diff options
| author | Peter Marko <peter.marko@siemens.com> | 2025-07-13 11:50:21 +0200 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2025-07-27 14:35:10 -0400 |
| commit | a2b56547ffd0a23db1f0bf584f23073b6a8409ab (patch) | |
| tree | 6dc3fcf37a616ac1a4db2b04589dd665800cb05c | |
| parent | 3d969d3a4ae075f94787d3d9d739d46924dac665 (diff) | |
| download | meta-openembedded-a2b56547ffd0a23db1f0bf584f23073b6a8409ab.tar.gz | |
poco: patch CVE-2025-6375
Pick commit mentioned in [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-6375
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-oe/recipes-support/poco/poco/CVE-2025-6375.patch | 34 | ||||
| -rw-r--r-- | meta-oe/recipes-support/poco/poco_1.13.3.bb | 1 |
2 files changed, 35 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/poco/poco/CVE-2025-6375.patch b/meta-oe/recipes-support/poco/poco/CVE-2025-6375.patch new file mode 100644 index 0000000000..2ec8f819f9 --- /dev/null +++ b/meta-oe/recipes-support/poco/poco/CVE-2025-6375.patch | |||
| @@ -0,0 +1,34 @@ | |||
| 1 | From 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?G=C3=BCnter=20Obiltschnig?= <guenter.obiltschnig@appinf.com> | ||
| 3 | Date: Wed, 16 Apr 2025 09:15:33 +0200 | ||
| 4 | Subject: [PATCH] fix(Net): A SEGV at Net/src/MultipartReader.cpp:164:1 #4915 | ||
| 5 | (move assertion out of ctor) | ||
| 6 | |||
| 7 | CVE: CVE-2025-6375 | ||
| 8 | Upstream-Status: Backport [https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf] | ||
| 9 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
| 10 | --- | ||
| 11 | Net/src/MultipartReader.cpp | 3 +-- | ||
| 12 | 1 file changed, 1 insertion(+), 2 deletions(-) | ||
| 13 | |||
| 14 | diff --git a/Net/src/MultipartReader.cpp b/Net/src/MultipartReader.cpp | ||
| 15 | index f3a2f2bba..f4aa27dd8 100644 | ||
| 16 | --- a/Net/src/MultipartReader.cpp | ||
| 17 | +++ b/Net/src/MultipartReader.cpp | ||
| 18 | @@ -36,7 +36,6 @@ MultipartStreamBuf::MultipartStreamBuf(std::istream& istr, const std::string& bo | ||
| 19 | _boundary(boundary), | ||
| 20 | _lastPart(false) | ||
| 21 | { | ||
| 22 | - poco_assert (!boundary.empty() && boundary.length() < STREAM_BUFFER_SIZE - 6); | ||
| 23 | } | ||
| 24 | |||
| 25 | |||
| 26 | @@ -47,7 +46,7 @@ MultipartStreamBuf::~MultipartStreamBuf() | ||
| 27 | |||
| 28 | int MultipartStreamBuf::readFromDevice(char* buffer, std::streamsize length) | ||
| 29 | { | ||
| 30 | - poco_assert_dbg (length >= _boundary.length() + 6); | ||
| 31 | + poco_assert (!_boundary.empty() && _boundary.length() < length - 6); | ||
| 32 | |||
| 33 | static const int eof = std::char_traits<char>::eof(); | ||
| 34 | std::streambuf& buf = *_istr.rdbuf(); | ||
diff --git a/meta-oe/recipes-support/poco/poco_1.13.3.bb b/meta-oe/recipes-support/poco/poco_1.13.3.bb index 662caa27d7..5899db651d 100644 --- a/meta-oe/recipes-support/poco/poco_1.13.3.bb +++ b/meta-oe/recipes-support/poco/poco_1.13.3.bb | |||
| @@ -13,6 +13,7 @@ SRC_URI = "git://github.com/pocoproject/poco.git;branch=poco-1.13.3;protocol=htt | |||
| 13 | file://run-ptest \ | 13 | file://run-ptest \ |
| 14 | file://0001-SimpleRowFormatter.h-fix-the-build-on-gcc-15-unsatis.patch \ | 14 | file://0001-SimpleRowFormatter.h-fix-the-build-on-gcc-15-unsatis.patch \ |
| 15 | file://0002-fix-Foundation-Build-error-with-GCC-15-class-Poco-Pr.patch \ | 15 | file://0002-fix-Foundation-Build-error-with-GCC-15-class-Poco-Pr.patch \ |
| 16 | file://CVE-2025-6375.patch \ | ||
| 16 | " | 17 | " |
| 17 | SRCREV = "7f848d25aa0461d3beeff1189dc61b48ffe8e2f4" | 18 | SRCREV = "7f848d25aa0461d3beeff1189dc61b48ffe8e2f4" |
| 18 | 19 | ||