Hello, On Fri Feb 20, 2026 at 3:21 PM CET, Hugo Simeliere via lists.openembedded.org wrote: > From: Hugo SIMELIERE <[email protected]> >
Thanks for the patch. But the commit message needs improvement: Please add a justification as to why you think this particular patch fixes this CVE: Cited in the NVD report? upstream? another source? > Upstream-Status: Backport from > https://github.com/madler/zlib/commit/ba829a458576d1ff0f26fc7230c6de816d1f6a77 This marker is not useful outside of a added patch (like your CVE-2026-27171.patch) : you can remove it. Obviously, that also applies to the whinlatter patch. Thanks! > > Signed-off-by: Bruno VERNAY <[email protected]> > Signed-off-by: Hugo SIMELIERE <[email protected]> > --- > .../zlib/zlib/CVE-2026-27171.patch | 63 +++++++++++++++++++ > meta/recipes-core/zlib/zlib_1.3.1.bb | 1 + > 2 files changed, 64 insertions(+) > create mode 100644 meta/recipes-core/zlib/zlib/CVE-2026-27171.patch > > diff --git a/meta/recipes-core/zlib/zlib/CVE-2026-27171.patch > b/meta/recipes-core/zlib/zlib/CVE-2026-27171.patch > new file mode 100644 > index 0000000000..e6a8a3eac5 > --- /dev/null > +++ b/meta/recipes-core/zlib/zlib/CVE-2026-27171.patch > @@ -0,0 +1,63 @@ > +From f234bdf5c0f94b681312452fcd5e36968221fa04 Mon Sep 17 00:00:00 2001 > +From: Mark Adler <[email protected]> > +Date: Sun, 21 Dec 2025 18:17:56 -0800 > +Subject: [PATCH] Check for negative lengths in crc32_combine functions. > + > +Though zlib.h says that len2 must be non-negative, this avoids the > +possibility of an accidental infinite loop. > + > +Upstream-Status: Backport > [https://github.com/madler/zlib/commit/ba829a458576d1ff0f26fc7230c6de816d1f6a77] > +CVE: CVE-2026-27171 > + > +Signed-off-by: Hugo SIMELIERE <[email protected]> > +--- > + crc32.c | 4 ++++ > + zlib.h | 4 ++-- > + 2 files changed, 6 insertions(+), 2 deletions(-) > + > +diff --git a/crc32.c b/crc32.c > +index 6c38f5c..33d8c79 100644 > +--- a/crc32.c > ++++ b/crc32.c > +@@ -1019,6 +1019,8 @@ unsigned long ZEXPORT crc32(unsigned long crc, const > unsigned char FAR *buf, > + > + /* > ========================================================================= */ > + uLong ZEXPORT crc32_combine64(uLong crc1, uLong crc2, z_off64_t len2) { > ++ if (len2 < 0) > ++ return 0; > + #ifdef DYNAMIC_CRC_TABLE > + once(&made, make_crc_table); > + #endif /* DYNAMIC_CRC_TABLE */ > +@@ -1032,6 +1034,8 @@ uLong ZEXPORT crc32_combine(uLong crc1, uLong crc2, > z_off_t len2) { > + > + /* > ========================================================================= */ > + uLong ZEXPORT crc32_combine_gen64(z_off64_t len2) { > ++ if (len2 < 0) > ++ return 0; > + #ifdef DYNAMIC_CRC_TABLE > + once(&made, make_crc_table); > + #endif /* DYNAMIC_CRC_TABLE */ > +diff --git a/zlib.h b/zlib.h > +index 8d4b932..8c7f8ac 100644 > +--- a/zlib.h > ++++ b/zlib.h > +@@ -1758,14 +1758,14 @@ ZEXTERN uLong ZEXPORT crc32_combine(uLong crc1, > uLong crc2, z_off_t len2); > + seq1 and seq2 with lengths len1 and len2, CRC-32 check values were > + calculated for each, crc1 and crc2. crc32_combine() returns the CRC-32 > + check value of seq1 and seq2 concatenated, requiring only crc1, crc2, and > +- len2. len2 must be non-negative. > ++ len2. len2 must be non-negative, otherwise zero is returned. > + */ > + > + /* > + ZEXTERN uLong ZEXPORT crc32_combine_gen(z_off_t len2); > + > + Return the operator corresponding to length len2, to be used with > +- crc32_combine_op(). len2 must be non-negative. > ++ crc32_combine_op(). len2 must be non-negative, otherwise zero is > returned. > + */ > + > + ZEXTERN uLong ZEXPORT crc32_combine_op(uLong crc1, uLong crc2, uLong op); > +-- > +2.43.0 > + > diff --git a/meta/recipes-core/zlib/zlib_1.3.1.bb > b/meta/recipes-core/zlib/zlib_1.3.1.bb > index ef83142121..892467a1fb 100644 > --- a/meta/recipes-core/zlib/zlib_1.3.1.bb > +++ b/meta/recipes-core/zlib/zlib_1.3.1.bb > @@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = > "file://zlib.h;beginline=6;endline=23;md5=5377232268e952e9ef6 > SRC_URI = "https://zlib.net/${BP}.tar.gz \ > file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \ > file://run-ptest \ > + file://CVE-2026-27171.patch \ > " > UPSTREAM_CHECK_URI = "http://zlib.net/"; > -- Yoann Congal Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#231634): https://lists.openembedded.org/g/openembedded-core/message/231634 Mute This Topic: https://lists.openembedded.org/mt/117910144/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
