On Tue Feb 17, 2026 at 3:22 PM CET, Amaury Couderc wrote: > Hello, > > Just a way-of-working question, I have sent the patches to the master and > whinlatter branches. Once these ones are accepted and implemented should I > resend the scarthgap patches?
Hello, Good question! I'm trying to keep the patches pending upstream submission around and reevaluate periodically. If you see such patch missing from my patch review request, definitively answer. You can also answer a patch to signal that it was merged and I will check that it was not forgotten. If the master review/merge ended with changes, send the upgraded version to the stable branches. Thanks! > > Kind Regards, > > Amaury > ________________________________ > From: Amaury Couderc <[email protected]> > Sent: Monday, 9 February 2026 15:29 > To: Yoann Congal <[email protected]>; > [email protected] > <[email protected]> > Subject: Re: [OE-core] [scarthgap][PATCH] avahi: fixes CVE-2025-68468 > > Hello, > > Thanks for the heads-up, just sent the patches to master and whinlatter. > > Kind Regards, > > Amaury > ________________________________ > From: Yoann Congal <[email protected]> > Sent: Wednesday, February 4, 2026 11:53 AM > To: Amaury Couderc <[email protected]>; > [email protected] > <[email protected]> > Subject: Re: [OE-core] [scarthgap][PATCH] avahi: fixes CVE-2025-68468 > > On Fri Jan 23, 2026 at 11:36 AM CET, Amaury Couderc via > lists.openembedded.org wrote: >> From: Amaury Couderc <[email protected]> >> >> avahi: fix DoS bug by removing incorrect assertion >> >> Signed-off-by: Amaury Couderc <[email protected]> >> --- >> meta/recipes-connectivity/avahi/avahi_0.8.bb | 2 +- >> .../avahi/files/CVE-2025-68468.patch | 32 +++++++++++++++++++ >> 2 files changed, 33 insertions(+), 1 deletion(-) >> create mode 100644 >> meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch > > Hello, > > If I'm not mistaken, this patch does not have a master equivalent. > Please fix CVE-2025-68468 on master and whinlatter (by upgrade or patch) > and, then, request a backport scarthgap. > > Regards, > >> >> diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb >> b/meta/recipes-connectivity/avahi/avahi_0.8.bb >> index ffda85c0e7..8f8f4a0d88 100644 >> --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb >> +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb >> @@ -37,6 +37,7 @@ SRC_URI = >> "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ >> file://CVE-2023-38473.patch \ >> file://CVE-2024-52616.patch \ >> file://CVE-2024-52615.patch \ >> + file://CVE-2025-68468.patch \ >> " >> >> GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/"; >> diff --git a/meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch >> b/meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch >> new file mode 100644 >> index 0000000000..3635cc8d53 >> --- /dev/null >> +++ b/meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch >> @@ -0,0 +1,32 @@ >> +From 483f83828cfda965fac914ff1b39c63c256372b2 Mon Sep 17 00:00:00 2001 >> +From: Hugo Muis <[email protected]> >> +Date: Sun, 2 Mar 2025 18:06:24 +0100 >> +Subject: [PATCH] core: fix DoS bug by removing incorrect assertion >> + >> +Closes https://github.com/avahi/avahi/issues/683 >> + >> +CVE: CVE-2025-68468 >> + >> +Upstream-Status: Backport >> +[https://github.com/avahi/avahi/commit/f66be13d7f31a3ef806d226bf8b67240179d309a] >> + >> +Signed-off-by: Amaury Couderc <[email protected]> >> +--- >> + avahi-core/browse.c | 1 - >> + 1 file changed, 1 deletion(-) >> + >> +diff --git a/avahi-core/browse.c b/avahi-core/browse.c >> +index 86e4432..79595fe 100644 >> +--- a/avahi-core/browse.c >> ++++ b/avahi-core/browse.c >> +@@ -295,7 +295,6 @@ static void lookup_multicast_callback( >> + lookup_drop_cname(l, interface, protocol, 0, r); >> + else { >> + /* It's a normal record, so let's call the user callback */ >> +- assert(avahi_key_equal(b->key, l->key)); >> + >> + b->callback(b, interface, protocol, event, r, flags, >> b->userdata); >> + } >> +-- >> +2.43.0 >> + > > > -- > Yoann Congal > Smile ECS -- Yoann Congal Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#231264): https://lists.openembedded.org/g/openembedded-core/message/231264 Mute This Topic: https://lists.openembedded.org/mt/117415659/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
