This is causing do_patch failure for scarthgap builds with musl: Hunk #1 FAILED at 39. 1 out of 1 hunk FAILED -- rejects in file src/udev/udev-builtin-net_id.c patching file src/udev/udev-builtin-path_id.c patching file src/udev/udev-event.c patching file src/udev/udev-rules.c Patch 0003-src-basic-missing.h-check-for-missing-strndupa.patch does not apply (enforce with -f)
stderr: ') ERROR: Logfile of failure stored in: /OE/build/oe-core/tmp-musl/work/core2-64-oe-linux-musl/systemd/255.21/temp/log.do_patch.215528 ERROR: Task (/OE/build/oe-core/openembedded-core/meta/recipes-core/systemd/systemd_255.21.bb:do_patch) failed with exit code '1' I'll send a fix. On Tue, Apr 28, 2026 at 2:25 PM Hitendra Prajapati via lists.openembedded.org <[email protected]> wrote: > > Backport commit[0] and [1] which fixes this vulnerability as mentioned in > Debian report [2]. > > [0] > https://github.com/systemd/systemd/commit/03bb697b8df0339c37f4b845025320b261aeb7cc > [1] > https://github.com/systemd/systemd/commit/5887e72ff87d3a66a4c3fa91897fbec1545f4d3d > [2] https://security-tracker.debian.org/tracker/CVE-2026-40225 > > More details : https://nvd.nist.gov/vuln/detail/CVE-2026-40225 > > Signed-off-by: Hitendra Prajapati <[email protected]> > --- > .../systemd/systemd/CVE-2026-40225-01.patch | 131 ++++++++++++++++++ > .../systemd/systemd/CVE-2026-40225-02.patch | 39 ++++++ > meta/recipes-core/systemd/systemd_255.21.bb | 2 + > 3 files changed, 172 insertions(+) > create mode 100644 meta/recipes-core/systemd/systemd/CVE-2026-40225-01.patch > create mode 100644 meta/recipes-core/systemd/systemd/CVE-2026-40225-02.patch > > diff --git a/meta/recipes-core/systemd/systemd/CVE-2026-40225-01.patch > b/meta/recipes-core/systemd/systemd/CVE-2026-40225-01.patch > new file mode 100644 > index 0000000000..f616e636c2 > --- /dev/null > +++ b/meta/recipes-core/systemd/systemd/CVE-2026-40225-01.patch > @@ -0,0 +1,131 @@ > +From 03bb697b8df0339c37f4b845025320b261aeb7cc Mon Sep 17 00:00:00 2001 > +From: Luca Boccassi <[email protected]> > +Date: Fri, 6 Mar 2026 19:32:35 +0000 > +Subject: [PATCH] udev: check for invalid chars in various fields received > from > + the kernel > + > +(cherry picked from commit 16325b35fa6ecb25f66534a562583ce3b96d52f3) > +(cherry picked from commit 3513862eabe9ec4a6a095d7266e98f998f289ed2) > +(cherry picked from commit c20d21e0da293e715db468f9f4a15a5c8fbf8273) > + > +CVE: CVE-2026-40225 > +Upstream-Status: Backport > [https://github.com/systemd/systemd/commit/03bb697b8df0339c37f4b845025320b261aeb7cc] > +Signed-off-by: Hitendra Prajapati <[email protected]> > +--- > + src/udev/dmi_memory_id/dmi_memory_id.c | 3 ++- > + src/udev/scsi_id/scsi_id.c | 5 +++-- > + src/udev/udev-builtin-net_id.c | 9 +++++++++ > + src/udev/v4l_id/v4l_id.c | 5 ++++- > + 4 files changed, 18 insertions(+), 4 deletions(-) > + > +diff --git a/src/udev/dmi_memory_id/dmi_memory_id.c > b/src/udev/dmi_memory_id/dmi_memory_id.c > +index 52ea250af8..4f2c21b80b 100644 > +--- a/src/udev/dmi_memory_id/dmi_memory_id.c > ++++ b/src/udev/dmi_memory_id/dmi_memory_id.c > +@@ -51,6 +51,7 @@ > + #include "string-util.h" > + #include "udev-util.h" > + #include "unaligned.h" > ++#include "utf8.h" > + > + #define SUPPORTED_SMBIOS_VER 0x030300 > + > +@@ -185,7 +186,7 @@ static void dmi_memory_device_string( > + > + str = strdupa_safe(dmi_string(h, s)); > + str = strstrip(str); > +- if (!isempty(str)) > ++ if (!isempty(str) && utf8_is_valid(str) && !string_has_cc(str, /* > ok= */ NULL)) > + printf("MEMORY_DEVICE_%u_%s=%s\n", slot_num, attr_suffix, > str); > + } > + > +diff --git a/src/udev/scsi_id/scsi_id.c b/src/udev/scsi_id/scsi_id.c > +index 6308c52b7e..7e18bc755a 100644 > +--- a/src/udev/scsi_id/scsi_id.c > ++++ b/src/udev/scsi_id/scsi_id.c > +@@ -27,6 +27,7 @@ > + #include "strv.h" > + #include "strxcpyx.h" > + #include "udev-util.h" > ++#include "utf8.h" > + > + static const struct option options[] = { > + { "device", required_argument, NULL, 'd' }, > +@@ -443,8 +444,8 @@ static int scsi_id(char *maj_min_dev) { > + } > + if (dev_scsi.tgpt_group[0] != '\0') > + printf("ID_TARGET_PORT=%s\n", dev_scsi.tgpt_group); > +- if (dev_scsi.unit_serial_number[0] != '\0') > +- printf("ID_SCSI_SERIAL=%s\n", > dev_scsi.unit_serial_number); > ++ if (dev_scsi.unit_serial_number[0] != '\0' && > utf8_is_valid(dev_scsi.unit_serial_number) && > !string_has_cc(dev_scsi.unit_serial_number, /* ok= */ NULL)) > ++ printf("ID_SCSI_SERIAL=%s\n", serial_str); > + goto out; > + } > + > +diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c > +index 91b40088f4..715184e282 100644 > +--- a/src/udev/udev-builtin-net_id.c > ++++ b/src/udev/udev-builtin-net_id.c > +@@ -39,6 +39,7 @@ > + #include "strv.h" > + #include "strxcpyx.h" > + #include "udev-builtin.h" > ++#include "utf8.h" > + > + #define ONBOARD_14BIT_INDEX_MAX ((1U << 14) - 1) > + #define ONBOARD_16BIT_INDEX_MAX ((1U << 16) - 1) > +@@ -247,6 +248,9 @@ static int get_port_specifier(sd_device *dev, bool > fallback_to_dev_id, char **re > + } > + } > + > ++ if (!utf8_is_valid(phys_port_name) || > string_has_cc(phys_port_name, /* ok= */ NULL)) > ++ return log_device_debug_errno(dev, > SYNTHETIC_ERRNO(EINVAL), "Invalid phys_port_name"); > ++ > + /* Otherwise, use phys_port_name as is. */ > + buf = strjoin("n", phys_port_name); > + if (!buf) > +@@ -351,6 +355,9 @@ static int names_pci_onboard_label(sd_device *dev, > sd_device *pci_dev, const cha > + if (r < 0) > + return log_device_debug_errno(pci_dev, r, "Failed to get > PCI onboard label: %m"); > + > ++ if (!utf8_is_valid(label) || string_has_cc(label, /* ok= */ NULL)) > ++ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL), > "Invalid label"); > ++ > + char str[ALTIFNAMSIZ]; > + if (snprintf_ok(str, sizeof str, "%s%s", > + naming_scheme_has(NAMING_LABEL_NOPREFIX) ? "" : > prefix, > +@@ -1209,6 +1216,8 @@ static int names_netdevsim(sd_device *dev, const char > *prefix, bool test) { > + if (isempty(phys_port_name)) > + return log_device_debug_errno(dev, > SYNTHETIC_ERRNO(EOPNOTSUPP), > + "The 'phys_port_name' > attribute is empty."); > ++ if (!utf8_is_valid(phys_port_name) || string_has_cc(phys_port_name, > /* ok= */ NULL)) > ++ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL), > "Invalid phys_port_name"); > + > + char str[ALTIFNAMSIZ]; > + if (snprintf_ok(str, sizeof str, "%si%un%s", prefix, addr, > phys_port_name)) > +diff --git a/src/udev/v4l_id/v4l_id.c b/src/udev/v4l_id/v4l_id.c > +index 30527e9556..2ec96d8d3a 100644 > +--- a/src/udev/v4l_id/v4l_id.c > ++++ b/src/udev/v4l_id/v4l_id.c > +@@ -29,6 +29,8 @@ > + #include "build.h" > + #include "fd-util.h" > + #include "main-func.h" > ++#include "string-util.h" > ++#include "utf8.h" > + > + static const char *arg_device = NULL; > + > +@@ -82,7 +84,8 @@ static int run(int argc, char *argv[]) { > + int capabilities; > + > + printf("ID_V4L_VERSION=2\n"); > +- printf("ID_V4L_PRODUCT=%s\n", v2cap.card); > ++ if (utf8_is_valid((char *)v2cap.card) && > !string_has_cc((char *)v2cap.card, /* ok= */ NULL)) > ++ printf("ID_V4L_PRODUCT=%s\n", v2cap.card); > + printf("ID_V4L_CAPABILITIES=:"); > + > + if (v2cap.capabilities & V4L2_CAP_DEVICE_CAPS) > +-- > +2.50.1 > + > diff --git a/meta/recipes-core/systemd/systemd/CVE-2026-40225-02.patch > b/meta/recipes-core/systemd/systemd/CVE-2026-40225-02.patch > new file mode 100644 > index 0000000000..bc0a5514d4 > --- /dev/null > +++ b/meta/recipes-core/systemd/systemd/CVE-2026-40225-02.patch > @@ -0,0 +1,39 @@ > +From 5887e72ff87d3a66a4c3fa91897fbec1545f4d3d Mon Sep 17 00:00:00 2001 > +From: Luca Boccassi <[email protected]> > +Date: Fri, 13 Mar 2026 11:10:47 +0000 > +Subject: [PATCH] udev: fix review mixup > + > +The previous version in the PR changed variable and sanitized it > +in place. The second version switched to skip if CCs are in the > +string instead, but didn't move back to the original variable. > +Because it's an existing variable, no CI caught it. > + > +Follow-up for 16325b35fa6ecb25f66534a562583ce3b96d52f3 > + > +(cherry picked from commit 54f880b02ecf7362e630ffc885d1466df6ee6820) > +(cherry picked from commit 4425d8523e79f3cc00b3b93a0b5e7c6cdc284a97) > +(cherry picked from commit 75c585beae60e73208941e6b3f64cf249223f53d) > + > +CVE: CVE-2026-40225 > +Upstream-Status: Backport > [https://github.com/systemd/systemd/commit/5887e72ff87d3a66a4c3fa91897fbec1545f4d3d] > +Signed-off-by: Hitendra Prajapati <[email protected]> > +--- > + src/udev/scsi_id/scsi_id.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/src/udev/scsi_id/scsi_id.c b/src/udev/scsi_id/scsi_id.c > +index 7e18bc755a..b2df8d9f7f 100644 > +--- a/src/udev/scsi_id/scsi_id.c > ++++ b/src/udev/scsi_id/scsi_id.c > +@@ -445,7 +445,7 @@ static int scsi_id(char *maj_min_dev) { > + if (dev_scsi.tgpt_group[0] != '\0') > + printf("ID_TARGET_PORT=%s\n", dev_scsi.tgpt_group); > + if (dev_scsi.unit_serial_number[0] != '\0' && > utf8_is_valid(dev_scsi.unit_serial_number) && > !string_has_cc(dev_scsi.unit_serial_number, /* ok= */ NULL)) > +- printf("ID_SCSI_SERIAL=%s\n", serial_str); > ++ printf("ID_SCSI_SERIAL=%s\n", > dev_scsi.unit_serial_number); > + goto out; > + } > + > +-- > +2.50.1 > + > diff --git a/meta/recipes-core/systemd/systemd_255.21.bb > b/meta/recipes-core/systemd/systemd_255.21.bb > index 87e186bbfa..fe9d699816 100644 > --- a/meta/recipes-core/systemd/systemd_255.21.bb > +++ b/meta/recipes-core/systemd/systemd_255.21.bb > @@ -29,6 +29,8 @@ SRC_URI += " \ > > file://0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch \ > > file://0003-timedated-Respond-on-org.freedesktop.timedate1.SetNT.patch \ > file://0008-implment-systemd-sysv-install-for-OE.patch \ > + file://CVE-2026-40225-01.patch \ > + file://CVE-2026-40225-02.patch \ > " > > # patches needed by musl > -- > 2.50.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#236979): https://lists.openembedded.org/g/openembedded-core/message/236979 Mute This Topic: https://lists.openembedded.org/mt/119046714/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
