From patchwork Tue Sep 23 06:40:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dario Binacchi X-Patchwork-Id: 4343 Return-Path: X-Original-To: linux-amarula@patchwork.amarulasolutions.com Delivered-To: linux-amarula@patchwork.amarulasolutions.com Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by ganimede.amarulasolutions.com (Postfix) with ESMTPS id 011643F143 for ; Tue, 23 Sep 2025 08:40:38 +0200 (CEST) Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-3ee13baf21dsf5404125f8f.0 for ; Mon, 22 Sep 2025 23:40:38 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1758609638; cv=pass; d=google.com; s=arc-20240605; b=a3DmvZyNYSZgvEG488PGZ7tsyMFElcEaAxfSqCRN7HpPw7cjS2xLK4KmTZ90M4vQUa 35TpL7i01AX8ezApnN9KO5QKKD14iN5Q6PBB5bTYFJHi5FhN3Agba4pxXq+lkc6aAEnS PWhJ4fW1HgerRA8aSsbfc/Kj6aP9uA4AtOvudY3+5sYworbYoJXNMEHSDpy/1EqLspDi fFA5zX1YSylB7fiOCBbmGoMmAvSMit3bgV7MyvwmROQvxCmYLkNEK6jtAaf4U/IowLM+ 4XQ5BqVlmFg4r47JPkQJxTa3hLa5wv/zUihWwpcGHL92G29K3v0b4/wvhZ5KqKs2hfR4 pRyw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-archive:list-help:list-post:list-id :mailing-list:precedence:mime-version:message-id:date:subject:cc:to :from:dkim-signature; bh=AIMBxr1Y7jBg+QEnj6NttwznhgZs+xrDS3TzJkuSI0o=; fh=9AOl7Wojwjuj11Ts4qFVm2ZIuINd0zBXURaBpxTznkk=; b=AVzXXdIIYyQMb/cim728yVUkqX6q6JxuRHHY37MyEUjDNaotbhoIfnzX5faHuF0n5a P/Zyi956hPyPRKgN8ASBsf1XWbM1eJP/ccTDyZxT58gLZbtwJ4DafUBluadB/AxcsIEP ncyxqtHD37Jtd0OitJ9P/egVLi4PfloMFLFjJbWjcO4kDl3Yv9clWWjDbkdNNuX7UvZL uBi9hYPLBylX0KO4mY1wIKm3tWJxFojTD46c2iZ7Jp+BDfdv60pk7GJ478oCK1ctixmu GdLRA06uhO8UnW+tNG5kcpb7Wr/1hD1YkFqlhkntLwUrMFTgZPZRq5e3v+GWbtQPVBtJ wvrg==; darn=patchwork.amarulasolutions.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amarulasolutions.com header.s=google header.b=MVBksVH6; spf=pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=dario.binacchi@amarulasolutions.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=amarulasolutions.com; dara=pass header.i=@amarulasolutions.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amarulasolutions.com; s=google; t=1758609638; x=1759214438; darn=patchwork.amarulasolutions.com; h=list-unsubscribe:list-archive:list-help:list-post:list-id :mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:message-id:date:subject:cc:to:from :from:to:cc:subject:date:message-id:reply-to; bh=AIMBxr1Y7jBg+QEnj6NttwznhgZs+xrDS3TzJkuSI0o=; b=BlIkW2tmb2MGdB0EG26RZXLoz4vifqwrecn0ylWP2VeD3ZmwjuFL29G5GM3PCOr/Tk szjMmWxlhuZc3RjgfE408ySynnWR0JpE9+7XdcI6WTZQG22zWfLm6OLqqk73PHQIQW8d Iss0WtEaTFARbaIvTlIicPtCJzn6aXnWr6ouA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758609638; x=1759214438; h=list-unsubscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=AIMBxr1Y7jBg+QEnj6NttwznhgZs+xrDS3TzJkuSI0o=; b=lZOACEF2yDx8ppTEqRrhA32oiZBhgzlLPzHoQASlbiwQSKeZV4+ZKBgCTOR2bC378e 00CAzNW84C1gXlE0oTeQFt6I0zzTXzCCqdnfba5RiXkJnhrNkV9OmwNd3lPvKPDWUjrM xTOChFVR1BYBfzDot9MfIaL2gseOujAJViig3nnZJI4xJaXUA27hxPnZwX86Ex1vaMDp 4gLope+Nlg29up7ZhsoWoyNfpLKb47yq7ZYn7Sv7fULwhpNBZZWRPlFvgCvYxSjm5+KT JuAzgEjuSAFmoENzLFQFDtuG06q4zNN1s8wbdZYyRCCDJXhl9NxdLL2xI4CCYZcB6b7M nVzg== X-Forwarded-Encrypted: i=2; AJvYcCVVi4ssZB7WGZP6yQKqcUDL4SkMFiVGmFLe6UaYtGJOuaDZk72ZCRGA+3arJ/40coc6wFfePT/peOYRVTAD@patchwork.amarulasolutions.com X-Gm-Message-State: AOJu0YyDHxg0c8ISs8FFOCv6ItV3dVEiXA8rJPv9tj53OxRVfWymAHN/ R4Qy9AvHj6H6mVJHFZYeigg5g9XgJJ53SOLXq/mUoILolTHvVhPBj4FUyRuAoWuUl5zfpg== X-Google-Smtp-Source: AGHT+IGNGKOWiq/ZaJQZGnxhKrEPMEMGYVqGBhJZhuAy2Fn005FRmysvmiz1roIoyuXl1U9zIHIjNA== X-Received: by 2002:a05:6000:612:b0:3fc:cb54:b083 with SMTP id ffacd0b85a97d-405ca76fd98mr921928f8f.31.1758609638140; Mon, 22 Sep 2025 23:40:38 -0700 (PDT) X-BeenThere: linux-amarula@amarulasolutions.com; h=ARHlJd6VaTwcOEQLxsAD12ENaaOdr2K1HAGfgXnd6YvyJ/pEOQ== Received: by 2002:a05:6000:1aca:b0:3ec:2d76:38c0 with SMTP id ffacd0b85a97d-3ee106b0cabls3675372f8f.1.-pod-prod-05-eu; Mon, 22 Sep 2025 23:40:35 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCX/utdCFzW3OldWv9i5G9F9XkNQIcvKOMgBXtyfv5lwjEdfeRLtRtdKpdEPdK8z/qRwjEt/HCW1z6KB2tfg@amarulasolutions.com X-Received: by 2002:a05:6000:2002:b0:3e9:f852:491 with SMTP id ffacd0b85a97d-405cc525719mr1248170f8f.56.1758609635547; Mon, 22 Sep 2025 23:40:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1758609635; cv=none; d=google.com; s=arc-20240605; b=O7LlQgVf8zBczFU5YCvNhocwwHr/9UKLvPaVneV1OEtaOcD0SC42hKSIxPtnYy8c32 PdgqQ2vratuDKw8Ndvdmewhl9q4iePpbs9cl/vtJ6FWu8eJNHNQTmNMU9/B2w+Wu4tR1 MC0P7FzIdS1hhwh7c8Pep8CqTkBRO3EhhyIyWvroE+pOQiinHUZRp7/gkKb6V4j2ioU5 4wje9o/n4Zio7JT/Jz1DhjfCH85Pxv/OweoH9nN43YwcajUMUHusbATGEPF9xbERSuSI SdlumqPbmgpIDm3koFhOcLlQQ4FVtgPrBGudCKf5TBsmIF31reWWk3hZqYYbaXhkzdeT xfow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=P0o++tbJQzm/1k4sP/Dvgq5ki8qNCcLa/Qfv64wnwMU=; fh=mnArRjKetb97Aq73eDxBANu2+b0+cjJyGWmmLGlihKM=; b=XX36sY5V9vGUHGbv0ZAinxBEivqBsD4BjTJQtcffLJ8W4Hlz/P9JXiU3s2NezqedKN qPrpGvX4Ug2X6f2KBvhPXZYYH/yCpBMsDjUk+hLSZ+8RuNT7dOEwO3O7bO/wqJZuQHHG agoj5asRtjFIZvbvypInOASYtCUU+xQ4wMWbaEVmF5yo60i9J98DuPZsAWuby2pEA5iH zeSSvAByw/oQj8LKCzBgPuZUTJMtAcp8m0BJKY/m7pd3O/oILjCFpSWmPMVCo1/NotjS 1kRDXoCfJ6b05zsD5Y0S0x+5DddVPRzd54khn53sGwkZ910jVNFqeelrV/hNHxUGyh0f APTg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amarulasolutions.com header.s=google header.b=MVBksVH6; spf=pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=dario.binacchi@amarulasolutions.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=amarulasolutions.com; dara=pass header.i=@amarulasolutions.com Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id ffacd0b85a97d-3ee0fc20c2asor4085772f8f.15.2025.09.22.23.40.35 for (Google Transport Security); Mon, 22 Sep 2025 23:40:35 -0700 (PDT) Received-SPF: pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41; X-Forwarded-Encrypted: i=1; AJvYcCXFbgFnvEbfU1OWH6MTOU6zDrU9Kjb/GC+ASWlZya3EPx5X26cg0/iUQ+FPkXzDAgfkM4SBUaeEBZAWjL/f@amarulasolutions.com X-Gm-Gg: ASbGncv1DzA47c1fhjT20xaNjsiPqIPEJ1VXDrwz4Pp6juhHbdxEQ+Es7dEItGet2tH SfdiYrhD7Oa6/kETEZckI9GIshpgGqLC5bbovfbuDbCBNfNcjT6rJuTH9EodkDmAC9o8weE0Os2 yb0/dzQIJq2MylAgSYUzUHgghLyBVmvrXrDG2tVU8S4jLtkeyF8f5lOSav8B8fjOyU/5JFiaj6N j/XkjAyJTEoFF/X8tKJck36uafovPhm8QvQQrmzzKlI1Xj1o97TY5RtK/qi7wgmhcq87p/X+Wvh IntHwIAnVQdwLax7cOVAUW3sdMDe+kwP5MPjpaV61T1Ji+x92OZVqqo7oDrQszFRc/Xcxx4tSf2 RHf5ynT2Okg+3KnV5DiwI/zzcDU5LoVvlrsSFG1Hfq0cSGYajxBSxsZfkoYhRiA== X-Received: by 2002:a05:6000:2304:b0:3fe:4fa2:8cd5 with SMTP id ffacd0b85a97d-405c47b8235mr945665f8f.9.1758609634811; Mon, 22 Sep 2025 23:40:34 -0700 (PDT) Received: from dario-ThinkPad-P14s-Gen-5.. ([2.196.41.198]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3ee07412111sm22359966f8f.28.2025.09.22.23.40.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Sep 2025 23:40:34 -0700 (PDT) From: Dario Binacchi To: buildroot@buildroot.org Cc: Martin Bark , linux-amarula@amarulasolutions.com, Dario Binacchi Subject: [PATCH 1/1] package/connman: security bump to version 1.45 Date: Tue, 23 Sep 2025 08:40:31 +0200 Message-ID: <20250923064031.864373-1-dario.binacchi@amarulasolutions.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-Original-Sender: dario.binacchi@amarulasolutions.com X-Original-Authentication-Results: mx.google.com; dkim=pass header.i=@amarulasolutions.com header.s=google header.b=MVBksVH6; spf=pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=dario.binacchi@amarulasolutions.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=amarulasolutions.com; dara=pass header.i=@amarulasolutions.com Content-Type: text/plain; charset="UTF-8" Precedence: list Mailing-list: list linux-amarula@amarulasolutions.com; contact linux-amarula+owners@amarulasolutions.com List-ID: X-Spam-Checked-In-Group: linux-amarula@amarulasolutions.com X-Google-Group-Id: 476853432473 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , This bump includes the security fixes for CVE-2025-32366 and CVE-2025-32743. Release notes: - Fix issue with setting MFP optional for PSK. - Fix issue with comparison in timezone checking. - Fix issue with dnsproxy and empty lookup. Fixes: https://www.cve.org/CVERecord?id=CVE-2025-32366 https://www.cve.org/CVERecord?id=CVE-2025-32743 Signed-off-by: Dario Binacchi --- ...L-empty-lookup-causing-potential-cra.patch | 46 ------------------- ...Address-CVE-2025-32366-vulnerability.patch | 41 ----------------- package/connman/connman.hash | 2 +- package/connman/connman.mk | 2 +- 4 files changed, 2 insertions(+), 89 deletions(-) delete mode 100644 package/connman/0001-dnsproxy-Fix-NULL-empty-lookup-causing-potential-cra.patch delete mode 100644 package/connman/0002-dnsproxy-Address-CVE-2025-32366-vulnerability.patch diff --git a/package/connman/0001-dnsproxy-Fix-NULL-empty-lookup-causing-potential-cra.patch b/package/connman/0001-dnsproxy-Fix-NULL-empty-lookup-causing-potential-cra.patch deleted file mode 100644 index 9c1274e43ce5..000000000000 --- a/package/connman/0001-dnsproxy-Fix-NULL-empty-lookup-causing-potential-cra.patch +++ /dev/null @@ -1,46 +0,0 @@ -From d90b911f6760959bdf1393c39fe8d1118315490f Mon Sep 17 00:00:00 2001 -From: Praveen Kumar -Date: Thu, 24 Apr 2025 11:39:29 +0000 -Subject: [PATCH] dnsproxy: Fix NULL/empty lookup causing potential crash - -In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c -can be NULL or an empty string when the TC (Truncated) bit is set in -a DNS response. This allows attackers to cause a denial of service -(application crash) or possibly execute arbitrary code, because those -lookup values lead to incorrect length calculations and incorrect -memcpy operations. - -This patch includes a check to make sure loookup value is valid before -using it. This helps avoid unexpected value when the input is empty or -incorrect. - -Fixes: CVE-2025-32743 - -Signed-off-by: Dario Binacchi -Upstream: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d90b911f6760959bdf1393c39fe8d1118315490f ---- - src/dnsproxy.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/dnsproxy.c b/src/dnsproxy.c -index f28a5d7551a4..7ee26d9ff886 100644 ---- a/src/dnsproxy.c -+++ b/src/dnsproxy.c -@@ -1685,8 +1685,13 @@ static int ns_resolv(struct server_data *server, struct request_data *req, - gpointer request, gpointer name) - { - int sk = -1; -+ int err; - const char *lookup = (const char *)name; -- int err = ns_try_resolv_from_cache(req, request, lookup); -+ -+ if (!lookup || strlen(lookup) == 0) -+ return -EINVAL; -+ -+ err = ns_try_resolv_from_cache(req, request, lookup); - - if (err > 0) - /* cache hit */ --- -2.43.0 - diff --git a/package/connman/0002-dnsproxy-Address-CVE-2025-32366-vulnerability.patch b/package/connman/0002-dnsproxy-Address-CVE-2025-32366-vulnerability.patch deleted file mode 100644 index 9651b2dfe473..000000000000 --- a/package/connman/0002-dnsproxy-Address-CVE-2025-32366-vulnerability.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 8d3be0285f1d4667bfe85dba555c663eb3d704b4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=EC=8B=A0=EC=9C=A4=EC=A0=9C=28=ED=95=99=EB=B6=80=EC=83=9D-?= - =?UTF-8?q?=EC=86=8C=ED=94=84=ED=8A=B8=EC=9B=A8=EC=96=B4=EC=A0=84=EA=B3=B5?= - =?UTF-8?q?=29?= -Date: Mon, 12 May 2025 10:48:18 +0200 -Subject: [PATCH] dnsproxy: Address CVE-2025-32366 vulnerability - -In Connman parse_rr in dnsproxy.c has a memcpy length -that depends on an RR RDLENGTH value (i.e., *rdlen=ntohs(rr->rdlen) -and memcpy(response+offset,*end,*rdlen)). Here, rdlen may be larger -than the amount of remaining packet data in the current state of -parsing. As a result, values of stack memory locations may be sent -over the network in a response. - -This patch adds a check to ensure that (*end + *rdlen) does not exceed -the valid range. If the condition is violated, the function returns --EINVAL. - -Signed-off-by: Dario Binacchi -Upstream: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=8d3be0285f1d4667bfe85dba555c663eb3d704b4 ---- - src/dnsproxy.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/dnsproxy.c b/src/dnsproxy.c -index 7ee26d9ff886..1dd2f7f5d47e 100644 ---- a/src/dnsproxy.c -+++ b/src/dnsproxy.c -@@ -998,6 +998,9 @@ static int parse_rr(const unsigned char *buf, const unsigned char *start, - if ((offset + *rdlen) > *response_size) - return -ENOBUFS; - -+ if ((*end + *rdlen) > max) -+ return -EINVAL; -+ - memcpy(response + offset, *end, *rdlen); - - *end += *rdlen; --- -2.43.0 - diff --git a/package/connman/connman.hash b/package/connman/connman.hash index 38af1847aef6..807f7144b1a2 100644 --- a/package/connman/connman.hash +++ b/package/connman/connman.hash @@ -1,4 +1,4 @@ # From https://www.kernel.org/pub/linux/network/connman/sha256sums.asc -sha256 2be2b00321632b775f9eff713acd04ef21e31fbf388f6ebf45512ff4289574ff connman-1.44.tar.xz +sha256 77128cce80865455c4f106b5901a575e2dfdb35a7d2e2e2996f16e85cba10913 connman-1.45.tar.xz # Locally computed sha256 b499eddebda05a8859e32b820a64577d91f1de2b52efa2a1575a2cb4000bc259 COPYING diff --git a/package/connman/connman.mk b/package/connman/connman.mk index c9637eadf5aa..bc15932220de 100644 --- a/package/connman/connman.mk +++ b/package/connman/connman.mk @@ -4,7 +4,7 @@ # ################################################################################ -CONNMAN_VERSION = 1.44 +CONNMAN_VERSION = 1.45 CONNMAN_SOURCE = connman-$(CONNMAN_VERSION).tar.xz CONNMAN_SITE = $(BR2_KERNEL_MIRROR)/linux/network/connman CONNMAN_DEPENDENCIES = libglib2 dbus