From patchwork Sun Mar 29 22:46:08 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 84767
X-Patchwork-Delegate: yoann.congal@smile.fr
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8D06BFF4929
	for <webhook@archiver.kernel.org>; Sun, 29 Mar 2026 22:46:41 +0000 (UTC)
Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com
 [209.85.128.52])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.38492.1774824391739343713
 for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:32 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=lo0KOjNV;
 spf=pass (domain: smile.fr, ip: 209.85.128.52,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f52.google.com with SMTP id
 5b1f17b1804b1-487035181a7so24943755e9.2
        for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1774824390; x=1775429190;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=2Z5P92f/WBPWltkhEdKSyzPt4B8v/iLjxe5CiaZdZIQ=;
        b=lo0KOjNVBYNHrgFxphXP5NyeqCMC6n2u0rcRG1rZIa2eeyFmCxmlEp6h/mfcJPqaBN
         IWMNiuj5JhtE1mLTURUMifxHWoqod10mvMgUbIlO8Z35xidryrcdol+Cxr5CBVyF9vw/
         ijAIuty7rF1LroMx4Xm/+2bWyhF8FTg3Dmhyg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774824390; x=1775429190;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=2Z5P92f/WBPWltkhEdKSyzPt4B8v/iLjxe5CiaZdZIQ=;
        b=V7bbWUTyx2FIjNy3wNRHPX4kdmocOlqPkXOQFtiS2XZXgar0c2r736sDspgLzgTOwQ
         Q/mQFi44NIKpNrWLfgCw4cFCMspBpBDJinJ7IsHgi4I0xSI/cxoqLwkqltFXK0WP9vXY
         2Q8yb75aTmuoBYTwbVwmxipQhWzHmVmlM2VcT6cNvPchzBhDDRxDvmlzHeS1l0Sn1CLS
         HIiHh8qzI1sIWVsp+6SePfxycQ7NSMRX39oKKTyIRdVDPHLm6TU7pLBcYU+q8LEETad+
         OJkQauxOVHRt/V4teOAMZGit9Etpb7KSLR6N3i6XOj6hI9xE9gSQqIQ6kCnA+S260wwJ
         1ZNA==
X-Gm-Message-State: AOJu0YyTvOjC4Aowh+REuXMefTzgAtdsT6KqX58snrj0XRVxULLoAiYY
	iE1FffnZewsxkYCD94s6aQ6dtzLVyw6sWA+iGP+XCxi8t0nQuDYRO8Ez+9eCaK2P0H/+lMBgcTW
	zY7fzXCs=
X-Gm-Gg: ATEYQzz64jAetrL3ro5aAMcOYknc84oSYBmSTRKYIHnQPTz5VPBnMDdHbNb7tjWySu5
	LLmg4rhLGpFByMI6LvejA/48rEinqcHyir8yky5jeHUjGEIJBjN+sAo15lP3zZFGii1oDQrBL+U
	NAx/rEhJ59UNzcOjOtsgQzB5PeGhd+zNscN9PK3z8OIEKbOiU5k448OIBot8YLcsWYzvcyhhRTq
	N+8BO6UEl86wsNsGiHlHAtUPw43thGwcb8RQjoUxOO8yRzTgHgCnH7kLM6JjtCeB85hWMZ/g9QA
	6f1v9ggeYCfTai+8EfSntPnWSyTjFRy3j9+cgrrM10O6I7VTvFaKOe3igFoHpV8aMWxvv4UoxHt
	yl9teoYMtfcZhglmIU007MrnlkzEOub6B4D6AqdPnLNrL2NUXudXLzw7kFbgtR0I+2XpwIU776l
	BDuyIFhMvPG3FuA0UZ7PPyegvGFla5Iyh5JPXyHwqV//ElQHrq8Bok6B/UVu8fBRP8N43WA/q/H
	gOMNUhRmr5s+OvDQUhEFX9EaNI=
X-Received: by 2002:a05:600c:a408:b0:485:9a50:3370 with SMTP id
 5b1f17b1804b1-48727d735a7mr132021845e9.8.1774824389710;
        Sun, 29 Mar 2026 15:46:29 -0700 (PDT)
Received: from FRSMI25-LASER.home
 (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr.
 [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4873061eeeasm133760375e9.2.2026.03.29.15.46.29
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 29 Mar 2026 15:46:29 -0700 (PDT)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 01/11] tzdata,tzcode-native: Upgrade 2025b ->
 2025c
Date: Mon, 30 Mar 2026 00:46:08 +0200
Message-ID: 
 <7255b0ff315367abb5f0c6f00974bf30f7861d1b.1774824253.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1774824253.git.yoann.congal@smile.fr>
References: <cover.1774824253.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sun, 29 Mar 2026 22:46:41 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/234182

From: Paul Barker <paul@pbarker.dev>

This release mostly changes code and commentary. The only changed data
are leap second table expiration and pre-1976 time in Baja California.

Full release notes:
  https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/TAGXKYLMAQRZRFTERQ33CEKOW7KRJVAK/

Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 452334219309793ad74abd6ff390dcb06cab929b)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-extended/timezone/timezone.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index f21bedf4fc5..35f22d5a15a 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
 LICENSE = "PD & BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
 
-PV = "2025b"
+PV = "2025c"
 
 SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \
            http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \
@@ -16,5 +16,5 @@ S = "${WORKDIR}/tz"
 
 UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
 
-SRC_URI[tzcode.sha256sum] = "05f8fedb3525ee70d49c87d3fae78a8a0dbae4fe87aa565c65cda9948ae135ec"
-SRC_URI[tzdata.sha256sum] = "11810413345fc7805017e27ea9fa4885fd74cd61b2911711ad038f5d28d71474"
+SRC_URI[tzcode.sha256sum] = "697ebe6625444aef5080f58e49d03424bbb52e08bf483d3ddb5acf10cbd15740"
+SRC_URI[tzdata.sha256sum] = "4aa79e4effee53fc4029ffe5f6ebe97937282ebcdf386d5d2da91ce84142f957"

From patchwork Sun Mar 29 22:46:09 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 84770
X-Patchwork-Delegate: yoann.congal@smile.fr
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6611BFF4927
	for <webhook@archiver.kernel.org>; Sun, 29 Mar 2026 22:46:41 +0000 (UTC)
Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com
 [209.85.128.46])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.38493.1774824392420548088
 for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:32 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=E5ToF7b5;
 spf=pass (domain: smile.fr, ip: 209.85.128.46,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f46.google.com with SMTP id
 5b1f17b1804b1-4873ce69ba9so2646245e9.2
        for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1774824390; x=1775429190;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=zGzcOZ724c4YbRHNLv7xePGrypATx1aeyDLzcH8kcqo=;
        b=E5ToF7b5ddJfkrNdLaIiDGXYnKG+KYREvX+YaHLPQpL39SWFJlW/J9z0F/H08u/Osh
         V5r+Tls6uBR+mC4Po6xYkbHqDb+5x0nP9SyXGNfK1ZD/XxDNH+tF7yw621VXOUl/OPyy
         w6uL9114Ty4DCrF19pr3j3K4R7wlbw3HNE7iE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774824390; x=1775429190;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=zGzcOZ724c4YbRHNLv7xePGrypATx1aeyDLzcH8kcqo=;
        b=M67bVY6On+S0zqV47u6jVgrf1IiDc2Pirh7gOgdRMi9yHmVoy0k8jhsSuM1KdnHl+4
         qkAXCRHxQ146ceginzB8VcNKgKU6ynOyXstiYs/lNigGejHwsOxWqLjydHlDhkbNka0y
         PBed8fM/M9M+/IpcMETaCoOCHlxZWob7hcdm23WL7YwdmVmzPhL48uBnxvCkAtzVs+Tf
         MVYBrZhPfTSY8VkI9xmL2RrvDaAGEhqDyHxShbU1GmRclpVk3XmP7OFEZrt7ARNAP4Rs
         kHxpzMa65fjStE6kpWFKtEMe0fuix4/lHv85aJbR53qVlag5YzBm+okcMNGyQB6nJ0eM
         BTFQ==
X-Gm-Message-State: AOJu0Yx1SGpRMPMvk+xrIoiazYEdOUqvF+y2J41YYHnii35gCad0DNZf
	zdFmTiF+MouutryGnAUmwsqGCGoSfzEsAyAujAmUDx7JyebtW9yYDMm9rASeNli5sNtWRoO/KVc
	UxOvWAaM=
X-Gm-Gg: ATEYQzw6ZjtYLU26hGaSanrjeWfN/pSoK3Mf5rfcvSCz7qKYM35puFu4JRAhpLISmH9
	Wf9FvSRwHfUI9r33VFt/Z0vSY9xPRNjuEW/zC8+GkA3j3/u41ZftMm1qm9hgo2+a1lt3m4AehXE
	7d36cHct8I8eVt0SIAF5iSg6gENTBGqBkfYXhicaPMgr79tmvUkrI4vZYPBduFpAik4n1lt/VIw
	haAu4ghzB0cb5ux19lB/DhZAEZNS+a6XAWwcu+GudU9yWjgPyEhIj0tKUqE8gauAigdgpWY/5cl
	NvkF4s1ifLPdEP5n0QwnP+umnETsfuEJsAOvbcG4XQDafFW/LfeR9zPLYcbhuS4hH3CM3XOIBAn
	8vhPevUfUFdK4onaOdHLO5upPI+Mo4L4WgKJkPc32YzO0QlDPj12RUxbzjv2fbrM+PpQTgAEcvZ
	9HyjjiGKjSnNCRvhtWXf4OZ2qXn/B2FKoKGjGZsKZjq9HBAYLj4vSN3CkjuunLXlhB8OjfHlpgU
	0ML+/ZFc2fQwpAFtDaIJ0eethc=
X-Received: by 2002:a05:600c:4744:b0:485:4278:2558 with SMTP id
 5b1f17b1804b1-48727d5a313mr173668365e9.6.1774824390400;
        Sun, 29 Mar 2026 15:46:30 -0700 (PDT)
Received: from FRSMI25-LASER.home
 (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr.
 [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4873061eeeasm133760375e9.2.2026.03.29.15.46.29
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 29 Mar 2026 15:46:29 -0700 (PDT)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 02/11] python3-cryptography: Fix CVE-2026-26007
Date: Mon, 30 Mar 2026 00:46:09 +0200
Message-ID: 
 <80637cd1b9e2045e9f19fb8337704007fef67e41.1774824253.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1774824253.git.yoann.congal@smile.fr>
References: <cover.1774824253.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sun, 29 Mar 2026 22:46:41 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/234183

From: Nguyen Dat Tho <tho3.nguyen@lge.com>

CVE-2026-26007 is fixed upstream in version 46.0.5.
Our current version (42.0.5, scarthgap) is still reported as vulnerable
by NVD.
Backport the upstream fix to address this CVE.

Upstream commit:
  https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c

CVE report:
  https://nvd.nist.gov/vuln/detail/CVE-2026-26007

Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../python3-cryptography/CVE-2026-26007.patch | 149 ++++++++++++++++++
 .../python/python3-cryptography_42.0.5.bb     |   1 +
 2 files changed, 150 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python3-cryptography/CVE-2026-26007.patch

diff --git a/meta/recipes-devtools/python/python3-cryptography/CVE-2026-26007.patch b/meta/recipes-devtools/python/python3-cryptography/CVE-2026-26007.patch
new file mode 100644
index 00000000000..a78d287ccdd
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-cryptography/CVE-2026-26007.patch
@@ -0,0 +1,149 @@
+From 42c914929b52eb16421a4ef1f7e09c8f9fdab7db Mon Sep 17 00:00:00 2001
+From: Paul Kehrer <paul.l.kehrer@gmail.com>
+Date: Wed, 18 Mar 2026 16:01:03 +0900
+Subject: [PATCH] EC check key on cofactor > 1
+
+An attacker could create a malicious public key that reveals portions of
+your private key when using certain uncommon elliptic curves (binary
+curves).  This version now includes additional security checks to
+prevent this attack.  This issue only affects binary elliptic curves,
+which are rarely used in real-world applications. Credit to **XlabAI
+Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery
+Engine** for reporting the issue.  **CVE-2026-26007**
+
+This is a partial backport of upstream commit
+0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c, to only include what's
+relevant for CVE-2026-26007.
+
+CVE: CVE-2026-26007
+
+Origin: backport, https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c
+Reference: https://salsa.debian.org/python-team/packages/python-cryptography/-/commit/464e7ca3b0b4493d5906d0c3685de71fda770c59
+
+Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com>
+Signed-off-by: Paul Kehrer <paul.l.kehrer@gmail.com>
+Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
+---
+Upstream-Status: Backport [Backport from https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c]
+
+ src/rust/src/backend/ec.rs         | 39 ++++++++++++++++++++----------
+ tests/hazmat/primitives/test_ec.py | 37 ++++++++++++++++++++++++++++
+ 2 files changed, 63 insertions(+), 13 deletions(-)
+
+diff --git a/src/rust/src/backend/ec.rs b/src/rust/src/backend/ec.rs
+index 6a224b49f..27fced086 100644
+--- a/src/rust/src/backend/ec.rs
++++ b/src/rust/src/backend/ec.rs
+@@ -155,12 +155,9 @@ pub(crate) fn public_key_from_pkey(
+ ) -> CryptographyResult<ECPublicKey> {
+     let ec = pkey.ec_key()?;
+     let curve = py_curve_from_curve(py, ec.group())?;
+-    check_key_infinity(&ec)?;
+-    Ok(ECPublicKey {
+-        pkey: pkey.to_owned(),
+-        curve: curve.into(),
+-    })
++    ECPublicKey::new(pkey.to_owned(), curve.into())
+ }
++
+ #[pyo3::prelude::pyfunction]
+ fn generate_private_key(
+     py: pyo3::Python<'_>,
+@@ -215,10 +212,7 @@ fn from_public_bytes(
+     let ec = openssl::ec::EcKey::from_public_key(&curve, &point)?;
+     let pkey = openssl::pkey::PKey::from_ec_key(ec)?;
+ 
+-    Ok(ECPublicKey {
+-        pkey,
+-        curve: py_curve.into(),
+-    })
++    ECPublicKey::new(pkey, py_curve.into())
+ }
+ 
+ #[pyo3::prelude::pymethods]
+@@ -357,6 +351,28 @@ impl ECPrivateKey {
+     }
+ }
+ 
++impl ECPublicKey {
++    fn new(
++        pkey: openssl::pkey::PKey<openssl::pkey::Public>,
++        curve: pyo3::Py<pyo3::PyAny>,
++    ) -> CryptographyResult<ECPublicKey> {
++        let ec = pkey.ec_key()?;
++        check_key_infinity(&ec)?;
++        let mut bn_ctx = openssl::bn::BigNumContext::new()?;
++        let mut cofactor = openssl::bn::BigNum::new()?;
++        ec.group().cofactor(&mut cofactor, &mut bn_ctx)?;
++        let one = openssl::bn::BigNum::from_u32(1)?;
++        if cofactor != one {
++            ec.check_key().map_err(|_| {
++                pyo3::exceptions::PyValueError::new_err(
++                    "Invalid EC key (key out of range, infinity, etc.)",
++                )
++            })?;
++        }
++
++        Ok(ECPublicKey { pkey, curve })
++    }
++}
+ #[pyo3::prelude::pymethods]
+ impl ECPublicKey {
+     #[getter]
+@@ -591,10 +607,7 @@ impl EllipticCurvePublicNumbers {
+ 
+         let pkey = openssl::pkey::PKey::from_ec_key(public_key)?;
+ 
+-        Ok(ECPublicKey {
+-            pkey,
+-            curve: self.curve.clone_ref(py),
+-        })
++        ECPublicKey::new(pkey, self.curve.clone_ref(py))
+     }
+ 
+     fn __eq__(
+diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
+index 334e76dcc..f7f2242f6 100644
+--- a/tests/hazmat/primitives/test_ec.py
++++ b/tests/hazmat/primitives/test_ec.py
+@@ -1340,3 +1340,40 @@ class TestECDH:
+ 
+         with pytest.raises(ValueError):
+             key.exchange(ec.ECDH(), public_key)
++
++
++def test_invalid_sect_public_keys(backend):
++    _skip_curve_unsupported(backend, ec.SECT571K1())
++    public_numbers = ec.EllipticCurvePublicNumbers(1, 1, ec.SECT571K1())
++    with pytest.raises(ValueError):
++        public_numbers.public_key()
++
++    point = binascii.unhexlify(
++        b"0400000000000000000000000000000000000000000000000000000000000000000"
++        b"0000000000000000000000000000000000000000000000000000000000000000000"
++        b"0000000000010000000000000000000000000000000000000000000000000000000"
++        b"0000000000000000000000000000000000000000000000000000000000000000000"
++        b"0000000000000000000001"
++    )
++    with pytest.raises(ValueError):
++        ec.EllipticCurvePublicKey.from_encoded_point(ec.SECT571K1(), point)
++
++    der = binascii.unhexlify(
++        b"3081a7301006072a8648ce3d020106052b810400260381920004000000000000000"
++        b"0000000000000000000000000000000000000000000000000000000000000000000"
++        b"0000000000000000000000000000000000000000000000000000000000000100000"
++        b"0000000000000000000000000000000000000000000000000000000000000000000"
++        b"0000000000000000000000000000000000000000000000000000000000000000000"
++        b"00001"
++    )
++    with pytest.raises(ValueError):
++        serialization.load_der_public_key(der)
++
++    pem = textwrap.dedent("""-----BEGIN PUBLIC KEY-----
++    MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++    AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE=
++    -----END PUBLIC KEY-----""").encode()
++    with pytest.raises(ValueError):
++        serialization.load_pem_public_key(pem)
diff --git a/meta/recipes-devtools/python/python3-cryptography_42.0.5.bb b/meta/recipes-devtools/python/python3-cryptography_42.0.5.bb
index 732f925d926..c4573fa6891 100644
--- a/meta/recipes-devtools/python/python3-cryptography_42.0.5.bb
+++ b/meta/recipes-devtools/python/python3-cryptography_42.0.5.bb
@@ -11,6 +11,7 @@ LDSHARED += "-pthread"
 SRC_URI[sha256sum] = "6fe07eec95dfd477eb9530aef5bead34fec819b3aaf6c5bd6d20565da607bfe1"
 
 SRC_URI += "file://0001-pyproject.toml-remove-benchmark-disable-option.patch \
+            file://CVE-2026-26007.patch \
             file://check-memfree.py \
             file://run-ptest \
            "

From patchwork Sun Mar 29 22:46:10 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 84768
X-Patchwork-Delegate: yoann.congal@smile.fr
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 37038FF4925
	for <webhook@archiver.kernel.org>; Sun, 29 Mar 2026 22:46:41 +0000 (UTC)
Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com
 [209.85.128.42])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.38743.1774824392969133131
 for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:33 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=3OJ0aV8p;
 spf=pass (domain: smile.fr, ip: 209.85.128.42,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f42.google.com with SMTP id
 5b1f17b1804b1-48557c8ad47so29222485e9.0
        for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1774824391; x=1775429191;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=k9l50duf5zEDAhHdXAmfFwGnkBPanJVJv49TAJEdyPQ=;
        b=3OJ0aV8p3PZyo1FBpX7kb+3dS9hFKFZhwBABEp65cfbbAzo1rphCyXCc0SRwSxvpVA
         8q5a12nHGaJKzytfhJYLQ95GhAIdom++RgqeNj/Md7F/xwCOEKacuxKRAHQgzS63GgfL
         NldMGDnbO4aaerHxM1aPjeBfup6m7eUfNSTzQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774824391; x=1775429191;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=k9l50duf5zEDAhHdXAmfFwGnkBPanJVJv49TAJEdyPQ=;
        b=rUAGKS9r6QcLbHN180jXxTr2UDTrzqpREN3IMotcghyytvRsbR4Xkh19jAZUVbuEki
         mpZu4WI+9w5KMDN8i7UzjGbfVmp7rsXIwb8N4Lfvs+eDwMa6qGzXI/vx4P/tlTA+eqKn
         S2PDwhZjxw10iP0NkmQo0BmSagwLINGSTlOn31KYpC9tWAMDAdw5xSv31JzN7qB9Fc6C
         2BRpE9OgJMUSF+0eovhU+t0RV6bbd3NE4ezUSunLOGyPVnMktgSXu5pWnS3l+EmMjBD+
         hGVrQs2zg9j7whk8FQeIBjGn9tycruVEv1DF1BX1PjAUzUL+sAIv5jBBpqe23ag92Zvn
         zNzg==
X-Gm-Message-State: AOJu0YzJoSBqTB5Lbbx+NTjUjyDsrxwe82zBJLwOvt7oWQm3FxMiJMuF
	wsThh02bpPGilgV0b9gzd5ro++gSJr/zysWyv3JqQYFqHrsuDABUAzZ4s+Jd/JMB3MpiRzDufGk
	ThCE/esc=
X-Gm-Gg: ATEYQzzUrMfIyeXpC+73YCGV66/pUmDlnGcvBrjiK3S3HEw+jMxpfnkO41BQCpFUlnI
	sLrprOByCDOLefyqTwunIuUuWrCC4YlRvYAtYbfOCdQpBQs8Mm+shfbKbDKdTY0Wz2sKM05ZsoU
	5GLKsvWldffKLP26IWyBEGhF7U/Thl7qlO8GpjI1q444i1X4Jk9KVeJo4DrF4XVB02vhXRk+RIp
	SIOhpDPrcNTMYu7LS7fcCTKbym/JXI8aEvq/Z8HS/F6MJoIg2wwlJuKDtPOkz96WmgkGPaT8MVt
	fkNmr6SHBBJii+BQSmJcdjK7jFKGL5wARPDLAlSJs7FyOe2BKW57YN39JbEvKaLHr/kB7uP3YD6
	2rkxZ+CyZD4W3WgtbjiadYLhimXqTlt63fwxRTytqQ3l9Iqi1cg374kA01rVBgwdnEjixphBi0C
	Jo6oi0X9KRu45e8wm5mZL0BNCURuqmWVZTMuQ6fmRmHLe4d7kR/YHpjyDMB8fMuAeka0dAepTsI
	8OWwebqxSxWVivAOGTHfjMxrH8=
X-Received: by 2002:a05:600c:3d87:b0:487:1114:d42f with SMTP id
 5b1f17b1804b1-48727d59da0mr175629875e9.1.1774824391034;
        Sun, 29 Mar 2026 15:46:31 -0700 (PDT)
Received: from FRSMI25-LASER.home
 (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr.
 [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4873061eeeasm133760375e9.2.2026.03.29.15.46.30
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 29 Mar 2026 15:46:30 -0700 (PDT)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 03/11] spdx: add option to include only compiled
 sources
Date: Mon, 30 Mar 2026 00:46:10 +0200
Message-ID: 
 <50390bb45db8560bc9d2ee3ad37979924e0046c7.1774824253.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1774824253.git.yoann.congal@smile.fr>
References: <cover.1774824253.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sun, 29 Mar 2026 22:46:41 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/234184

From: João Marcos Costa (Schneider Electric) <joaomarcos.costa@bootlin.com>

When SPDX_INCLUDE_COMPILED_SOURCES is enabled, only include the
source code files that are used during compilation.

It uses debugsource information generated during do_package.

This enables an external tool to use the SPDX information to disregard
vulnerabilities that are not compiled.

As example, when used with the default config with linux-yocto, the spdx size is
reduced from 156MB to 61MB.

(From OE-Core rev: c6a2f1fca76fae4c3ea471a0c63d0b453beea968)
Adapted to existing files for SPDX3.0

Tested with:
- bitbake world on oe-core
- oe-selftest --run-tests spdx.SPDX30Check

Regarding SPDX2.2, the respective backport was already performed in
OE-Core rev: a2866934e58fb377a73e87576c8594988a63ad1b

Signed-off-by: João Marcos Costa (Schneider Electric) <joaomarcos.costa@bootlin.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/classes/spdx-common.bbclass |  3 +++
 meta/lib/oe/spdx30_tasks.py      | 12 ++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/meta/classes/spdx-common.bbclass b/meta/classes/spdx-common.bbclass
index 713a7fc651e..ca0416d1c7f 100644
--- a/meta/classes/spdx-common.bbclass
+++ b/meta/classes/spdx-common.bbclass
@@ -26,6 +26,7 @@ SPDX_TOOL_VERSION ??= "1.0"
 SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy"
 
 SPDX_INCLUDE_SOURCES ??= "0"
+SPDX_INCLUDE_COMPILED_SOURCES ??= "0"
 
 SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org"
 SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdocs"
@@ -40,6 +41,8 @@ SPDX_MULTILIB_SSTATE_ARCHS ??= "${SSTATE_ARCHS}"
 python () {
     from oe.cve_check import extend_cve_status
     extend_cve_status(d)
+    if d.getVar("SPDX_INCLUDE_COMPILED_SOURCES") == "1":
+        d.setVar("SPDX_INCLUDE_SOURCES", "1")
 }
 
 def create_spdx_source_deps(d):
diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
index a8970dcca0f..9c422d17573 100644
--- a/meta/lib/oe/spdx30_tasks.py
+++ b/meta/lib/oe/spdx30_tasks.py
@@ -145,6 +145,8 @@ def add_package_files(
     ignore_dirs=[],
     ignore_top_level_dirs=[],
 ):
+    import oe.spdx
+
     source_date_epoch = d.getVar("SOURCE_DATE_EPOCH")
     if source_date_epoch:
         source_date_epoch = int(source_date_epoch)
@@ -156,6 +158,11 @@ def add_package_files(
         bb.note(f"Skip {topdir}")
         return spdx_files
 
+    check_compiled_sources = d.getVar("SPDX_INCLUDE_COMPILED_SOURCES") == "1"
+    if check_compiled_sources:
+        compiled_sources, types = oe.spdx.get_compiled_sources(d)
+        bb.debug(1, f"Total compiled files: {len(compiled_sources)}")
+
     for subdir, dirs, files in os.walk(topdir, onerror=walk_error):
         dirs[:] = [d for d in dirs if d not in ignore_dirs]
         if subdir == str(topdir):
@@ -171,6 +178,11 @@ def add_package_files(
             filename = str(filepath.relative_to(topdir))
             file_purposes = get_purposes(filepath)
 
+            # Check if file is compiled
+            if check_compiled_sources:
+                if not oe.spdx.is_compiled_source(filename, compiled_sources, types):
+                    continue
+
             spdx_file = objset.new_file(
                 get_spdxid(file_counter),
                 filename,

From patchwork Sun Mar 29 22:46:11 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 84769
X-Patchwork-Delegate: yoann.congal@smile.fr
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E06BCFF4923
	for <webhook@archiver.kernel.org>; Sun, 29 Mar 2026 22:46:40 +0000 (UTC)
Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com
 [209.85.128.47])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.38744.1774824393619180750
 for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:33 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=kgujxQjd;
 spf=pass (domain: smile.fr, ip: 209.85.128.47,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f47.google.com with SMTP id
 5b1f17b1804b1-48541edecf9so49044395e9.1
        for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1774824392; x=1775429192;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=0dMej7lmszqTsa6UScljJ48enl+M0n1Z9R80lxhs580=;
        b=kgujxQjdPH/hxbT1X7UAf4HqQpzaAmKSGRNZPYkC4FWhTJWPqJhyuLjnP7KNwT0qqZ
         od0Y/or5qsxxdLfGt1vb+WHW/3AioWweLWBMMN6A9OCFitIrocnEwr8pY4A+3prDLryJ
         mYvF5H3O2Z97L+EufJ/sQybDT2p4KvgjNDPsc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774824392; x=1775429192;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=0dMej7lmszqTsa6UScljJ48enl+M0n1Z9R80lxhs580=;
        b=pWJ9pAIgHmpfoMIZbeReYkKxxRRSrmGVn+ShJglaP7ALkUTmUUZrTa7rWBly7p7B2a
         DlWCuMtAfnYXTYuOlwNB207wr5ZyAu/AAViNxr2B9ugr90AsbzQk750MpUwWGifS5xTV
         dgDkUch+MWUjqkXZtflUAQGc06iBRz9MHBYGnIRiTabFIed3A9bz5GgZTQHI71tUpNmM
         qTMUvhjt9U1t0ovQhNoTvPNywmpxoFc4TIIqOS12qEUgYEhCWgByQr9J1C679LmvxYZt
         Xo1KHu3TtveE17hRTCQL2Jg1WnpIbabvht1kLrcNkUKXmxgJm2HNXlc23IVbouPfw2Ig
         KapA==
X-Gm-Message-State: AOJu0YyBHLk34PDUMzv0+UqDEla+Na3UuxM+xSFvHJclRlC17cwd1WfA
	U9IzDG3g1TxcStMZwoY3UudGLTDZceYiwwxohLzIqHbU+N80JDYE0sxdel2ivqSMrP2bsFCAsMl
	8kbsXoV8=
X-Gm-Gg: ATEYQzzr8+2gX2Z1kueYJgpWmJ6fE+FHJvnXvsP3GGtpJGR7O0oFuQBmtTUMu7p3DOw
	W/VvuH3EQpwieoxqMPp4HT+t+P4Ff1ALetsnBz8YDqsQKqI76Um2brD6M29DaaGG4i7p47LJFvT
	8hLZT23rcTez3UbvL11EsxILHqILXT4H3qYm0dMY/GOCxxHxECzQEmwK7bYj4PY9wDOK9BdYHm6
	7+KZ2YotfbBcdK/uICptJV3Dbxj7UGmyIez+S66yZHeWBDnot4lmU0gYLoUa/vEZx0ScktMX4UU
	WSuyuvMlT8hwqxHVdYlzwmOJnfJ7l8RVhqmlwnA9NQctb/ShChUzixsPtB6uIWvR8j+2KIpW1Hw
	1GVCZWHfsEZhAKzXj6RMCxL8KKRzSpKwTpyqZInJhfzkvrwazIvAI4Efr43FR369tuvjrsknaZc
	ijqvn27nTVEtCxEFHvXViQKbhSWqNzPbN0ZPytJTHzpD0T7ETbFcsT/f3yK2YL27x1z1fH28NXK
	1GLOfIuoq4HWK3Ig4EdBYTn0uc=
X-Received: by 2002:a05:600c:46c4:b0:485:3a03:ceca with SMTP id
 5b1f17b1804b1-48727f0e53bmr188831305e9.23.1774824391603;
        Sun, 29 Mar 2026 15:46:31 -0700 (PDT)
Received: from FRSMI25-LASER.home
 (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr.
 [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4873061eeeasm133760375e9.2.2026.03.29.15.46.31
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 29 Mar 2026 15:46:31 -0700 (PDT)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 04/11] dtc: backport fix for build with
 glibc-2.43
Date: Mon, 30 Mar 2026 00:46:11 +0200
Message-ID: 
 <58ef52e9ee33c76689a57e6c39e91c00c257c43f.1774824253.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1774824253.git.yoann.congal@smile.fr>
References: <cover.1774824253.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sun, 29 Mar 2026 22:46:40 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/234185

From: Martin Jansa <martin.jansa@gmail.com>

glibc-2.43 isn't used in OE builds yet, but this fixes dtc-native:
https://errors.yoctoproject.org/Errors/Details/903983/

../sources/dtc-1.7.2/libfdt/fdt_overlay.c: In function ‘overlay_fixup_phandle’:
../sources/dtc-1.7.2/libfdt/fdt_overlay.c:424:21: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
  424 |                 sep = memchr(fixup_str, ':', fixup_len);
      |                     ^
../sources/dtc-1.7.2/libfdt/fdt_overlay.c:434:21: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
  434 |                 sep = memchr(name, ':', fixup_len);
      |                     ^
cc1: all warnings being treated as errors

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[YC: upstream commit 28552a7b6c94060c7ab3899619ab8afb74124d02]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../0001-Fix-discarded-const-qualifiers.patch | 85 +++++++++++++++++++
 meta/recipes-kernel/dtc/dtc_1.7.0.bb          |  1 +
 2 files changed, 86 insertions(+)
 create mode 100644 meta/recipes-kernel/dtc/dtc/0001-Fix-discarded-const-qualifiers.patch

diff --git a/meta/recipes-kernel/dtc/dtc/0001-Fix-discarded-const-qualifiers.patch b/meta/recipes-kernel/dtc/dtc/0001-Fix-discarded-const-qualifiers.patch
new file mode 100644
index 00000000000..c643410ae9b
--- /dev/null
+++ b/meta/recipes-kernel/dtc/dtc/0001-Fix-discarded-const-qualifiers.patch
@@ -0,0 +1,85 @@
+From 861cb43eb53afff83e28ba0e0f88ffa464ebe8ca Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh@redhat.com>
+Date: Tue, 6 Jan 2026 14:19:30 -0500
+Subject: [PATCH] Fix discarded const qualifiers
+
+It's unsafe to implicitly discard the const qualifier on a pointer. In
+overlay_fixup_phandle(), this was probably just an oversight, and making
+the "sep" variable a const char * is sufficient to fix it.
+
+In create_node(), however, the "p" variable is directly modifying the
+buffer pointed to by "const char* node_name". To fix this, we need to
+actually make a duplicate of the buffer and operate on that instead.
+
+This introduces a malloc()/free()  and an unbounded strdup() into the
+operation, but fdtput isn't a long-running service and the node_name
+argument comes directly from argv, so this shouldn't introduce a
+significant performance impact.
+
+Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
+Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/dtc/dtc.git/commit/libfdt/fdt_overlay.c?h=main&id=9a1c801a1a3c102bf95c5339c9e985b26b823a21]
+---
+ fdtput.c             | 8 +++++---
+ libfdt/fdt_overlay.c | 3 ++-
+ meson.build          | 3 ++-
+ 3 files changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/fdtput.c b/fdtput.c
+index c2fecf4..8deec7e 100644
+--- a/fdtput.c
++++ b/fdtput.c
+@@ -230,19 +230,21 @@ static int create_paths(char **blob, const char *in_path)
+ static int create_node(char **blob, const char *node_name)
+ {
+ 	int node = 0;
+-	char *p;
++	const char *p;
++	char *path = NULL;
+ 
+ 	p = strrchr(node_name, '/');
+ 	if (!p) {
+ 		report_error(node_name, -1, -FDT_ERR_BADPATH);
+ 		return -1;
+ 	}
+-	*p = '\0';
+ 
+ 	*blob = realloc_node(*blob, p + 1);
+ 
+ 	if (p > node_name) {
+-		node = fdt_path_offset(*blob, node_name);
++		path = xstrndup(node_name, (size_t)(p - node_name));
++		node = fdt_path_offset(*blob, path);
++		free(path);
+ 		if (node < 0) {
+ 			report_error(node_name, -1, node);
+ 			return -1;
+diff --git a/libfdt/fdt_overlay.c b/libfdt/fdt_overlay.c
+index 5c0c398..75b0619 100644
+--- a/libfdt/fdt_overlay.c
++++ b/libfdt/fdt_overlay.c
+@@ -431,7 +431,8 @@ static int overlay_fixup_phandle(void *fdt, void *fdto, int symbols_off,
+ 		const char *fixup_str = value;
+ 		uint32_t path_len, name_len;
+ 		uint32_t fixup_len;
+-		char *sep, *endptr;
++		const char *sep;
++		char *endptr;
+ 		int poffset, ret;
+ 
+ 		fixup_end = memchr(value, '\0', len);
+diff --git a/meson.build b/meson.build
+index 8952e8a..ecb0ae0 100644
+--- a/meson.build
++++ b/meson.build
+@@ -14,7 +14,8 @@ add_project_arguments(
+     '-Wstrict-prototypes',
+     '-Wmissing-prototypes',
+     '-Wredundant-decls',
+-    '-Wshadow'
++    '-Wshadow',
++    '-Wdiscarded-qualifiers'
+   ]),
+   language: 'c'
+ )
diff --git a/meta/recipes-kernel/dtc/dtc_1.7.0.bb b/meta/recipes-kernel/dtc/dtc_1.7.0.bb
index 0702fc16dfa..a2f41197fda 100644
--- a/meta/recipes-kernel/dtc/dtc_1.7.0.bb
+++ b/meta/recipes-kernel/dtc/dtc_1.7.0.bb
@@ -12,6 +12,7 @@ SRC_URI = " \
     git://git.kernel.org/pub/scm/utils/dtc/dtc.git;branch=main;protocol=https \
     file://0001-meson.build-bump-version-to-1.7.0.patch \
     file://0002-meson-allow-building-from-shallow-clones.patch \
+    file://0001-Fix-discarded-const-qualifiers.patch \
 "
 SRCREV = "039a99414e778332d8f9c04cbd3072e1dcc62798"
 

From patchwork Sun Mar 29 22:46:12 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 84764
X-Patchwork-Delegate: yoann.congal@smile.fr
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 97614FF4920
	for <webhook@archiver.kernel.org>; Sun, 29 Mar 2026 22:46:40 +0000 (UTC)
Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com
 [209.85.128.50])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.38496.1774824394117912366
 for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:34 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=PeOKX9tg;
 spf=pass (domain: smile.fr, ip: 209.85.128.50,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f50.google.com with SMTP id
 5b1f17b1804b1-486fd5360d4so51248265e9.1
        for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1774824392; x=1775429192;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=T+R7PuJ+CsfXjuC7V/6QmmmvMOueIhSFAnJLctsI/fs=;
        b=PeOKX9tgtLh+L0w2C6wCKGXp2Yje466CscjtIN6ehUR3f/xL5uHBa8Swq/nQSGe5RM
         hrpsASZmrI+XHctalbhRzDi0G9t1upCH+xS+Xu9ULznG0DSBcpdlXMtN0DV/hMtfgkjy
         v6y9d+hNnw44stCtPILmd5UEyHu+KhOgSYm9U=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774824392; x=1775429192;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=T+R7PuJ+CsfXjuC7V/6QmmmvMOueIhSFAnJLctsI/fs=;
        b=R1OIzqcNZOpR6Lre9Pythrl5Aoe0SHAbB5SpXQzTLOBfOgN0PqXqgU7mK7TUYBgjAV
         SIX7/5fSKSSNp+abxToOixQ1FCZxLp+Q52W3PJ8iXAs9Xzykd5ulO4lk6hSspeWCwGtD
         Xrs9J59k9AlyuWkzPfkLSmzMT7QRY0A+1lCbLadK5kPVSj/nRkGh6Tcl39Ou1ePKn9fD
         2bhGtBhXErz1EG+rLw100I27q9tUg+UZZ77NdzBbwvW68Ioayx+FIWhXLZGKFPeHZ9rb
         hUMOIVC3rihckSbGp0fSYyOVPfGz1HNhMDkp6iOddReTZp7nb/Jnj6Ig3bqB3CQ0CJeX
         L3cw==
X-Gm-Message-State: AOJu0YxnY0wdFmViCcfYnR72E4Qa5+Yiw9Z03FxD0UwzfEglfVd50krH
	vEMcMZKCHQPClAnJtjsgQ1X4AF205oGbXpldtWDdC6nD4QEqfuRExoDZ5LdriahLOVRBCTIjt2h
	iFruMHgw=
X-Gm-Gg: ATEYQzycXa3GQIzFrRi8YACooW+W1AWZki8ySOe/Z6x0zgt1cSqfzuVRAXRlQVpmv1W
	J2DlBzAuNEGOV555asJT2KKj04f0rAcIE9JamebhxsRSZypx8WTnkrRp4gxWwQeFizQBHZb3WnP
	axPQJwYeagX/hkieYdj3vNKasppgchOaC8r6mpgzI1gzPqOnon8xKg8oEbFY8ib9SeY4MY+2/Y4
	9GSA+kagYJJucWyxRsANbdWyjkEzaDNr95bl8G/wN8AZI1BviOxXo65JoBf6r7eNXNv6QUURzHQ
	N6z9Md2Yl3iG7YAqWYRHfSjSVdjxnVqa3HxZ8QlbCg6ocgXGcXRBrOiEY3/b76n3EfpTOWo+SQt
	hAjk37tTrC93hRoGZEVp3CyO6kOg5e3ue7AcAdHpw/V/KvJXom3L+rvIxRf3hWpuiTpz7/dQDP1
	xzPkXHPh2Wf13Ao0lzgM8Y5wYx+j1uIKXtLsa5wAzVjbql+H6E1VbQEXhWmvqY2Qcn2WJ5IcFtF
	ewdme6Tf89QJwtMxhZJdpUaVxrSTclR2pMfnw==
X-Received: by 2002:a05:600c:c87:b0:486:f308:94ec with SMTP id
 5b1f17b1804b1-48727edf6eemr181700065e9.24.1774824392281;
        Sun, 29 Mar 2026 15:46:32 -0700 (PDT)
Received: from FRSMI25-LASER.home
 (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr.
 [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4873061eeeasm133760375e9.2.2026.03.29.15.46.31
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 29 Mar 2026 15:46:31 -0700 (PDT)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 05/11] pseudo: Add fix for glibc 2.43
Date: Mon, 30 Mar 2026 00:46:12 +0200
Message-ID: 
 <ebe917f3d1e858ddfcc1bcbf209ed55b422a527d.1774824253.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1774824253.git.yoann.congal@smile.fr>
References: <cover.1774824253.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sun, 29 Mar 2026 22:46:40 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/234186

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Update to add a fix for a function definition to work with glibc 2.43.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[YC: upstream commit 7d35b0e7929d666af783db835a3a809f8f6ce429]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 0f063f18812..3ae560487bd 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -12,7 +12,7 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "43cbd8fb4914328094ccdb4bb827d74b1bac2046"
+SRCREV = "56e1f8df4761da60e41812fc32b1de797d1765e9"
 S = "${WORKDIR}/git"
 PV = "1.9.3+git"
 

From patchwork Sun Mar 29 22:46:13 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 84766
X-Patchwork-Delegate: yoann.congal@smile.fr
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7D610FC72A3
	for <webhook@archiver.kernel.org>; Sun, 29 Mar 2026 22:46:40 +0000 (UTC)
Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com
 [209.85.128.45])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.38497.1774824395155805568
 for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:35 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=o2JnZdos;
 spf=pass (domain: smile.fr, ip: 209.85.128.45,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f45.google.com with SMTP id
 5b1f17b1804b1-486507134e4so44986995e9.0
        for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1774824393; x=1775429193;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=P+DU1DQqJCo0kg1Hh2Hy+9t8f8niQx7kgij3NS70Oi8=;
        b=o2JnZdos8FHoiYi2nn0RwY8Pw+QU48feDYGJXxsNCdzYLWXrgg7AoiQzyNMARsgeC3
         FoPDaBnKeAKYos052bAbJONpSQPyGG9IEd03iBdjVn/YfzFz0bLFvT5We3mW16DBmOUX
         QFqTJKZQzgoGEIqV2L1WmNfqGDt0OxkxeLjRQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774824393; x=1775429193;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=P+DU1DQqJCo0kg1Hh2Hy+9t8f8niQx7kgij3NS70Oi8=;
        b=GP1mp4a8XMKtipvFv4PrCgigzP0byZfZkScdEzt1Xh4uQV7lp1LMH/JRpA/1lVBVA9
         Zwltehy5xZtxFEHaWhcBxvcSMmr6uebdgJBME232ZAk07SeJgpwyd1UOCGY8itAgJ5mE
         TD4IANg5UIdrD7ZYrr6TNnn7N19kZFpFkP1E0BVeXZGtsiemmGA1wb32+8H0D8ldWDPQ
         bBSRQVME2GoPI+CHj2o6QIWBpc91lDfrtm+iz4jZZfcFsYDs0HXfTSd0UTKskTj6rL83
         vVZuOgxn7pEa7ljAq4Oy3B3zGglBEkAlkw8gbmCIzUpbtnX7gfs/E2Dj7flpMipwW6Re
         Yh5g==
X-Gm-Message-State: AOJu0Yz+MfwVPsXRylaWDerl6n9XdfoNP0/AE+yCFl3y7qpxmpzorMzx
	4iKHHLhshhBPiAGOuiHbE/kY6NDsDDzr6zf7UC8b1+5gq2RlX69eCwFVmA5bN3KG4nX3NDv5YNa
	DuBlBG5M=
X-Gm-Gg: ATEYQzxFK/iFHq94kqYxLYOkqsKNtzx4gAGSV496/EBFKDpcZ7ZWXBc4VrQAKRj2YxQ
	ymwearKpZiuNrLnhHWTRPb2Qub52l9tKsMjAzPO+OtjF0/7Sg9OqBkgtU0xZjctvzRFwue37DJd
	jZmv3ucNulatMuja68VN84rStQEnGD8zvP/tz0vkqksIG9Axzfy6cgK/BWVfIIia/GvFaUV0sWi
	q5/fiyO8qx4lzXo3KJtJAsDLZpWorAPrbKhXR3Mu/KbmtwRU65h8SvuOH6hP3Udnsn5eN3dOEr1
	JEK5L4qXw8pdI1ivZ4EgM2pJhI3bRNMWvLY0H9ozP+mfYvFTN/ekvXk/dl30Ke3BbKXkhMEZq9/
	lZdRLGQsBiX9bEeTBMaKzi57QyW4i7b+jizdR9rFOUGkAf3xls9QzxH0MEAhVpSzAWKofvqya0M
	tsSFLLy15CJ0d6zeuZGOKjlmmwRRpk73MKCzkOQOD5/gczZG4MK8f+1gqvi7QJmIE+mlsJq9MLt
	A1ZYuU1Ar4OnKXHPOFQyJk+QTk=
X-Received: by 2002:a05:600c:4e08:b0:485:363b:fafe with SMTP id
 5b1f17b1804b1-48727d5e971mr186098755e9.1.1774824393251;
        Sun, 29 Mar 2026 15:46:33 -0700 (PDT)
Received: from FRSMI25-LASER.home
 (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr.
 [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4873061eeeasm133760375e9.2.2026.03.29.15.46.32
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 29 Mar 2026 15:46:32 -0700 (PDT)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 06/11] yocto-uninative: Update to 5.0 for needed
 patchelf updates
Date: Mon, 30 Mar 2026 00:46:13 +0200
Message-ID: 
 <2e2985c52dfdd9601e97477f26fd6c442b418ba5.1774824253.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1774824253.git.yoann.congal@smile.fr>
References: <cover.1774824253.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sun, 29 Mar 2026 22:46:40 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/234187

From: Michael Halstead <mhalstead@linuxfoundation.org>

Solves some segfaults on relocated qemu-img binaries.

[YOCTO #16003]

Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b322bc5387f3baedca5c71ccecaed08d2b046eab)
[YC: fixed the commit title]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/conf/distro/include/yocto-uninative.inc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index 3ced03d4771..e9dc6c86408 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -7,9 +7,9 @@
 #
 
 UNINATIVE_MAXGLIBCVERSION = "2.42"
-UNINATIVE_VERSION = "4.9"
+UNINATIVE_VERSION = "5.0"
 
 UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
-UNINATIVE_CHECKSUM[aarch64] ?= "812045d826b7fda88944055e8526b95a5a9440bfef608d5b53fd52faab49bf85"
-UNINATIVE_CHECKSUM[i686] ?= "5cc28efd0c15a75de4bcb147c6cce65f1c1c9d442173a220f08427f40a3ffa09"
-UNINATIVE_CHECKSUM[x86_64] ?= "4c03d1ed2b7b4e823aca4a1a23d8f2e322f1770fc10e859adcede5777aff4f3a"
+UNINATIVE_CHECKSUM[aarch64] ?= "a25f2174d0cefcb22af005e9bc72ac01ae83b011c5b6d6d5bf00dac979877f76"
+UNINATIVE_CHECKSUM[i686] ?= "959cc2539b692f9b9862825c7324a0fe4d061fca742f6c259f67f581c59af956"
+UNINATIVE_CHECKSUM[x86_64] ?= "96045e8b1e242c8a849426a8506c7043f354b39f2bc0035192780e8205e23e9d"

From patchwork Sun Mar 29 22:46:14 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 84763
X-Patchwork-Delegate: yoann.congal@smile.fr
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 689C9F3D61F
	for <webhook@archiver.kernel.org>; Sun, 29 Mar 2026 22:46:40 +0000 (UTC)
Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com
 [209.85.128.52])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.38499.1774824397847870880
 for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:38 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=FPb/wwB4;
 spf=pass (domain: smile.fr, ip: 209.85.128.52,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f52.google.com with SMTP id
 5b1f17b1804b1-483487335c2so40272485e9.2
        for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1774824396; x=1775429196;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=SNnr8zCuK9rJCkrulyG7Tv1QtQHZbFJT4AbUSi4SIIA=;
        b=FPb/wwB4PE+ZjffN7HxHGxfXHR4iyzMgRhFMH2DMLKb/kDOS3nmRFd6keB9JqPPJM/
         QF6M+rE7eVlQOpliI28toGn81Frr0FaXdl3f/KQJ5jJMFFnkjj561DEqpb7U2tt+ciIv
         rVq1IoQTQ9xfzZ827WlvgIHyl+iCZlzty2Osw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774824396; x=1775429196;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=SNnr8zCuK9rJCkrulyG7Tv1QtQHZbFJT4AbUSi4SIIA=;
        b=HR2dsEP4amiaWF5LbN+RFH4rnPtqd6rfs7pO2AS7JDWCVYkBW6n43j3S9kfHqC57bS
         wIPFfD21fdKWnI3Klkk+Ktw2G9mH41u5OOcHz50JASyB9HvPv7GwaHz/EbhmxV3HeisW
         SRM/oO9gN+dmTPlXgKDBrXFlH9oOOconBfgcfXOSrqfV2pvNoWt3WUYDJQ9j8MEmEuHa
         ximgFPrdfiexuOsTN3mp+zEZ0LHo0ACJYTF4EIM9uC+5vddjVIZlsL/lw9KO9JROr6qJ
         RKUYI08wS/xcvomvZgsQxZxkKGnkXKDnIP3PJth3fbSIiO9qaSl/+xsyTtMev6E+nobG
         dMkQ==
X-Gm-Message-State: AOJu0YyorW545kEYShIN2TuhI2a3pV9N9EptSxefBBzF+pWg/p3VaYrZ
	WVy+C2B2sKGwS+U4XTK/7vRhzUZqo09Sq2tMCxojsXntso42Vf6wcmZ/Cu6G/gkMjFRwYjcyj2g
	pqgqF5XY=
X-Gm-Gg: ATEYQzwQG4p54oMN8vLtWHjSTt3bUGVDA+SDyC7yIMCH7zwM5zdevRS8aashzqDxzwu
	EOrLlAyyxjOWxkRjkM6yPNykEwhZQayj9nXdPWKxEAT1SDeo8v0O+0eKkO+hqMl95/pJ9vSK1kH
	8lESlDjLCf2kU/lGNz2yEtCYkh9WOzVZERnzFwYDh4cXiUHAz4UXdO+prdpDK+MqICSO5coDmKV
	BQDtUQHpmHx7z+hbCUxw4XSfHeZ2wOJY3ms5D5tBoXEiwcGAnUXEk/xSlUwAGzAFiOedmDOqRXP
	uZX4wPOuvOAk4G8G1ZX23V7uzc1Gga2Ba0Bfp5W+svP5qS0Q1tOGeb9mtQETKV79h5aTT01EUs0
	N5oMjKIn35JKC4DbBQ5id+MLUS8OYNMU32rzPA4c+8gDsSiTpsu8Eco41TKSOYVDcdwbt/BUWkM
	qZd84Nw/w0IYcpv7QNdNUOuaEn19LNJ9R0U9wOcBanIHXnxivgJhnR4U5WLFhq08bf6EI3f1jpa
	eJ/EyTMAZ4qtfAMNp0FoKSCXCQ=
X-Received: by 2002:a05:600c:3b1c:b0:485:6bcc:87dc with SMTP id
 5b1f17b1804b1-48727f27c5fmr188570655e9.14.1774824396018;
        Sun, 29 Mar 2026 15:46:36 -0700 (PDT)
Received: from FRSMI25-LASER.home
 (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr.
 [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4873061eeeasm133760375e9.2.2026.03.29.15.46.33
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 29 Mar 2026 15:46:33 -0700 (PDT)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 07/11] yocto-uninative: Update to 5.1 for glibc
 2.43
Date: Mon, 30 Mar 2026 00:46:14 +0200
Message-ID: 
 <d5bc8ec69bf469385db60ff13110a4cfa2dcc67b.1774824253.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1774824253.git.yoann.congal@smile.fr>
References: <cover.1774824253.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sun, 29 Mar 2026 22:46:40 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/234188

From: Michael Halstead <mhalstead@linuxfoundation.org>

Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c1fb515f2a88fa0a0e95529afc07a99db001af0e)
[YC: fix duplicated line in commit message]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/conf/distro/include/yocto-uninative.inc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index e9dc6c86408..d97c96f631f 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,10 +6,10 @@
 # to the distro running on the build machine.
 #
 
-UNINATIVE_MAXGLIBCVERSION = "2.42"
-UNINATIVE_VERSION = "5.0"
+UNINATIVE_MAXGLIBCVERSION = "2.43"
+UNINATIVE_VERSION = "5.1"
 
 UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
-UNINATIVE_CHECKSUM[aarch64] ?= "a25f2174d0cefcb22af005e9bc72ac01ae83b011c5b6d6d5bf00dac979877f76"
-UNINATIVE_CHECKSUM[i686] ?= "959cc2539b692f9b9862825c7324a0fe4d061fca742f6c259f67f581c59af956"
-UNINATIVE_CHECKSUM[x86_64] ?= "96045e8b1e242c8a849426a8506c7043f354b39f2bc0035192780e8205e23e9d"
+UNINATIVE_CHECKSUM[aarch64] ?= "4166237a9dabd222dcb9627a9435dffd756764fabf76ed7ef2e93dc2964567ad"
+UNINATIVE_CHECKSUM[i686] ?= "761502cc9aef4d54d0c6fe9418beb9fdd2c6220da6f2b04128c89f47902ab9ae"
+UNINATIVE_CHECKSUM[x86_64] ?= "2b63a078c26535e0786e87f81ae69509df30f4dce40693004c527bd5e4ab2b85"

From patchwork Sun Mar 29 22:46:15 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 84765
X-Patchwork-Delegate: yoann.congal@smile.fr
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 37873FC981D
	for <webhook@archiver.kernel.org>; Sun, 29 Mar 2026 22:46:40 +0000 (UTC)
Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com
 [209.85.128.43])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.38746.1774824398859442289
 for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:39 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=dx/+wVm2;
 spf=pass (domain: smile.fr, ip: 209.85.128.43,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f43.google.com with SMTP id
 5b1f17b1804b1-48558d6ef83so37229765e9.3
        for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1774824397; x=1775429197;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=a8Dd+FrHpCNy79P3B933WiRSDFENewdEom0cBtxoJ3g=;
        b=dx/+wVm2WbF3milBBeD3w/OFdy8NhdR23rzHEyuacymtwimpJSUGE3i8FRdbgKVBgE
         SQQ8tUPG+bxNjmzwmCG1s9G8vuNHRiRkrZ0nfhgkTbheXkBuNA677gmqlAc+Wnr9Vzi3
         4yg3F2kvZcEM3yGg7PCSKxO6mtktBAUyRSBXo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774824397; x=1775429197;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=a8Dd+FrHpCNy79P3B933WiRSDFENewdEom0cBtxoJ3g=;
        b=Ssz7Xonr2FCQ3iZitIAUJHl8Kp041P1bwIYoHQ2GpsuipMtVMAlj8ZPwbp8ueah5Kd
         Jr6I3LSyzvI2zUJE1dKnmuhVSuZ8mCPhOQn403uxy6dK/etwnCim9JNxL+4om+DVaU4c
         knOC5h7ZYy0JDl4y3OG3c3cyy1DVQ6nawd7QSjd3rsQ4IjNKX9CqQV/Clb+Tn2xJv0Sk
         u/pxNg46nq6hQ1CilHIvuAgWPQ4JG3PlnY8+WbRp1svdGcTTzzcqIfa4YCCqghOra3Fr
         ML5PRNS+KAT2ZmW+7qQizNTknJq4WrY+FUVCdGFn2wJ/zu4tlz4hBiHV1G7pZ5hHaOaB
         1fNA==
X-Gm-Message-State: AOJu0YzPws4bSL9gF+FQAw/lMTocQ3tm9igvsFHv01c5VJTXDB6nBQUr
	odup25Z+jHirNXFaU2S9D0gg0VLAztobXJY35hdKlZNR2tHAuKoy1DPQ6EsNk96XXLG8E0u1rch
	59RTrrrU=
X-Gm-Gg: ATEYQzz7X6NzowkeWYdCms7sfLN96puN4+/1dvnRo8JPqYlKtuILyuSyeFAeGGq5wa9
	buRvf0a/VTFteRB3tqCOJ7ucfLRXCp8KJ36rOBC+yk/2CUkcKz3Ls1IPImYJx7RgH9mujOWi1fe
	P4f0dOxhstPvovpq4egGhiC91+/BaiHZNVjvVTfOtNqu67J+mQQigCi0Iu8yM4sN4ro/8bDLe7p
	YhLGGTujphbxoYr8ur1yNj6bFNGkiJDZBU2Wn+TSSdadxzJ0F8CLh/A9uGLSsPvQOMmrm2xfaTC
	2KrIknTgrTJ8X3wqJ5UScKedz8peuptRO6VtSLRU7+XHYH9swt6jCrrkkY1BAe/kkp1wYzpO7z0
	mjVUoIzSjT9ljyp2AibTdjW/NX3lVR6F5l0SNKXGrD2/ZOHButhARNA8NF9lAa1E8u736z8Z9xN
	IRg3m004YM6tLGec4uPyLWVonqRUqROVTG7GjET6wWwdqM02BadWjJyHFYsg7Tkoten+BJubEsE
	/3ldIlX0PeLLyQj7xdOgICWLzQ=
X-Received: by 2002:a05:600c:3b04:b0:486:fbd1:9dc0 with SMTP id
 5b1f17b1804b1-48727eddef6mr168335975e9.22.1774824396961;
        Sun, 29 Mar 2026 15:46:36 -0700 (PDT)
Received: from FRSMI25-LASER.home
 (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr.
 [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4873061eeeasm133760375e9.2.2026.03.29.15.46.36
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 29 Mar 2026 15:46:36 -0700 (PDT)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 08/11] elfutils: don't add -Werror to avoid
 discarded-qualifiers
Date: Mon, 30 Mar 2026 00:46:15 +0200
Message-ID: 
 <4ad061a46e26b12c1f2352274fe7c9a829fe9756.1774824253.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1774824253.git.yoann.congal@smile.fr>
References: <cover.1774824253.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sun, 29 Mar 2026 22:46:40 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/234190

From: Martin Jansa <martin.jansa@gmail.com>

With glibc-2.43 on host elfutils-native fails with:
elfutils-0.191/libcpu/riscv_disasm.c:1259:46: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]

elfutils-0.194 in master doesn't have this issue thanks to this patch avoiding -Werror from:
https://git.openembedded.org/openembedded-core/commit/?id=1d6ac3c811798732e6addc798656bbe104661d77

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../elfutils/elfutils_0.191.bb                |  1 +
 ...001-config-eu.am-do-not-force-Werror.patch | 34 +++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-devtools/elfutils/files/0001-config-eu.am-do-not-force-Werror.patch

diff --git a/meta/recipes-devtools/elfutils/elfutils_0.191.bb b/meta/recipes-devtools/elfutils/elfutils_0.191.bb
index 0fd6d31af19..5156e5c9f6d 100644
--- a/meta/recipes-devtools/elfutils/elfutils_0.191.bb
+++ b/meta/recipes-devtools/elfutils/elfutils_0.191.bb
@@ -23,6 +23,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
            file://0001-tests-Makefile.am-compile-test_nlist-with-standard-C.patch \
            file://0001-debuginfod-Remove-unused-variable.patch \
            file://0001-srcfiles-fix-unused-variable-BUFFER_SIZE.patch \
+           file://0001-config-eu.am-do-not-force-Werror.patch \
            file://CVE-2025-1352.patch \
            file://CVE-2025-1365.patch \
            file://CVE-2025-1372.patch \
diff --git a/meta/recipes-devtools/elfutils/files/0001-config-eu.am-do-not-force-Werror.patch b/meta/recipes-devtools/elfutils/files/0001-config-eu.am-do-not-force-Werror.patch
new file mode 100644
index 00000000000..d4e141927f1
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/0001-config-eu.am-do-not-force-Werror.patch
@@ -0,0 +1,34 @@
+From e169c3fc734be1783b3e1a4768dbec05fb64cb4f Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Fri, 22 Nov 2024 12:50:48 +0100
+Subject: [PATCH] config/eu.am: do not force -Werror
+
+This is undesirable when compiler versions may not be the same
+as what upstream is using for their own testing.
+
+Upstream-Status: Inappropriate [oe-core specific]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ config/eu.am | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/config/eu.am b/config/eu.am
+index 0b7dab5..5e7a03f 100644
+--- a/config/eu.am
++++ b/config/eu.am
+@@ -99,7 +99,6 @@ AM_CFLAGS = -std=gnu99 -Wall -Wshadow -Wformat=2 \
+ 	    $(LOGICAL_OP_WARNING) $(DUPLICATED_COND_WARNING) \
+ 	    $(NULL_DEREFERENCE_WARNING) $(IMPLICIT_FALLTHROUGH_WARNING) \
+ 	    $(USE_AFTER_FREE3_WARNING) \
+-	    $(if $($(*F)_no_Werror),,-Werror) \
+ 	    $(if $($(*F)_no_Wunused),,-Wunused -Wextra) \
+ 	    $(if $($(*F)_no_Wstack_usage),,$(STACK_USAGE_WARNING)) \
+ 	    $(if $($(*F)_no_Wpacked_not_aligned),$(NO_PACKED_NOT_ALIGNED_WARNING),) \
+@@ -109,7 +108,6 @@ AM_CXXFLAGS = -std=c++11 -Wall -Wshadow \
+ 	   $(TRAMPOLINES_WARNING) \
+ 	   $(LOGICAL_OP_WARNING) $(DUPLICATED_COND_WARNING) \
+ 	   $(NULL_DEREFERENCE_WARNING) $(IMPLICIT_FALLTHROUGH_WARNING) \
+-	   $(if $($(*F)_no_Werror),,-Werror) \
+ 	   $(if $($(*F)_no_Wunused),,-Wunused -Wextra) \
+ 	   $(if $($(*F)_no_Wstack_usage),,$(STACK_USAGE_WARNING)) \
+ 	   $(if $($(*F)_no_Wpacked_not_aligned),$(NO_PACKED_NOT_ALIGNED_WARNING),) \

From patchwork Sun Mar 29 22:46:16 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 84762
X-Patchwork-Delegate: yoann.congal@smile.fr
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 19ED7FC981C
	for <webhook@archiver.kernel.org>; Sun, 29 Mar 2026 22:46:40 +0000 (UTC)
Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com
 [209.85.128.42])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.38501.1774824399483087567
 for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:39 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=xWESXuGp;
 spf=pass (domain: smile.fr, ip: 209.85.128.42,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f42.google.com with SMTP id
 5b1f17b1804b1-486fc4725f0so37166975e9.1
        for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1774824397; x=1775429197;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=SRa06zBwHlV5Ag93Oy22/3Js8afWQqIL+H84bObHBSI=;
        b=xWESXuGp2avY+4uwrZk90zWz5z+3qUlFptPZJBxJKxwjmiy6iLOk/CN6hMEnAs4MLF
         6bewo/rYwWryoQhUxK//TGESFv+4SQTCB5ENwxO9VcFqDk/jH74tfx3jpL6SHlws3j2D
         OecQ6XQdeGIM7Ba8x0fZYTlcXNKqDv9gL2org=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774824397; x=1775429197;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=SRa06zBwHlV5Ag93Oy22/3Js8afWQqIL+H84bObHBSI=;
        b=cD3ar0/lurILQ5EfZkzy7TpvVzY+34IpTEbN4lt/RZsEDXWYeQLz0X2S5UGb1agXfN
         zmx/4hMZTF27Lxo+h1LLZXuFrsayOatWXa73KSxlPJGzWqirkH718jT4Kz2ynzPP+TKS
         No/1b7OGRzLiyBZUZEu31Z2j3IIBVMaWCnsa3t70Qr/u1rVPfIoEH52K4meEPI5ZofSM
         U6bCvc46sjFOiJiVT0eBj11Eu0CZCEg1K6eKk5sSleENPqQMfjhVSROt4CMpnU3u2ZG9
         QKhlz6a88GSg3MZ0RjQgbc/zJrJs9fN0rKT72jXXjN6jYD9Qj0+21QFWWKfoSihKlclI
         VdQQ==
X-Gm-Message-State: AOJu0Yw2+xloF3Qmbf+uEfSDseLcy0OjbKE1eTts0OUjVRmtaYBxFxEw
	qhEMWXoYO+I7TWY9Q8wHjJC498G9TQir65jwiVxqgVSiXl6sJqdbyCJVzGAy3OAJ5xqK/M95RhG
	YAWtL2Rw=
X-Gm-Gg: ATEYQzwCN/zesjT5MeQ1L4rl6WfZR2FOj3fzOI/OH5HdN1BrlQxqj6W2JeP7jJvNkRK
	xbGgJzh2P/ylywxdA9OjyFAFokan85KTKfnHoeJXj8ZSmzhPJKz+HUwTXG9GmSL7AelUxWbRLo0
	XAQ2EUoZfbm5JED8vVtWAmNDGav7Ut2aaldXntvo0G4Rl8reaK5XZ7RKVVKVtBMScfoBgdLpkaT
	gzuig27xBju8qpnHSEzymnG+/eRC3vIvXeV4BHJ8HVz9l15NsLtpqCHBjceVyGlVY2M72YeHk+O
	mc2vw7hN33OBbYZOabQKLK9zDsEojPU+YDcaafDfkm54RVSsMQKsUMiLWP8z9rTi8nGtCXPfEfs
	8dWkVlvPXrWAnLbxVsC831FWYsl1lNLS7qsFf78q2NuHbbugszxrlaZpqL9yPGnracVfgKD6NnF
	rY0sq+ns8ijJalyCopVl7p1S34CCRgX8kGbuf8nZM3k3R2XmEQNDbSjWWGXXBCmu9abEOy87e8m
	4aji/7fFcvbUH9IjKXritshBnQ=
X-Received: by 2002:a05:600c:2d09:b0:487:22ad:403e with SMTP id
 5b1f17b1804b1-48735159152mr36445075e9.14.1774824397512;
        Sun, 29 Mar 2026 15:46:37 -0700 (PDT)
Received: from FRSMI25-LASER.home
 (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr.
 [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4873061eeeasm133760375e9.2.2026.03.29.15.46.37
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 29 Mar 2026 15:46:37 -0700 (PDT)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 09/11] binutils: backport patch to fix build with
 glibc-2.43 on host
Date: Mon, 30 Mar 2026 00:46:16 +0200
Message-ID: 
 <4618b2cc830e53ede824ec0d9abbd939013d1c94.1774824253.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1774824253.git.yoann.congal@smile.fr>
References: <cover.1774824253.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sun, 29 Mar 2026 22:46:40 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/234191

From: Martin Jansa <martin.jansa@gmail.com>

Fixes:
../../../gprofng/libcollector/linetrace.c: In function ‘__collector_ext_line_install’:
../../../gprofng/libcollector/linetrace.c:219:45: error: expected identifier before ‘_Generic’
  219 |   if (java_follow_env != NULL && CALL_UTIL (strstr)(java_follow_env, COLLECTOR_JVMTI_OPTION))
      |                                             ^~~~~~
../../../gprofng/libcollector/linetrace.c:219:34: note: in expansion of macro ‘CALL_UTIL’
  219 |   if (java_follow_env != NULL && CALL_UTIL (strstr)(java_follow_env, COLLECTOR_JVMTI_OPTION))
      |                                  ^~~~~~~~~

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../binutils/binutils-2.42.inc                |  1 +
 ...tect-against-standard-library-macros.patch | 31 +++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0022-gprofng-protect-against-standard-library-macros.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc
index 839d31242ef..36bd49ad03d 100644
--- a/meta/recipes-devtools/binutils/binutils-2.42.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.42.inc
@@ -43,6 +43,7 @@ SRC_URI = "\
      file://0019-Fix-32097-Warnings-when-building-gprofng-with-Clang.patch \
      file://0020-gprofng-fix-std-gnu23-compatibility-wrt-unprototyped.patch \
      file://0021-gprofng-fix-build-with-std-gnu23.patch \
+     file://0022-gprofng-protect-against-standard-library-macros.patch \
      file://0018-CVE-2025-0840.patch \
      file://CVE-2025-1176.patch \
      file://CVE-2025-1178.patch \
diff --git a/meta/recipes-devtools/binutils/binutils/0022-gprofng-protect-against-standard-library-macros.patch b/meta/recipes-devtools/binutils/binutils/0022-gprofng-protect-against-standard-library-macros.patch
new file mode 100644
index 00000000000..0fa0a939918
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0022-gprofng-protect-against-standard-library-macros.patch
@@ -0,0 +1,31 @@
+From 5f66aee7f4bec7a2d8378034116f5e5c3dc50f41 Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@suse.de>
+Date: Sat, 22 Nov 2025 11:29:43 +0100
+Subject: [PATCH] gprofng: protect against standard library macros
+
+The CALL_UTIL macro can expand to an unparsable expression of the argument
+is a macro, like with the new const-preserving standard library macros in
+C23.
+
+	* gprofng/src/collector_module.h (CALL_UTIL): Add parens to not
+	expand its argument if it is a function-like macro.
+
+Upstream-Status: Backport [2.46 5f66aee7f4bec7a2d8378034116f5e5c3dc50f41]
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
+---
+ gprofng/src/collector_module.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gprofng/src/collector_module.h b/gprofng/src/collector_module.h
+index b64d69c45ab..859a6dd1f7d 100644
+--- a/gprofng/src/collector_module.h
++++ b/gprofng/src/collector_module.h
+@@ -119,7 +119,7 @@ typedef struct CollectorUtilFuncs
+ extern CollectorUtilFuncs __collector_util_funcs;
+ extern int __collector_dlsym_guard;
+ 
+-#define CALL_UTIL(x) __collector_util_funcs.x
++#define CALL_UTIL(x) (__collector_util_funcs.x)
+ 
+ /* The following constants define the meaning of the "void *arg"
+  * argument of getFrameInfo().

From patchwork Sun Mar 29 22:46:17 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 84772
X-Patchwork-Delegate: yoann.congal@smile.fr
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A2E42FF492B
	for <webhook@archiver.kernel.org>; Sun, 29 Mar 2026 22:46:41 +0000 (UTC)
Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com
 [209.85.128.49])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.38747.1774824400009416061
 for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:40 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=SzkwCBGg;
 spf=pass (domain: smile.fr, ip: 209.85.128.49,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f49.google.com with SMTP id
 5b1f17b1804b1-483487335c2so40272575e9.2
        for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1774824398; x=1775429198;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ILnd2rVswjl9uGlcuyKTgq1kNzzjubpgOLOZCzpAf3k=;
        b=SzkwCBGgXnlpXXnaXBJANk7/AWvGwy4RQCTI58l/LRP1C7F0slHEVxnJmBsTrpGyg9
         Nyn/Od/BSHVqVwEVsSart4gvMb60U705v6AiJmJSJHAPAExDprtOzsapPz8GdayoGC4X
         aLwZn29dydlJMhRAWigFHK7SQDEW36qUuXLlc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774824398; x=1775429198;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=ILnd2rVswjl9uGlcuyKTgq1kNzzjubpgOLOZCzpAf3k=;
        b=G7U5SqSV1iYes9rfg+Y7FXeVeq2RMgJeKR0Znj+H6hGndCNGZG6euMu31poOeV5CGN
         R6R1RiTiYEVkdxb/geqLfuCrEPZdKAtKJpMDFWEUc08ajiWEbZ0t4IBCEJcapFF7lKoD
         JxUKzLxtJTfS5rezd2VZUM5umnlRM+lW5/4273kvf3VQKzsXLi9qYpPrvVllftflV0Vz
         iZTtR7VD9yXbBwgbLuRFFl/KgOGcZe1tHDiCc3IwgZkyW6qC0wDb+hta60CDomPvm1WO
         eFSADWQphy/A8EglATdmHmCptjwcNUv9NRsDROvEFj93ExZrcgOFdsvMxRk5ioKXm7df
         keHw==
X-Gm-Message-State: AOJu0YyIoFs0c1pQBjpLA+Oy8COSOZlV+6SnrCWQ8dh4aoebN0vXEysM
	H0Ue4MLnhWPnm9RU3okqFUqD2lB6BP2cwRmKKkbIac7Mw/yeESW+zIyCxaikr+/pBcJoXt2EFWE
	vaNCCWYM=
X-Gm-Gg: ATEYQzzI8jPtQWOJyAWbct54gKxyQ6ATd10gStBPxjnWI6fXBCLyCKQEtmYHssS3N7r
	7Ua+hUWEUZ/GWGn3paGR8umlZjIV+xcBxmRa11jpoeUji+5Lfcod6UI1Uh0B65W4oeUI09m/P+q
	Q7g3I7qU5wY+t7Sg9M3GZEkoc881pTlMlMlHMqFgLnxutlS3fknwAY9jtlnobOkXR6WMkCJHwTZ
	LQIa/kbdvAcsiglnOyAhR2Tpec0yjKK4nMPiMMwJyvvS/p5K8y4Xk46iH7vS9VRN4XDbWfrFMuN
	UOX0bkQ5BHWv1yveJC4P10sCwuaBVBWeTc7e+hkJI40rvHV3RMqMUtVeIviU8lOmLy2OG9mEagS
	Qi44QXVW7+E7nUZ0jU6C6jqaqErkHYGP09BQeom6UHKVwXv8PWMwnsLCQq8Aaa5eN5nvysaalIo
	ZL2B4DrNoUDBR6dCzdpQpmf8Dzfyu0oQScrQM8fSwR/YmABxHBK9lm51ZhM2RZlQwXdJ+RFlrZL
	H9BS1BejyaaAaci4FdzrtP47AE=
X-Received: by 2002:a05:600c:c178:b0:485:b6dd:5066 with SMTP id
 5b1f17b1804b1-48727ef164cmr174892455e9.7.1774824398101;
        Sun, 29 Mar 2026 15:46:38 -0700 (PDT)
Received: from FRSMI25-LASER.home
 (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr.
 [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4873061eeeasm133760375e9.2.2026.03.29.15.46.37
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 29 Mar 2026 15:46:37 -0700 (PDT)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 10/11] python3-pyopenssl: Fix CVE-2026-27448
Date: Mon, 30 Mar 2026 00:46:17 +0200
Message-ID: 
 <7b5fd457e64f50aa501361b2ca8a0732767d60cf.1774824253.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1774824253.git.yoann.congal@smile.fr>
References: <cover.1774824253.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sun, 29 Mar 2026 22:46:41 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/234192

From: Vijay Anusuri <vanusuri@mvista.com>

Pick patch mentioned in NVD

[1] https://nvd.nist.gov/vuln/detail/CVE-2026-27448
[2] https://ubuntu.com/security/CVE-2026-27448

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../python3-pyopenssl/CVE-2026-27448.patch    | 124 ++++++++++++++++++
 .../python/python3-pyopenssl_24.0.0.bb        |   4 +
 2 files changed, 128 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch

diff --git a/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch
new file mode 100644
index 00000000000..87f46b4cb0f
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch
@@ -0,0 +1,124 @@
+From d41a814759a9fb49584ca8ab3f7295de49a85aa0 Mon Sep 17 00:00:00 2001
+From: Alex Gaynor <alex.gaynor@gmail.com>
+Date: Mon, 16 Feb 2026 21:04:37 -0500
+Subject: [PATCH] Handle exceptions in set_tlsext_servername_callback callbacks
+ (#1478)
+
+When the servername callback raises an exception, call sys.excepthook
+with the exception info and return SSL_TLSEXT_ERR_ALERT_FATAL to abort
+the handshake. Previously, exceptions would propagate uncaught through
+the CFFI callback boundary.
+
+https://claude.ai/code/session_01P7y1XmWkdtC5UcmZwGDvGi
+
+Co-authored-by: Claude <noreply@anthropic.com>
+
+Upstream-Status: Backport [https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0]
+CVE: CVE-2026-27448
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ CHANGELOG.rst      |  1 +
+ src/OpenSSL/SSL.py |  7 ++++++-
+ tests/test_ssl.py  | 50 ++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 57 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG.rst b/CHANGELOG.rst
+index 6e23770..12e60e4 100644
+--- a/CHANGELOG.rst
++++ b/CHANGELOG.rst
+@@ -18,6 +18,7 @@ Changes:
+ 
+ - Added ``OpenSSL.SSL.Connection.get_selected_srtp_profile`` to determine which SRTP profile was negotiated.
+   `#1279 <https://github.com/pyca/pyopenssl/pull/1279>`_.
++- ``Context.set_tlsext_servername_callback`` now handles exceptions raised in the callback by calling ``sys.excepthook`` and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded.
+ 
+ 23.3.0 (2023-10-25)
+ -------------------
+diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
+index 4db5240..a6263c4 100644
+--- a/src/OpenSSL/SSL.py
++++ b/src/OpenSSL/SSL.py
+@@ -1,5 +1,6 @@
+ import os
+ import socket
++import sys
+ import typing
+ from errno import errorcode
+ from functools import partial, wraps
+@@ -1567,7 +1568,11 @@ class Context:
+ 
+         @wraps(callback)
+         def wrapper(ssl, alert, arg):
+-            callback(Connection._reverse_mapping[ssl])
++            try:
++                callback(Connection._reverse_mapping[ssl])
++            except Exception:
++                sys.excepthook(*sys.exc_info())
++                return _lib.SSL_TLSEXT_ERR_ALERT_FATAL
+             return 0
+ 
+         self._tlsext_servername_callback = _ffi.callback(
+diff --git a/tests/test_ssl.py b/tests/test_ssl.py
+index ca5bf83..55489b9 100644
+--- a/tests/test_ssl.py
++++ b/tests/test_ssl.py
+@@ -1855,6 +1855,56 @@ class TestServerNameCallback:
+ 
+         assert args == [(server, b"foo1.example.com")]
+ 
++    def test_servername_callback_exception(
++        self, monkeypatch: pytest.MonkeyPatch
++    ) -> None:
++        """
++        When the callback passed to `Context.set_tlsext_servername_callback`
++        raises an exception, ``sys.excepthook`` is called with the exception
++        and the handshake fails with an ``Error``.
++        """
++        exc = TypeError("server name callback failed")
++
++        def servername(conn: Connection) -> None:
++            raise exc
++
++        excepthook_calls: list[
++            tuple[type[BaseException], BaseException, object]
++        ] = []
++
++        def custom_excepthook(
++            exc_type: type[BaseException],
++            exc_value: BaseException,
++            exc_tb: object,
++        ) -> None:
++            excepthook_calls.append((exc_type, exc_value, exc_tb))
++
++        context = Context(SSLv23_METHOD)
++        context.set_tlsext_servername_callback(servername)
++
++        # Necessary to actually accept the connection
++        context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
++        context.use_certificate(
++            load_certificate(FILETYPE_PEM, server_cert_pem)
++        )
++
++        # Do a little connection to trigger the logic
++        server = Connection(context, None)
++        server.set_accept_state()
++
++        client = Connection(Context(SSLv23_METHOD), None)
++        client.set_connect_state()
++        client.set_tlsext_host_name(b"foo1.example.com")
++
++        monkeypatch.setattr(sys, "excepthook", custom_excepthook)
++        with pytest.raises(Error):
++            interact_in_memory(server, client)
++
++        assert len(excepthook_calls) == 1
++        assert excepthook_calls[0][0] is TypeError
++        assert excepthook_calls[0][1] is exc
++        assert excepthook_calls[0][2] is not None
++
+ 
+ class TestApplicationLayerProtoNegotiation:
+     """
+-- 
+2.43.0
+
diff --git a/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb b/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb
index 116f214bfa8..bc0b568a46a 100644
--- a/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb
+++ b/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb
@@ -10,6 +10,10 @@ SRC_URI[sha256sum] = "6aa33039a93fffa4563e655b61d11364d01264be8ccb49906101e02a33
 PYPI_PACKAGE = "pyOpenSSL"
 inherit pypi setuptools3
 
+SRC_URI += " \
+    file://CVE-2026-27448.patch \
+"
+
 PACKAGES =+ "${PN}-tests"
 FILES:${PN}-tests = "${libdir}/${PYTHON_DIR}/site-packages/OpenSSL/test"
 

From patchwork Sun Mar 29 22:46:18 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 84771
X-Patchwork-Delegate: yoann.congal@smile.fr
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AEF81FF492D
	for <webhook@archiver.kernel.org>; Sun, 29 Mar 2026 22:46:41 +0000 (UTC)
Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com
 [209.85.128.53])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.38748.1774824400515942713
 for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:40 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=KfSIRXHH;
 spf=pass (domain: smile.fr, ip: 209.85.128.53,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f53.google.com with SMTP id
 5b1f17b1804b1-486507134e4so44987305e9.0
        for <openembedded-core@lists.openembedded.org>;
 Sun, 29 Mar 2026 15:46:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1774824399; x=1775429199;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=GZ363e0EVIi8MryHmDhiofnldkWTub/QYI8YZsUpARI=;
        b=KfSIRXHHBSym7I+sO+4v9ShSbCndQMCfxrkylCU/uXzRsSDDtfHjU0vv6cvZoPDX6i
         50Sw2vpgrhj+GpkgX21FsBqN7H3blr62LbUxwTiC4NNvuiPy8OFByEXmC+tjSIbxqqJl
         gaNoftCSVB5UV1y7u29W/k3fRg6ZnD0gZtSHA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774824399; x=1775429199;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=GZ363e0EVIi8MryHmDhiofnldkWTub/QYI8YZsUpARI=;
        b=pq72FXx+/vmzcCJ/VnALMZxUc/AaC+x8GlRwLDE0tmz6pd1EzZa0qbZPk1Nm5yfc1a
         nJpy/AYJEeeBHWOL9IloEYfl0HJTPLLDwKQiBo2+GfznWQ78FCLUqn2Ndc/iLuDYjMfA
         4Fo34J8ASzAl3yzMDvSVJC5F/gRZPjD30z0+QvlzPTjOXzQuv1RQvNkyPF7yKU0hQNi7
         5yR//RzViEb7F/rd9JuOm1xDMKlMjx0/cLfp844F9mYl1BJAobscTL18bFJWFWgi9V+0
         IArYlYFkYx4GGTaplxowx1KhrCMdjlFrUn+nyajJeDlHMvXHjT2094bQCjCBGhEbxB7Q
         eiDQ==
X-Gm-Message-State: AOJu0Yz7sA4IKkTtph8EK1tRLq4QKeYTlZy0qkHTxEO5YQQ7lcIoTFY4
	twMGW8EXeO9rD+5uhG7WxB/7cod3ZJ0dncGP0BqXdvrNkaTc8RjndF62hg3hfr7E6mEHxIo82my
	bwqwTmOo=
X-Gm-Gg: ATEYQzzfrgsGxNgdprg7YbxU8dy9OSFXBeDzP+2Nlcfwm6R8f/7xtIcpkvWKID56GX/
	3B6D+5eBE6ph4B7OobTA9bHrh75RAsMr5GZx63jeojA43li0ZAiKcTKzGAlDdBdJp/xRkSoY2MM
	+XYBvssOcln5QLM0mXHuUyPejTz8mgqhRw3i/2Mouu6GlhebB7DD2Y+B/b7XMwMzIWtQMTOYkAk
	Ub+TLHQJ9X9rHsfqVPjtv08gAsc+eIjRknIV+bMM/46d9djzLphX35IrFIjdvKpdxwCaOyyD3OL
	i1JlmMgCSs3L9W7ew99JhEoqlRsAH2NHHoMQYKa4gcshPEfB2VtXez72iKrAT7r2vrVfzi2EVOw
	9dT2+Y66mZRDoctc7zYJwiq+BTGLxSMAG3RnbPuGTjKZAn9HYtBkq0nA2QHA7z2gTuOxwj6J+6m
	YC0Aidou79luNw+Lrap4lNCuv4kJ7qK4dZAwJZGVJSOcYduaXIHq0vSV1wC5t1HTvejy51QDAFg
	uYxsMNTRe7/re98IsWucqjqc+6JG2MtoYmv4w==
X-Received: by 2002:a05:600c:8b4b:b0:486:fc46:be9e with SMTP id
 5b1f17b1804b1-48727f0e5edmr163069395e9.24.1774824398610;
        Sun, 29 Mar 2026 15:46:38 -0700 (PDT)
Received: from FRSMI25-LASER.home
 (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr.
 [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4873061eeeasm133760375e9.2.2026.03.29.15.46.38
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 29 Mar 2026 15:46:38 -0700 (PDT)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 11/11] python3-pyopenssl: Fix CVE-2026-27459
Date: Mon, 30 Mar 2026 00:46:18 +0200
Message-ID: 
 <e6f3b2e043259650d80fb6f761797c5cf5587eb5.1774824253.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1774824253.git.yoann.congal@smile.fr>
References: <cover.1774824253.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sun, 29 Mar 2026 22:46:41 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/234193

From: Vijay Anusuri <vanusuri@mvista.com>

Pick patch mentioned in NVD

[1] https://nvd.nist.gov/vuln/detail/CVE-2026-27459
[2] https://ubuntu.com/security/CVE-2026-27459

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../python3-pyopenssl/CVE-2026-27459.patch    | 109 ++++++++++++++++++
 .../python/python3-pyopenssl_24.0.0.bb        |   1 +
 2 files changed, 110 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch

diff --git a/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch
new file mode 100644
index 00000000000..f75540f96e0
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch
@@ -0,0 +1,109 @@
+From 57f09bb4bb051d3bc2a1abd36e9525313d5cd408 Mon Sep 17 00:00:00 2001
+From: Alex Gaynor <alex.gaynor@gmail.com>
+Date: Wed, 18 Feb 2026 07:46:15 -0500
+Subject: [PATCH] Fix buffer overflow in DTLS cookie generation callback
+ (#1479)
+
+The cookie generate callback copied user-returned bytes into a
+fixed-size native buffer without enforcing a maximum length. A
+callback returning more than DTLS1_COOKIE_LENGTH bytes would overflow
+the OpenSSL-provided buffer, corrupting adjacent memory.
+
+Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
+
+Upstream-Status: Backport [https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408]
+CVE: CVE-2026-27459
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ CHANGELOG.rst      |  1 +
+ src/OpenSSL/SSL.py |  7 +++++++
+ tests/test_ssl.py  | 38 ++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 46 insertions(+)
+
+diff --git a/CHANGELOG.rst b/CHANGELOG.rst
+index 12e60e4..6041fdc 100644
+--- a/CHANGELOG.rst
++++ b/CHANGELOG.rst
+@@ -16,6 +16,7 @@ Deprecations:
+ Changes:
+ ^^^^^^^^
+ 
++- Properly raise an error if a DTLS cookie callback returned a cookie longer than ``DTLS1_COOKIE_LENGTH`` bytes. Previously this would result in a buffer-overflow.
+ - Added ``OpenSSL.SSL.Connection.get_selected_srtp_profile`` to determine which SRTP profile was negotiated.
+   `#1279 <https://github.com/pyca/pyopenssl/pull/1279>`_.
+ - ``Context.set_tlsext_servername_callback`` now handles exceptions raised in the callback by calling ``sys.excepthook`` and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded.
+diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
+index a6263c4..2e4da78 100644
+--- a/src/OpenSSL/SSL.py
++++ b/src/OpenSSL/SSL.py
+@@ -691,11 +691,18 @@ class _CookieGenerateCallbackHelper(_CallbackExceptionHelper):
+     def __init__(self, callback):
+         _CallbackExceptionHelper.__init__(self)
+ 
++        max_cookie_len = getattr(_lib, "DTLS1_COOKIE_LENGTH", 255)
++
+         @wraps(callback)
+         def wrapper(ssl, out, outlen):
+             try:
+                 conn = Connection._reverse_mapping[ssl]
+                 cookie = callback(conn)
++                if len(cookie) > max_cookie_len:
++                    raise ValueError(
++                        f"Cookie too long (got {len(cookie)} bytes, "
++                        f"max {max_cookie_len})"
++                    )
+                 out[0 : len(cookie)] = cookie
+                 outlen[0] = len(cookie)
+                 return 1
+diff --git a/tests/test_ssl.py b/tests/test_ssl.py
+index 55489b9..683e368 100644
+--- a/tests/test_ssl.py
++++ b/tests/test_ssl.py
+@@ -4560,6 +4560,44 @@ class TestDTLS:
+     def test_it_works_with_srtp(self):
+         self._test_handshake_and_data(srtp_profile=b"SRTP_AES128_CM_SHA1_80")
+ 
++    def test_cookie_generate_too_long(self) -> None:
++        s_ctx = Context(DTLS_METHOD)
++
++        def generate_cookie(ssl: Connection) -> bytes:
++            return b"\x00" * 256
++
++        def verify_cookie(ssl: Connection, cookie: bytes) -> bool:
++            return True
++
++        s_ctx.set_cookie_generate_callback(generate_cookie)
++        s_ctx.set_cookie_verify_callback(verify_cookie)
++        s_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
++        s_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
++        s_ctx.set_options(OP_NO_QUERY_MTU)
++        s = Connection(s_ctx)
++        s.set_accept_state()
++
++        c_ctx = Context(DTLS_METHOD)
++        c_ctx.set_options(OP_NO_QUERY_MTU)
++        c = Connection(c_ctx)
++        c.set_connect_state()
++
++        c.set_ciphertext_mtu(1500)
++        s.set_ciphertext_mtu(1500)
++
++        # Client sends ClientHello
++        try:
++            c.do_handshake()
++        except SSL.WantReadError:
++            pass
++        chunk = c.bio_read(self.LARGE_BUFFER)
++        s.bio_write(chunk)
++
++        # Server tries DTLSv1_listen, which triggers cookie generation.
++        # The oversized cookie should raise ValueError.
++        with pytest.raises(ValueError, match="Cookie too long"):
++            s.DTLSv1_listen()
++
+     def test_timeout(self, monkeypatch):
+         c_ctx = Context(DTLS_METHOD)
+         c = Connection(c_ctx)
+-- 
+2.43.0
+
diff --git a/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb b/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb
index bc0b568a46a..94a70aa17d1 100644
--- a/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb
+++ b/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb
@@ -12,6 +12,7 @@ inherit pypi setuptools3
 
 SRC_URI += " \
     file://CVE-2026-27448.patch \
+    file://CVE-2026-27459.patch \
 "
 
 PACKAGES =+ "${PN}-tests"