| Message ID | cover.1779264709.git.yoann.congal@smile.fr |
|---|---|
| State | Not Applicable, archived |
| Headers | show |
On Wed May 20, 2026 at 10:20 AM CEST, Yoann Congal wrote: > Please review this set of changes for wrynose and have comments back by > end of day Thursday, May 21. > > This is the v2 of https://lore.kernel.org/openembedded-core/cover.1779232800.git.yoann.congal@smile.fr/T/#t > v1->v2: > * Removed "[OE-core][wrynose 11/28] libsdl2: set status for CVE-2026-35444" > * Added "busybox: fix CVE-2026-29004" > > A build for this v2 series is running here: > https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3851 > I've run the added busybox patch through autobuilder in an earlier > series, so I'm confident that this build will be OK (AB-INT excepted). Got some AB-INTs but nothing related to this series: * qemux86 https://autobuilder.yoctoproject.org/valkyrie/#/builders/30/builds/3766 => Bug #16284 – AB-INT: do_testsdkext failed with no clear reason retried as https://autobuilder.yoctoproject.org/valkyrie/#/builders/30/builds/3767 * oe-selftest-debian https://autobuilder.yoctoproject.org/valkyrie/#/builders/35/builds/3884 & oe-selftest-fedora https://autobuilder.yoctoproject.org/valkyrie/#/builders/48/builds/3746 git.yoctoproject.org/git.openembedded.org hung up the HTTP git clone connection retried as: https://autobuilder.yoctoproject.org/valkyrie/#/builders/35/builds/3885 https://autobuilder.yoctoproject.org/valkyrie/#/builders/48/builds/3747 * qemuriscv64-ptest https://autobuilder.yoctoproject.org/valkyrie/#/builders/56/builds/1616 => I reported it: #16290 – AB-INT PTEST RISCV64: procps ptest failure (pgrep_match_against_full_process_name) Retried as https://autobuilder.yoctoproject.org/valkyrie/#/builders/56/builds/1617 > > The following changes since commit 080e184ad9a07b469da7e8b045a93cefd5bf2438: > > glibc: Fix recipe bug that disabled stack protector (2026-05-12 16:18:27 +0200) > > are available in the Git repository at: > > https://git.openembedded.org/openembedded-core-contrib stable/wrynose-nut > https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/wrynose-nut > > for you to fetch changes up to 42adcd87a15f5921f0cc95424efd930876743824: > > pseudo: Upgrade 1.9.6 -> 1.9.7 (2026-05-20 10:03:07 +0200) > > ---------------------------------------------------------------- > > Alexander Kanavin (1): > sbom-cve-check: set PV from upstream tags and ensure version checks > are correct > > Andrew Geissler (1): > efivar: Backport patch to fix -march issue for ppc64le > > Ankur Tyagi (2): > tzdata/tzcode-native: upgrade 2026a -> 2026b > wireless-regdb: upgrade 2026.02.04 -> 2026.03.18 > > Benjamin Robin (Schneider Electric) (3): > python3-sbom-cve-check: Update to version 1.3.1 > sbom-cve-check-update-cvelist-native: Update source revision > sbom-cve-check-update-nvd-native: Update source revision > > Chen Qi (1): > busybox: fix CVE-2026-29004 > > Daniel McGregor (1): > python3-requests: Increase chardet upper limit > > Dmitry Sakhonchik (1): > shadow-native: Change upstream status of disable_syslog.patch > > Jinwang Li (1): > bluez5: add patches to fix 8.56 gatt issue > > João Marcos Costa (1): > default-distrovars.inc: add missing spaces in append overrides > > Peter Marko (7): > busybox: patch CVE-2024-58251 > libsoup: set status for CVE-2026-2369 > tiff: patch CVE-2026-4775 > libssh2: patch CVE-2026-7598 > libarchive: set status of CVE-2026-5745 > libsoup: patch CVE-2026-2708 > glibc: stable 2.43 branch updates > > Quan Sun (1): > qemu: fix iotlb_to_section() for different AddressSpace > > Richard Purdie (2): > utils: Handle unexpanded variables in DISTRO_FEATURES > pseudo: Upgrade 1.9.6 -> 1.9.7 > > Robert P. J. Day (1): > features-check.bbclass: add reference to required TUNE_FEATURES > > Sam Kent (1): > oe-pkgdata-util: fix empty runtime-rprovides directory handling > > Thomas Perrot (2): > oe-pkgdata-util: fix runtime-rprovides handling in lookup_pkg error > path > scripts/makefile-getvar: quote MAKEFILE variable > > Yoann Congal (2): > README: Add wrynose subject-prefix to git-send-email suggestion > b4-config: add send-prefixes for wrynose > > .b4-config | 1 + > README.OE-Core.md | 2 +- > meta/classes-recipe/crosssdk.bbclass | 3 +- > meta/classes-recipe/features_check.bbclass | 2 +- > meta/classes-recipe/native.bbclass | 3 +- > meta/classes-recipe/nativesdk.bbclass | 3 +- > .../distro/include/default-distrovars.inc | 8 +- > meta/lib/oe/utils.py | 9 + > .../0003-fix-march-issue-for-ppc64le.patch | 45 +++ > meta/recipes-bsp/efivar/efivar_39.bb | 1 + > meta/recipes-connectivity/bluez5/bluez5.inc | 1 + > ...use-after-free-caused-by-reentrant-c.patch | 59 ++++ > .../busybox/busybox/CVE-2024-58251.patch | 51 ++++ > .../busybox/busybox/CVE-2026-29004-01.patch | 42 +++ > .../busybox/busybox/CVE-2026-29004-02.patch | 47 +++ > meta/recipes-core/busybox/busybox_1.37.0.bb | 3 + > meta/recipes-core/glibc/glibc-version.inc | 2 +- > meta/recipes-core/glibc/glibc_2.43.bb | 4 +- > meta/recipes-devtools/pseudo/pseudo_git.bb | 4 +- > ...01-Increase-chardet-upper-limit-to-8.patch | 25 ++ > .../python/python3-requests_2.32.5.bb | 1 + > meta/recipes-devtools/qemu/qemu.inc | 1 + > ...tlb_to_section-for-different-Address.patch | 274 ++++++++++++++++++ > ...3.0.bb => python3-sbom-cve-check_1.3.1.bb} | 4 +- > ...check-update-cvelist-native_2026-05-07.bb} | 4 +- > ...ck-update-nvd-native_2026.05.07-000006.bb} | 4 +- > .../libarchive/libarchive_3.8.7.bb | 1 + > .../shadow/files/disable_syslog.patch | 3 +- > meta/recipes-extended/timezone/timezone.inc | 6 +- > ....02.04.bb => wireless-regdb_2026.03.18.bb} | 2 +- > .../libtiff/tiff/CVE-2026-4775.patch | 55 ++++ > meta/recipes-multimedia/libtiff/tiff_4.7.1.bb | 1 + > .../libsoup/libsoup/CVE-2026-2708.patch | 218 ++++++++++++++ > meta/recipes-support/libsoup/libsoup_3.6.6.bb | 2 + > .../libssh2/libssh2/CVE-2026-7598.patch | 56 ++++ > .../recipes-support/libssh2/libssh2_1.11.1.bb | 1 + > scripts/makefile-getvar | 4 +- > scripts/oe-pkgdata-util | 19 +- > 38 files changed, 934 insertions(+), 37 deletions(-) > create mode 100644 meta/recipes-bsp/efivar/efivar/0003-fix-march-issue-for-ppc64le.patch > create mode 100644 meta/recipes-connectivity/bluez5/bluez5/0001-gatt-client-Fix-use-after-free-caused-by-reentrant-c.patch > create mode 100644 meta/recipes-core/busybox/busybox/CVE-2024-58251.patch > create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-01.patch > create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-02.patch > create mode 100644 meta/recipes-devtools/python/python3-requests/0001-Increase-chardet-upper-limit-to-8.patch > create mode 100644 meta/recipes-devtools/qemu/qemu/0001-accel-tcg-Fix-iotlb_to_section-for-different-Address.patch > rename meta/recipes-devtools/sbom-cve-check/{python3-sbom-cve-check_1.3.0.bb => python3-sbom-cve-check_1.3.1.bb} (76%) > rename meta/recipes-devtools/sbom-cve-check/{sbom-cve-check-update-cvelist-native.bb => sbom-cve-check-update-cvelist-native_2026-05-07.bb} (77%) > rename meta/recipes-devtools/sbom-cve-check/{sbom-cve-check-update-nvd-native.bb => sbom-cve-check-update-nvd-native_2026.05.07-000006.bb} (79%) > rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2026.02.04.bb => wireless-regdb_2026.03.18.bb} (94%) > create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2026-4775.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2026-2708.patch > create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2026-7598.patch
Please review this set of changes for wrynose and have comments back by end of day Thursday, May 21. This is the v2 of https://lore.kernel.org/openembedded-core/cover.1779232800.git.yoann.congal@smile.fr/T/#t v1->v2: * Removed "[OE-core][wrynose 11/28] libsdl2: set status for CVE-2026-35444" * Added "busybox: fix CVE-2026-29004" A build for this v2 series is running here: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3851 I've run the added busybox patch through autobuilder in an earlier series, so I'm confident that this build will be OK (AB-INT excepted). The following changes since commit 080e184ad9a07b469da7e8b045a93cefd5bf2438: glibc: Fix recipe bug that disabled stack protector (2026-05-12 16:18:27 +0200) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/wrynose-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/wrynose-nut for you to fetch changes up to 42adcd87a15f5921f0cc95424efd930876743824: pseudo: Upgrade 1.9.6 -> 1.9.7 (2026-05-20 10:03:07 +0200) ---------------------------------------------------------------- Alexander Kanavin (1): sbom-cve-check: set PV from upstream tags and ensure version checks are correct Andrew Geissler (1): efivar: Backport patch to fix -march issue for ppc64le Ankur Tyagi (2): tzdata/tzcode-native: upgrade 2026a -> 2026b wireless-regdb: upgrade 2026.02.04 -> 2026.03.18 Benjamin Robin (Schneider Electric) (3): python3-sbom-cve-check: Update to version 1.3.1 sbom-cve-check-update-cvelist-native: Update source revision sbom-cve-check-update-nvd-native: Update source revision Chen Qi (1): busybox: fix CVE-2026-29004 Daniel McGregor (1): python3-requests: Increase chardet upper limit Dmitry Sakhonchik (1): shadow-native: Change upstream status of disable_syslog.patch Jinwang Li (1): bluez5: add patches to fix 8.56 gatt issue João Marcos Costa (1): default-distrovars.inc: add missing spaces in append overrides Peter Marko (7): busybox: patch CVE-2024-58251 libsoup: set status for CVE-2026-2369 tiff: patch CVE-2026-4775 libssh2: patch CVE-2026-7598 libarchive: set status of CVE-2026-5745 libsoup: patch CVE-2026-2708 glibc: stable 2.43 branch updates Quan Sun (1): qemu: fix iotlb_to_section() for different AddressSpace Richard Purdie (2): utils: Handle unexpanded variables in DISTRO_FEATURES pseudo: Upgrade 1.9.6 -> 1.9.7 Robert P. J. Day (1): features-check.bbclass: add reference to required TUNE_FEATURES Sam Kent (1): oe-pkgdata-util: fix empty runtime-rprovides directory handling Thomas Perrot (2): oe-pkgdata-util: fix runtime-rprovides handling in lookup_pkg error path scripts/makefile-getvar: quote MAKEFILE variable Yoann Congal (2): README: Add wrynose subject-prefix to git-send-email suggestion b4-config: add send-prefixes for wrynose .b4-config | 1 + README.OE-Core.md | 2 +- meta/classes-recipe/crosssdk.bbclass | 3 +- meta/classes-recipe/features_check.bbclass | 2 +- meta/classes-recipe/native.bbclass | 3 +- meta/classes-recipe/nativesdk.bbclass | 3 +- .../distro/include/default-distrovars.inc | 8 +- meta/lib/oe/utils.py | 9 + .../0003-fix-march-issue-for-ppc64le.patch | 45 +++ meta/recipes-bsp/efivar/efivar_39.bb | 1 + meta/recipes-connectivity/bluez5/bluez5.inc | 1 + ...use-after-free-caused-by-reentrant-c.patch | 59 ++++ .../busybox/busybox/CVE-2024-58251.patch | 51 ++++ .../busybox/busybox/CVE-2026-29004-01.patch | 42 +++ .../busybox/busybox/CVE-2026-29004-02.patch | 47 +++ meta/recipes-core/busybox/busybox_1.37.0.bb | 3 + meta/recipes-core/glibc/glibc-version.inc | 2 +- meta/recipes-core/glibc/glibc_2.43.bb | 4 +- meta/recipes-devtools/pseudo/pseudo_git.bb | 4 +- ...01-Increase-chardet-upper-limit-to-8.patch | 25 ++ .../python/python3-requests_2.32.5.bb | 1 + meta/recipes-devtools/qemu/qemu.inc | 1 + ...tlb_to_section-for-different-Address.patch | 274 ++++++++++++++++++ ...3.0.bb => python3-sbom-cve-check_1.3.1.bb} | 4 +- ...check-update-cvelist-native_2026-05-07.bb} | 4 +- ...ck-update-nvd-native_2026.05.07-000006.bb} | 4 +- .../libarchive/libarchive_3.8.7.bb | 1 + .../shadow/files/disable_syslog.patch | 3 +- meta/recipes-extended/timezone/timezone.inc | 6 +- ....02.04.bb => wireless-regdb_2026.03.18.bb} | 2 +- .../libtiff/tiff/CVE-2026-4775.patch | 55 ++++ meta/recipes-multimedia/libtiff/tiff_4.7.1.bb | 1 + .../libsoup/libsoup/CVE-2026-2708.patch | 218 ++++++++++++++ meta/recipes-support/libsoup/libsoup_3.6.6.bb | 2 + .../libssh2/libssh2/CVE-2026-7598.patch | 56 ++++ .../recipes-support/libssh2/libssh2_1.11.1.bb | 1 + scripts/makefile-getvar | 4 +- scripts/oe-pkgdata-util | 19 +- 38 files changed, 934 insertions(+), 37 deletions(-) create mode 100644 meta/recipes-bsp/efivar/efivar/0003-fix-march-issue-for-ppc64le.patch create mode 100644 meta/recipes-connectivity/bluez5/bluez5/0001-gatt-client-Fix-use-after-free-caused-by-reentrant-c.patch create mode 100644 meta/recipes-core/busybox/busybox/CVE-2024-58251.patch create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-01.patch create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-02.patch create mode 100644 meta/recipes-devtools/python/python3-requests/0001-Increase-chardet-upper-limit-to-8.patch create mode 100644 meta/recipes-devtools/qemu/qemu/0001-accel-tcg-Fix-iotlb_to_section-for-different-Address.patch rename meta/recipes-devtools/sbom-cve-check/{python3-sbom-cve-check_1.3.0.bb => python3-sbom-cve-check_1.3.1.bb} (76%) rename meta/recipes-devtools/sbom-cve-check/{sbom-cve-check-update-cvelist-native.bb => sbom-cve-check-update-cvelist-native_2026-05-07.bb} (77%) rename meta/recipes-devtools/sbom-cve-check/{sbom-cve-check-update-nvd-native.bb => sbom-cve-check-update-nvd-native_2026.05.07-000006.bb} (79%) rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2026.02.04.bb => wireless-regdb_2026.03.18.bb} (94%) create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2026-4775.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2026-2708.patch create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2026-7598.patch