hdf5 1.14.4-3: Fix CVE tag format in patches

- The CVE tags in multiple hdf5 patches were using comma-separated format which caused false positives in CVE reports. - Multiple CVEs should be separated by space in CVE-ID.patch file as per recipe style guide in Yocto documentation so CVE report tool can scan those CVEs and mark it as patched. Fixed the following patches: - CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_01.patch - CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_02.patch - CVE-2025-2923-CVE-2025-6816-CVE-2025-6856.patch Reference: - https://docs.yoctoproject.org/contributor-guide/recipe-style-guide.html#cve-patches Signed-off-by: Deepak Rathore <deeratho@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-01 13:58:06 +00:00 · 2025-12-04 09:22:18 -08:00 · 2025-12-04 09:22:18 -08:00 · b09a12e166
commit b09a12e166
parent a9fa1c5c2a
3 changed files with 6 additions and 3 deletions
--- a/meta-oe/recipes-support/hdf5/files/CVE-2025-2923-CVE-2025-6816-CVE-2025-6856.patch
+++ b/meta-oe/recipes-support/hdf5/files/CVE-2025-2923-CVE-2025-6816-CVE-2025-6856.patch
@ -13,11 +13,12 @@ against the actual value as chunks are being deserialized.

 Fixes CVE-2025-6816, CVE-2025-6856, CVE-2025-2923

-CVE: CVE-2025-2923, CVE-2025-6816, CVE-2025-6856
+CVE: CVE-2025-2923 CVE-2025-6816 CVE-2025-6856
 Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/29c847a43db0cdc85b01cafa5a7613ea73932675]

 (cherry picked from commit 29c847a43db0cdc85b01cafa5a7613ea73932675)
 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
 ---
 src/H5Oint.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)
--- a/meta-oe/recipes-support/hdf5/files/CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_01.patch
+++ b/meta-oe/recipes-support/hdf5/files/CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_01.patch
@ -3,10 +3,11 @@ From: aled-ua <bugbuster.cc@gmail.com>
 Date: Wed, 15 Jan 2025 15:02:25 -0600
 Subject: [PATCH] Fix vuln OSV-2023-77 (#5210)

-CVE: CVE-2025-6269, CVE-2025-6270, CVE-2025-6516
+CVE: CVE-2025-6269 CVE-2025-6270 CVE-2025-6516
 Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/7f27ba8c3a8483c3d7e5e2cb21fefb2c7563422d]
 (cherry picked from commit 7f27ba8c3a8483c3d7e5e2cb21fefb2c7563422d)
 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
 ---
 src/H5Cimage.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)
--- a/meta-oe/recipes-support/hdf5/files/CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_02.patch
+++ b/meta-oe/recipes-support/hdf5/files/CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_02.patch
@ -15,10 +15,11 @@ This PR addressed them by:
 These changes addressed the crashes reported.  However, there is a skiplist
 crash during the unwinding process that has to be investigated.

-CVE: CVE-2025-6269, CVE-2025-6270, CVE-2025-6516
+CVE: CVE-2025-6269 CVE-2025-6270 CVE-2025-6516
 Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/3914bb7f7ec7105d8bfbeb3aebd92e867cff5b70]
 (cherry picked from commit 3914bb7f7ec7105d8bfbeb3aebd92e867cff5b70)
 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
 ---
 src/H5Cimage.c | 84 ++++++++++++++++++++++++++++++++++++++------------
 src/H5Ocont.c  |  5 +--