/docs/CVE-2025-5025.html
(From OE-Core rev: 8f50b0761fc4d49fae8d174956052e3ff9024a5e)
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-07-11 08:11:53 -07:00
Roland Kovacs
ebbddcdb70
gnupg: update 2.4.5 -> 2.4.8
...
This release includes fix for CVE-2025-30258.
Support for --enable-gpg-is-gpg2 config option has been partially removed in
version 2.4.6.
Changelog:
https://dev.gnupg.org/T7428
CVE: CVE-2025-30258
(From OE-Core rev: 41ef33ebf3e1a922aa44da8d75b240163d7954b1)
Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-07-07 07:42:58 -07:00
Changqing Li
5e4f229917
libsoup: fix CVE-2025-2784
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422
(From OE-Core rev: 504d92b01ac9a227e8e57b677f016fdfeccd5666)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:01 -07:00
Changqing Li
8d4c3eb106
libsoup-2.4: fix CVE-2025-2784
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422
(From OE-Core rev: 9c014c1b96f4ebeb0f6f504b6c7c0d8063b6a6b7)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:01 -07:00
Changqing Li
47bb754e27
libsoup-2.4: fix CVE-2025-4476
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/440
(From OE-Core rev: ebb87904c97f4b27a023b2347622519c702d4d2d)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:01 -07:00
Changqing Li
859504c475
libsoup: fix CVE-2025-4948
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
(From OE-Core rev: 737d50288a37f51f17cf3fef0422e27dbd115cce)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:01 -07:00
Changqing Li
e21b122523
libsoup-2.4: fix CVE-2025-4948
...
Refer:
http://gitlab.gnome.org/GNOME/libsoup/-/issues/449
(From OE-Core rev: b4fb5cd0d3385989842ad5a84d34cf451679c59a)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:00 -07:00
Changqing Li
2f3419c598
libsoup: fix CVE-2025-46421
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
(From OE-Core rev: f1450eea34202a9cc46294e3d8244c829556c369)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:00 -07:00
Changqing Li
8944014e5c
libsoup-2.4: fix CVE-2025-46421
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
(From OE-Core rev: 9e32f4fd761b591ea2f5ce26381135e9a8db94ce)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:00 -07:00
Changqing Li
e4ebf3effd
libsoup: fix CVE-2025-32050
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/424
(From OE-Core rev: 563a34faae35e4587fe2740c26c4bc149555a5de)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:00 -07:00
Changqing Li
a7a45d58e0
libsoup-2.4: fix CVE-2025-32050
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/424
(From OE-Core rev: d16627901125854f5346711e96d635c704438705)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:00 -07:00
Changqing Li
ee5c55b631
libsoup: fix CVE-2025-32051
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/401
(From OE-Core rev: dd92cad39759b7ad105d8bcd42672847a273bccc)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:00 -07:00
Changqing Li
df0e54f6ab
libsoup: fix CVE-2025-32052
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/425
(From OE-Core rev: 9a8a5072969a326e296d840296cb475fb3c0e2ff)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:00 -07:00
Changqing Li
d81430958e
libsoup-2.4: fix CVE-2025-32052
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/425
(From OE-Core rev: f3890f25cc036fd184578d7b85e6410ee97dc3ad)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:58:00 -07:00
Changqing Li
bf752e4e25
libsoup: fix CVE-2025-32053
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/426
(From OE-Core rev: 7ce73ed9b7125d02abcf8ec34c80270c2e340d55)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-11 08:17:34 -07:00
Changqing Li
ad1d671be0
libsoup-2.4: fix CVE-2025-32053
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/426
(From OE-Core rev: d6fba14b2e98928bbf2736494e571389892da6b4)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-11 08:17:34 -07:00
Changqing Li
dd4312d080
libsoup-2.4: fix do_compile failure
...
Remove test code for fixing do_compile failure:
../libsoup-2.74.3/tests/auth-test.c:1554:39: error: unknown type name 'SoupServerMessage'; did you mean 'SoupServerClass'?
1554 | SoupServerMessage *msg,
|
(From OE-Core rev: f14a6c98e4cbf4ee2a243387b018e29beab3b56a)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-11 08:17:34 -07:00
Changqing Li
24f024f042
libsoup-2.4: fix CVE-2025-32907
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/428
(From OE-Core rev: de53b2272919b97719e2b7f704154283caebc59f)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-11 08:17:34 -07:00
Changqing Li
33fc8121c9
libsoup: fix CVE-2025-32907
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/429
(From OE-Core rev: a729b18103081acf17420cf91ec202e86cc6be0d)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-11 08:17:34 -07:00
Changqing Li
c04a6271a4
libsoup: fix CVE-2025-32908
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/429
(From OE-Core rev: ff7440fddf5ada072f60cc25f3670cbb74f58167)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-11 08:17:34 -07:00
Hitendra Prajapati
d56536a618
libsoup-2.4: Fix CVE-2025-4969
...
Upstream-Status: Backport from 07b94e27af
2025-06-05 08:41:15 -07:00
Hitendra Prajapati
edc0010d0d
libsoup-3.4.4: Fix CVE-2025-4969
...
Upstream-Status: Backport from 07b94e27af
2025-06-05 08:41:15 -07:00
Ashish Sharma
474ee8d5de
libsoup: patch CVE-2025-4476
...
Upstream-Status: Backport [e64c221f9c
2025-06-02 07:12:34 -07:00
Vijay Anusuri
53ab80ae8f
libsoup-2.4: Fix CVE-2025-32914
...
import patch from debian to fix
CVE-2025-32914
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit 5bfcf81575https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/450
https://security-tracker.debian.org/tracker/CVE-2025-32914
(From OE-Core rev: 8eba970123aca651cbce13e52d43ddaddd76a7cc)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-02 07:12:34 -07:00
Vijay Anusuri
a6c55c0bd7
libsoup-2.4: Fix CVE-2025-32912
...
Upstream-Status: Backport from
cd077513f2910ebdcd3d
2025-06-02 07:12:34 -07:00
Vijay Anusuri
a0e298a849
libsoup-2.4: Fix CVE-2025-32911 & CVE-2025-32913
...
Upstream-Status: Backport from
7b4ef0e004f4a761fb66
2025-06-02 07:12:34 -07:00
Vijay Anusuri
cca757c461
libsoup-2.4: Fix CVE-2025-32910
...
import patch from debian to fix
CVE-2025-32910
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit e40df6d48a405a8a3459ea16eeacb0https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417
https://security-tracker.debian.org/tracker/CVE-2025-32910
(From OE-Core rev: 0fc936f23e6f70021acf4e711ef49d3a5cc966fe)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-02 07:12:34 -07:00
Nguyen Dat Tho
e8c615a169
libatomic-ops: Update GITHUB_BASE_URI
...
libatomic-ops moves to new repo https://github.com/ivmai/libatomic_ops
according to topic: https://github.com/bdwgc/libatomic_ops/issues/66
(From OE-Core rev: 29d920f4c2249df7a69f00100924b4525e03c0d9)
Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-27 09:38:57 -07:00
Ashish Sharma
79babbe58a
libsoup-2.4: Fix CVE-2025-46420
...
Upstream-Status: Backport [c9083869ec
2025-05-27 09:38:57 -07:00
Vijay Anusuri
c418c7ec51
libsoup: Fix CVE-2025-32914
...
Upstream-Status: Backport
[5bfcf81575
2025-05-14 09:08:58 -07:00
Vijay Anusuri
e4df627b22
libsoup-2.4: Fix CVE-2025-32909
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92
(From OE-Core rev: 90359036300731b6c26b646afbf3d66127b72fa2)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-14 09:08:57 -07:00
Vijay Anusuri
adc945c074
libsoup-2.4: Fix CVE-2025-32906
...
Upstream-Status: Backport from
1f509f31b6af5b9a4a39
2025-05-14 09:08:57 -07:00
Vijay Anusuri
929989c6c3
libsoup-2.4: Fix CVE-2024-52532
...
Upstream-Status: Backport from 6adc0e3eb729b96fab254c9e75c667
2025-05-14 09:08:57 -07:00
Vijay Anusuri
e2e65311f8
libsoup-2.4: Fix CVE-2024-52531
...
import patch from ubuntu to fix
CVE-2024-52531
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches?h=ubuntu/jammy-security
Upstream commit
a35222dd0b825fda3425https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/
https://ubuntu.com/security/CVE-2024-52531
(From OE-Core rev: c7ab8b45b1f533ca1b27b07c30f44b7b64a3cfde)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-14 09:08:57 -07:00
Vijay Anusuri
ecdb5e1785
libsoup-2.4: Fix CVE-2024-52530
...
Upstream-Status: Backport from
04df03bc09
2025-05-14 09:08:57 -07:00
Peter Marko
5d362ec2d7
sqlite3: mark CVE-2025-29087 as patched
...
Description of CVE-2025-29087 and CVE-2025-3277 are very similar.
There is no lonk from NVD, but [1] and [2] from Debian mark these two
CVEs as duplicates with the same link for patch.
[1] https://security-tracker.debian.org/tracker/CVE-2025-29087
[2] https://security-tracker.debian.org/tracker/CVE-2025-3277
(From OE-Core rev: 3f951941c758b6982a3cd30d085460756b7fefd9)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-08 13:37:29 -07:00
Ashish Sharma
2e1dd3c3d6
libsoup: patch CVE-2025-46420
...
Upstream-Status: Backport [c9083869ec
2025-05-08 13:37:29 -07:00
Changqing Li
18206fc2db
buildtools-tarball: Make buildtools respects host CA certificates
...
To adapt user network enviroment, buildtools should first try to use
the user configured envs like SSL_CERT_FILE/CURL_CA_BUNDLE/..., if these
envs is not set, then use the auto-detected ca file and ca path, and
finally use the CA certificates in buildtools.
nativesdk-openssl set OPENSSLDIR as "/not/builtin", need set SSL_CERT_FILE/SSL_CERT_DIR to work
nativesdk-curl don't set default ca file, need
SSL_CERT_FILE/SSL_CERT_DIR or CURL_CA_BUNDLE/CURL_CA_PATH to work
nativesdk-git actually use libcurl, and GIT_SSL_CAPATH/GIT_SSL_CAINFO
also works
nativesdk-python3-requests will use cacert.pem under python module certifi by
default, need to set REQUESTS_CA_BUNDLE
(From OE-Core rev: 0653b96bac6d0800dc5154557706a323418808be)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-02 08:20:12 -07:00
Changqing Li
397d432a62
buildtools-tarball: add envvars into BB_ENV_PASSTHROUGH_ADDITIONS
...
Here is one testcase:
For recipe tensorflow-lite-host-tools_2.18.0.bb, refer [1],
do_configure[network] = "1"
and it will git clone some repos in CMakeLists.txt
When buildtools is used and nativesdk-git is installed into sdk,
do_configure failed with error:
[1/9] Performing download step (git clone) for 'protobuf-populate'
Cloning into 'protobuf'...
fatal: unable to access 'https://github.com/protocolbuffers/protobuf/ ': error setting certificate file: /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-wrlinuxsdk-linux/etc/ssl/certs/ca-certificates.crt
Fix by adding GIT_SSL_CAINFO in BB_ENV_PASSTHROUGH_ADDITIONS, so that
user can export GIT_SSL_CAINFO=${GIT_SSL_CAINFO} in their
do_configure:prepend() to fix above do_configure failure
CURL_CA_BUNDLE and REQUESTS_CA_BUNDLE is similar envvars, so all add
into BB_ENV_PASSTHROUGH_ADDITIONS
[1] https://github.com/nxp-imx/meta-imx/blob/styhead-6.12.3-1.0.0/meta-imx-ml/recipes-libraries/tensorflow-lite/tensorflow-lite-host-tools_2.18.0.bb
(From OE-Core rev: 27f018d8e8ace97d0b1cdfb8782a2a7a0a319816)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-02 08:20:12 -07:00
Changqing Li
2e0b9e9a86
buildtools-tarball: move setting of envvars to respective envfile
...
* make git,curl,python3-requests align with openssl, move the setting of
envvars into respective envfile
* for environment.d-openssl.sh, also check if ca-certificates.crt exist
before export envvars
(From OE-Core rev: 5f4fd544d3df7365224599c9efdce4e545f51d5e)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-02 08:20:12 -07:00
Yogita Urade
26b25ba673
curl: fix CVE-2025-0167
...
When asked to use a `.netrc` file for credentials *and* to
follow HTTP redirects, curl could leak the password used
for the first host to the followed-to host under certain
circumstances.
This flaw only manifests itself if the netrc file has a
`default` entry that omits both login and password. A
rare circumstance.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-0167
Upstream patch:
https://github.com/curl/curl/commit/0e120c5b925e8ca75d5319e
(From OE-Core rev: b74dba43f2d6896245232373f2a9fdf07086a237)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-04-28 08:18:53 -07:00
Yogita Urade
2e67952192
curl: fix CVE-2024-11053
...
When asked to both use a `.netrc` file for credentials and to
follow HTTP redirects, curl could leak the password used for
the first host to the followed-to host under certain circumstances.
This flaw only manifests itself if the netrc file has an entry
that matches the redirect target hostname but the entry either
omits just the password or omits both login and password.
CVE-2024-11053-0001 is the dependent commit, CVE-2024-11053-0002 is
actual CVE fix and the actual fix caused a regression that was fixed
by CVE-2024-11053-0003.
Reference:
https://curl.se/docs/CVE-2024-11053.html
https://git.launchpad.net/ubuntu/+source/curl/commit/?h=applied/ubuntu/noble-devel&id=9ea469c352a313104f750dea93e78df8d868c435
Upstream patches:
9bee39bfedhttps://github.com/curl/curl/commit/e9b9bbac22c26cf67316fa8e6c6b9e831af3194
9fce2c55d4
2025-04-28 08:18:53 -07:00
Peter Marko
f8ca40f3d1
sqlite3: patch CVE-2025-29088
...
Pick commit [1] mentioned in [2].
[1] 56d2fd008bhttps://nvd.nist.gov/vuln/detail/CVE-2025-29088
(From OE-Core rev: 6a65833a53487571b1ed0831dcc0b1fb04946557)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-04-28 08:18:53 -07:00
Peter Marko
72bb9edc9a
sqlite3: patch CVE-2025-3277
...
Pick commit [1] mentioned in [2].
[1] https://sqlite.org/src/info/498e3f1cf57f164f
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-3277
(From OE-Core rev: 2f800295919ac337f038e1678f4c0abb2a6e7f95)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-04-28 08:18:53 -07:00
Vijay Anusuri
92701ca3e3
libsoup: Fix CVE-2025-32906
...
Upstream-Status: Backport from
1f509f31b6af5b9a4a39
2025-04-28 08:18:52 -07:00
Vijay Anusuri
83671ce4eb
libsoup: Fix CVE-2025-32912
...
Upstream-Status: Backport from
cd077513f2910ebdcd3d
2025-04-28 08:18:52 -07:00
