From: Deepak Rathore <[email protected]> - The CVE tags in multiple hdf5 patches were using comma-separated format which caused false positives in CVE reports. - Multiple CVEs should be separated by space in CVE-ID.patch file as per recipe style guide in Yocto documentation so CVE report tool can scan those CVEs and mark it as patched.
Fixed the following patches: - CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_01.patch - CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_02.patch - CVE-2025-2923-CVE-2025-6816-CVE-2025-6856.patch Reference: - https://docs.yoctoproject.org/contributor-guide/recipe-style-guide.html#cve-patches Signed-off-by: Deepak Rathore <[email protected]> diff --git a/meta-oe/recipes-support/hdf5/files/CVE-2025-2923-CVE-2025-6816-CVE-2025-6856.patch b/meta-oe/recipes-support/hdf5/files/CVE-2025-2923-CVE-2025-6816-CVE-2025-6856.patch index 47dc6b1ac7..6f1359744c 100644 --- a/meta-oe/recipes-support/hdf5/files/CVE-2025-2923-CVE-2025-6816-CVE-2025-6856.patch +++ b/meta-oe/recipes-support/hdf5/files/CVE-2025-2923-CVE-2025-6816-CVE-2025-6856.patch @@ -13,11 +13,12 @@ against the actual value as chunks are being deserialized. Fixes CVE-2025-6816, CVE-2025-6856, CVE-2025-2923 -CVE: CVE-2025-2923, CVE-2025-6816, CVE-2025-6856 +CVE: CVE-2025-2923 CVE-2025-6816 CVE-2025-6856 Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/29c847a43db0cdc85b01cafa5a7613ea73932675] (cherry picked from commit 29c847a43db0cdc85b01cafa5a7613ea73932675) Signed-off-by: Ankur Tyagi <[email protected]> +Signed-off-by: Deepak Rathore <[email protected]> --- src/H5Oint.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/meta-oe/recipes-support/hdf5/files/CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_01.patch b/meta-oe/recipes-support/hdf5/files/CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_01.patch index c09ade1c4c..9d8da0a1f9 100644 --- a/meta-oe/recipes-support/hdf5/files/CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_01.patch +++ b/meta-oe/recipes-support/hdf5/files/CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_01.patch @@ -3,10 +3,11 @@ From: aled-ua <[email protected]> Date: Wed, 15 Jan 2025 15:02:25 -0600 Subject: [PATCH] Fix vuln OSV-2023-77 (#5210) -CVE: CVE-2025-6269, CVE-2025-6270, CVE-2025-6516 +CVE: CVE-2025-6269 CVE-2025-6270 CVE-2025-6516 Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/7f27ba8c3a8483c3d7e5e2cb21fefb2c7563422d] (cherry picked from commit 7f27ba8c3a8483c3d7e5e2cb21fefb2c7563422d) Signed-off-by: Ankur Tyagi <[email protected]> +Signed-off-by: Deepak Rathore <[email protected]> --- src/H5Cimage.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/meta-oe/recipes-support/hdf5/files/CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_02.patch b/meta-oe/recipes-support/hdf5/files/CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_02.patch index f7324f58c1..744032c18a 100644 --- a/meta-oe/recipes-support/hdf5/files/CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_02.patch +++ b/meta-oe/recipes-support/hdf5/files/CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_02.patch @@ -15,10 +15,11 @@ This PR addressed them by: These changes addressed the crashes reported. However, there is a skiplist crash during the unwinding process that has to be investigated. -CVE: CVE-2025-6269, CVE-2025-6270, CVE-2025-6516 +CVE: CVE-2025-6269 CVE-2025-6270 CVE-2025-6516 Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/3914bb7f7ec7105d8bfbeb3aebd92e867cff5b70] (cherry picked from commit 3914bb7f7ec7105d8bfbeb3aebd92e867cff5b70) Signed-off-by: Ankur Tyagi <[email protected]> +Signed-off-by: Deepak Rathore <[email protected]> --- src/H5Cimage.c | 84 ++++++++++++++++++++++++++++++++++++++------------ src/H5Ocont.c | 5 +-- -- 2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122326): https://lists.openembedded.org/g/openembedded-devel/message/122326 Mute This Topic: https://lists.openembedded.org/mt/116615719/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
