From patchwork Mon Apr 6 06:26:30 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85301 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0180BEF4EB6 for ; Mon, 6 Apr 2026 06:27:41 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.49598.1775456852227934620 for ; Sun, 05 Apr 2026 23:27:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=XhHWSyns; spf=pass (domain: smile.fr, ip: 209.85.128.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-488a9033b2cso11843885e9.2 for ; Sun, 05 Apr 2026 23:27:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456850; x=1776061650; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1ym6+A4JCVPCh2T4oIKQtV7Mrbzbqe03UJK+amU/8q8=; b=XhHWSyns8qpTylGc49t/m2jcTw0Pvi05Uw7fDH/AMetJWayoepkrOpZLpQhTxTqRqR ttajKBuPHfY8A4xxFZsQBTd+vzXO7ep7y9JtdLCwUz4T9Uf2sH4LqmfHAis9KSIXOjvz rraWLUgm/c8kLbFcUiJncL7ZSo6hp+06MxQco= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456850; x=1776061650; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=1ym6+A4JCVPCh2T4oIKQtV7Mrbzbqe03UJK+amU/8q8=; b=J6is+ruZejO/A4GmqHiMy4ozcmlPBvUWGDmFjTwK0729dKxD07K8Zif0RKbrZg0xjy 74u0ULuKmRzGsg0xcR0KCn0eHFWvAKuDSCefzvvv6zf42km1C93D/MEYVpqSPBh8+wkT LnW4xa9PbnRo1CO41DQjqy4Dj9zW/dk0IeLIh5ifEzE5g5+n5cl2TArv0iwbO03qk9KV r891m5h1YtVEMIguZPeEQ4VPMhkn75muhHUlua0GdZKwiGw/d/Rhe5vEdbKVx0tH1P0D REvduIbUXRQmw0eBEPQHOgadb70QKhK9jgxebak0Ri9XHCOJGJFukW3k70Oy+BYgAN30 THhQ== X-Gm-Message-State: AOJu0YwAFhzpfKMqKbb5gKCC01YLPBVHpZWQ3KZv905Ps0zRTYOnnh3o Cae9rx914nXeA+HtetxK1/V8YUfL7q6rRCofisS/YpUB76nOUOUClZJdavmlt52gy1gGyAHN0LZ ELIr48CA= X-Gm-Gg: AeBDiesVxryIkvpc9pDrJbbQ1am6D6Z1o7b4BTGfsKG39O7gBj38eVZDvR4Kb7GuaAi /FCRIYbFslXIxE9X4jqPCzKXIFR9kJz13u02R16VcvaY5N0tJ6IoF+FDJkyUThHP6VWSS6+oRPL VpMqZYrnaCwDlXe1Pm4k8/mfUsczVTCmdFancD4Y/ZNT4/75bslFPnWr9faAMbskeLb8rYILnmA XNo11cbohnyfYqxPjP7SFYZK4rONQC4eRtm7OctHxhG2kKb/Mr/8tVxx2cyPXHUKZQxjlEvxV/p kuDxZQlPg+p25yCP0MrhFjZriFOGEMxHNs9MYmILBXp0qXZdHMlCY5N96rDOQNBu6d3POUyiI3m kxGjTO2ONAnitVb4vrr5nbFjFod4/21pQUk1OOs1sVmOYwrhq6tCiRGaRjbm9Tg+aF9UDo32fqc l8DOk8anjxfQnHcXniPyiNOwn+4x3rhB5h5WtrD1ujrVf0sl6TOk4VOyFu6nC7CZnmB0q+4wZ9h AjNiQgFTnj3OxQt6aZblis3O3c= X-Received: by 2002:a05:600c:3546:b0:485:419c:4eba with SMTP id 5b1f17b1804b1-488996da17bmr163645165e9.1.1775456850233; Sun, 05 Apr 2026 23:27:30 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:29 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/18] linux-yocto/5.15: update to v5.15.200 Date: Mon, 6 Apr 2026 08:26:30 +0200 Message-ID: <0ebdf9563aa64a1b9d8c6ae6fbd701de8178fa8b.1775435063.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234647 From: Bruce Ashfield Updating linux-yocto/5.15 to the latest korg -stable release that comprises the following commits: e45d5d41c1343 Linux 5.15.200 7ca5540ba6239 riscv: Replace function-like macro by static inline function cbae610ca9e27 nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page() 6a04dc650cef8 spi: tegra: Fix a memory leak in tegra_slink_probe() c7a02a814dc51 spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer 9fa4262a80f75 spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer 55dfe2687a496 spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one eebd79beb268c spi: tegra210-quad: Move curr_xfer read inside spinlock 4f9e7de7a6b8f spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer b34289505180a iommu: disable SVA when CONFIG_X86 is set 1ecf6dc2676ea Bluetooth: hci_event: call disconnect callback before deleting conn 214b85b9b7187 gve: Correct ethtool rx_dropped calculation 9d93332397405 gve: Fix stats report corruption on queue count change 8aa1b0bc65967 tracing: Fix ftrace event field alignments c3c5cfa3170c0 gfs2: Fix NULL pointer dereference in gfs2_log_flush 343fe375a8dd6 hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() be6d98766ac95 riscv: uprobes: Add missing fence.i after building the XOL buffer d7ead65126504 ASoC: amd: fix memory leak in acp3x pdm dma ops 42afe8ed8ad2d nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec 4c09184f08ce6 nvmet-tcp: don't map pages which can't come from HIGHMEM 15e329ce1a957 nvmet-tcp: fix regression in data_digest calculation 1a5c3c99efa11 nvmet-tcp: fix memory leak when performing a controller reset 367fd132df419 nvmet-tcp: add an helper to free the cmd buffers 8c760ba4e36c7 netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() 166f29d4af575 hwmon: (occ) Mark occ_init_attribute() as __printf 3f531122a5801 tipc: use kfree_sensitive() for session key material 5dae6b36a7cb7 macvlan: fix error recovery in macvlan_common_newlink() 77611cab5bdff dpaa2-switch: add bounds check for if_id in IRQ handler 01fbca1e93ec3 net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup d86c58eb005eb net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup c81a8515fb8c8 net: liquidio: Initialize netdev pointer before queue setup 2fcccca88456b dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero c01cc6fe06cf2 platform/x86: intel_telemetry: Fix PSS event register mask 5bce10f0f9435 platform/x86: toshiba_haps: Fix memory leaks in add/remove routines 193f087207ad8 wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice 8518f072fc929 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() fd8b090017330 scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() c85c9de39cd5d wifi: cfg80211: Fix bitrate calculation overflow for HE rates 15e9607df7925 ASoC: tlv320adcx140: Propagate error codes during probe 1525f1068295f ASoC: davinci-evm: Fix reference leak in davinci_evm_probe 536238ba39829 wifi: mac80211: collect station statistics earlier when disconnect 6e4cc9e399952 ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free 16c2ca35257ed HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) 04485e691d8ca HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list 67e06e8a77c1a netfilter: replace -EEXIST with -EBUSY e9aefab3b7eb4 ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk 2d8af4db1f209 HID: playstation: Center initial joystick axes to prevent spurious events d21497331b967 HID: intel-ish-hid: Reset enum_devices_done before enumeration d5cce2ec0e985 HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL a2c68e256fb7a smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() e5dd6a58a52d5 block,bfq: fix aux stat accumulation destination 64240689acff8 net: usb: sr9700: support devices with virtual driver CD cd89a4656c03f wifi: wlcore: ensure skb headroom before skb_push b04c75366a547 wifi: mac80211: ocb: skip rx_no_sta when interface is not joined 9a6cdfd7b6aaa binderfs: fix ida_alloc_max() upper bound ba43ac025c431 timers: Fix NULL function pointer race in timer_shutdown_sync() f24f9ea7d69ef Bluetooth: hci_qca: Fix the teardown problem for real e7f1ca8ea41ab timers: Update the documentation to reflect on the new timer_shutdown() API 36bdfa51a1ad7 timers: Provide timer_shutdown[_sync]() debbcf812d735 timers: Add shutdown mechanism to the internal functions 21ca3ee3f6faa timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode a7035e7d720f8 timers: Silently ignore timers with a NULL function e45a52685b335 Documentation: Replace del_timer/del_timer_sync() 29d5751350cdf timers: Rename del_timer() to timer_delete() a431c4c27ee05 timers: Replace BUG_ON()s d2736470196f2 timers: Get rid of del_singleshot_timer_sync() 9b78a3b948bb6 clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function a97b47fed39d9 clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function b03eb334c42ea ARM: spear: Do not use timer namespace for timer_shutdown() function 7bcf91585f3b1 Documentation: Remove bogus claim about del_timer_sync() 4abccfb61f422 netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX d6ae339f18099 mm/kfence: randomize the freelist on initialization 2284bc168b148 KVM: Don't clobber irqfd routing type when deassigning irqfd a550cc2564cab ARM: 9468/1: fix memset64() on big-endian 5928ca551e361 rbd: check for EOD after exclusive lock is ensured to be held 446d7283cffa5 platform/x86: intel_telemetry: Fix swapped arrays in PSS output 674ebe2d6fe59 x86/kfence: fix booting on 32bit non-PAE systems Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_5.15.bb | 6 ++--- .../linux/linux-yocto-tiny_5.15.bb | 6 ++--- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index e23c8bf88ab..526f3c64b7d 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "27c8048897d9d7ff1ed6d2643cbc024eb13ae342" -SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" +SRCREV_machine ?= "671f06e26c741b7d55d8afcc30e64f1480cec166" +SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.199" +LINUX_VERSION ?= "5.15.200" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 21233285b57..1eeda2e22ca 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.199" +LINUX_VERSION ?= "5.15.200" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "7b20eb2129d25bb2a1cb963d30c2f3adb1e144b3" -SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" +SRCREV_machine ?= "0d4112b87ce7dd038dc712ef616c0b6dd333c786" +SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 861af0041af..5f8bfba396e 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -14,24 +14,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "0ea8d4a7d24642475c1d1e0d8be44976600eb630" -SRCREV_machine:qemuarm64 ?= "33aae9ebda82736fc0246e4d2bd7967bb7ef492a" -SRCREV_machine:qemumips ?= "0d159686c17443503bc7b59f25b5129c8543193d" -SRCREV_machine:qemuppc ?= "c8e213f83bae4792c1042bdcedd46fa60963c69b" -SRCREV_machine:qemuriscv64 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" -SRCREV_machine:qemuriscv32 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" -SRCREV_machine:qemux86 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" -SRCREV_machine:qemux86-64 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" -SRCREV_machine:qemumips64 ?= "58c96e47bbd784e078e265426b9276bad2bb7e22" -SRCREV_machine ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" -SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" +SRCREV_machine:qemuarm ?= "44b7b6bdfaab20ab51f175aeb0df8c27791cc40d" +SRCREV_machine:qemuarm64 ?= "d67ad97cb5d6a51184bd61853e3af7e044c7f1d4" +SRCREV_machine:qemumips ?= "94fe5264de5b6ba6a5fab53b3f2283e36033e373" +SRCREV_machine:qemuppc ?= "a065262f1076ca606ea8229f84b23c10be2680e7" +SRCREV_machine:qemuriscv64 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_machine:qemuriscv32 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_machine:qemux86 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_machine:qemux86-64 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_machine:qemumips64 ?= "00831bab13b4320ee27e4ddc72b55542bfe75ec8" +SRCREV_machine ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "7b232985052fcf6a78bf0f965aa4241c0678c2ba" +SRCREV_machine:class-devupstream ?= "e45d5d41c1343aad8c7587a5b15d58e99aff4c8a" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.199" +LINUX_VERSION ?= "5.15.200" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Mon Apr 6 06:26:31 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85302 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7317EF4EB4 for ; Mon, 6 Apr 2026 06:27:40 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.49599.1775456852716224628 for ; Sun, 05 Apr 2026 23:27:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=kGDt4n9J; spf=pass (domain: smile.fr, ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-488b3f8fa2bso3448655e9.1 for ; Sun, 05 Apr 2026 23:27:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456851; x=1776061651; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=+yR9Dh3QlptEbmJEZasIQsqijuqDXfBH6Jm1XCMvk/I=; b=kGDt4n9JuKjD3s9DA+8sdzZ+uAuFmndC5m+xqOm9WopmhiAZTOFdalcJbhFqhdf8QS ttdpgXLIT9WtE8xkKYeGY52b0Vj6rjQcsmAwhf3AEXBsikw1xxmHWVFAg/mLsGBF753A msxrOLxWlA98+EgIeke7EyhoVocaa12md72XE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456851; x=1776061651; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=+yR9Dh3QlptEbmJEZasIQsqijuqDXfBH6Jm1XCMvk/I=; b=NEQETslC8+cRoxtbNZUEIl30yfUW/ghbPB5yU9f31tHGLFQnDtTAzgyS8tDwVatlgk P+aZdbsKOawSM+nHF+qSJiY9JtQShrwOF7+Ms6VZ4kfH7OWEYp4ZkmTqxveF6b7pK66h /y+ii4UbcCkaWnbAQFZ36b5ELin5yIyrgpnUvgSKYQyln3yAZXJN1KgafKERS9sJr00Q ihs08dWQDuHN/oAc0Es18MNy8wS1YAOsVaEeW2qyIYOkdC1pGNqwhlXyExKTmUDdP46Z Mdd7vzil/SAvZ90EFQTnV1Qn+h7zRJICRM1cMQjopti7Herh8ng7n+Zm2mRAwKL3cEEl Q75g== X-Gm-Message-State: AOJu0YxjafSmdaTOgsE1WT8He5bMi7ah0oyBkAhkT1gGDMxqzww2ChzP YPZWeK7dDwW06KKBF69OSVXqxh4JbYOrawH+fvHvM7/ik2t8gk7ZvKBj142jdl3xlqXGcuJx/bn hQIP4BcQ= X-Gm-Gg: AeBDiesLlLwHKcB/9H+cpR+hC36jTO4eND3veuO4DMhR6xiY1pyf5+nDhvVBQdWk2il Fmgw8QF1kHAYFM5+ZJp8Qn6dNNJAVb8rpYP1XV6X5HesD40NTwl4jAdNeuWLd7aY4llOZ1xaI3R IuUKXEuF9weYWTbgI7LJx+4XY1qkB4uOhNfd4RYa7nMdwGeHXPRQ+DFaGdggAIaY78LsKNRqvKV jgr56+YHAKrmiIm3OczvNOVHX/OaXy4ZKrJ27iHdYFk2SGMivJlywcHeJoHDmE7W0rHKE5ZNj4Z mVR8cEgWTLNvCqfBYYdgOXM09IodYSa/k86TZ6KogJtqyjwbRuY+8Hk3n4I49gqOTuSCRorANi1 7IQfB+uQGxz7x2QSr+UkJfC7j6Lj8OufcByaSs2boGsjXL+LZL66VG7Yfs5jx5XYOOyLNVbR4iy H3KyIAmtlkKkmLc1l60NDE17oEYLi3tUQjlw1f3tccUR4AMuzfO2KRbeRaa4HB2LwS/7c5v935N MVaLXJ6BZ3iMmtzHIGSCTa9q/Crrpg2WOVvFA== X-Received: by 2002:a05:600c:354b:b0:486:fe83:861c with SMTP id 5b1f17b1804b1-4889947fd78mr159680485e9.7.1775456850772; Sun, 05 Apr 2026 23:27:30 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:30 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/18] linux-yocto/5.15: update to v5.15.201 Date: Mon, 6 Apr 2026 08:26:31 +0200 Message-ID: <65c5b6d33aa81de3e85452a1c1e4395e49addcca.1775435063.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234648 From: Bruce Ashfield Updating linux-yocto/5.15 to the latest korg -stable release that comprises the following commits: 3330a8d33e08 Linux 5.15.201 cfd5eadd051a USB: serial: option: add Telit FN920C04 RNDIS compositions 438a405fbad6 f2fs: fix out-of-bounds access in sysfs attribute read/write 2f67ff1e15a8 f2fs: fix to avoid UAF in f2fs_write_end_io() 6167af934f95 fbdev: smscufx: properly copy ioctl memory to kernelspace 52916878db2b fbdev: rivafb: fix divide error in nv3_arb() fa9fb38f5fe9 PCI: endpoint: Avoid creating sub-groups asynchronously 7036aff5a5e8 PCI: endpoint: Remove unused field in struct pci_epf_group 8055827352b7 PCI: endpoint: Automatically create a function specific attributes group b74408de1f22 scsi: qla2xxx: Free sp in error path to fix system crash 794563147038 scsi: qla2xxx: Reduce fabric scan duplicate code 23507a811081 scsi: qla2xxx: Remove dead code (GNN ID) da9939b1ed8b scsi: qla2xxx: Use named initializers for port_[d]state_str f2bbb4db0e4a scsi: qla2xxx: Fix bsg_done() causing double free c71dfb7833db bus: fsl-mc: fix use-after-free in driver_override_show() 38770e103e4e bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions 6dd2645cf080 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() dc5f09466448 crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req 338d40bab283 mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() ec7b6a042414 selftests: mptcp: pm: ensure unknown flags are ignored 51df5513cca6 net: dsa: free routing table on probe failure 4a6e4c56721a smb: client: set correct id, uid and cruid for multiuser automounts b0bb67385480 btrfs: fix racy bitfield write in btrfs_clear_space_info_full() cfdb22762f90 Revert "wireguard: device: enable threaded NAPI" 20c83788eafe gpiolib: acpi: Fix gpio count with string references 612ffe1f4f04 ASoC: fsl_xcvr: fix missing lock in fsl_xcvr_mode_put() ff96318c22fa platform/x86: panasonic-laptop: Fix sysfs group leak in error path af673209d43b platform/x86: classmate-laptop: Add missing NULL pointer checks 72f97ee4950d drm/tegra: hdmi: sor: Fix error: variable ā€˜jā€™ set but not used f2521ab1f63a romfs: check sb_set_blocksize() return value f14e997a372a gpio: sprd: Change sprd_gpio lock to raw_spin_lock 1fe2603fb171 ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU 86588916e188 gpio: omap: do not register driver in probe() 7e0b2cdbe660 scsi: qla2xxx: Query FW again before proceeding with login 891f9969a29e scsi: qla2xxx: Delay module unload while fabric scan in progress a46f81c1e627 scsi: qla2xxx: Validate sp before freeing associated memory ba18e5f22f26 nilfs2: Fix potential block overflow that cause system hang 8ee8ccfd60bf crypto: virtio - Add spinlock protection with virtqueue notification 31aff96a41ae crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly a60b17cedb44 crypto: octeontx - Fix length check to avoid truncation in ucode_load_store Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_5.15.bb | 4 ++-- .../linux/linux-yocto-tiny_5.15.bb | 4 ++-- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 24 +++++++++---------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index 526f3c64b7d..ea763ce9aa1 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "671f06e26c741b7d55d8afcc30e64f1480cec166" +SRCREV_machine ?= "46e4e1200a4fa889438a2cc62151bb7f1057421a" SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.200" +LINUX_VERSION ?= "5.15.201" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 1eeda2e22ca..56853f481fa 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.200" +LINUX_VERSION ?= "5.15.201" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,7 +14,7 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "0d4112b87ce7dd038dc712ef616c0b6dd333c786" +SRCREV_machine ?= "5ae014d6b48449ae38584cc174ef362f6582a8fc" SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 5f8bfba396e..176d17e5736 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -14,16 +14,16 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "44b7b6bdfaab20ab51f175aeb0df8c27791cc40d" -SRCREV_machine:qemuarm64 ?= "d67ad97cb5d6a51184bd61853e3af7e044c7f1d4" -SRCREV_machine:qemumips ?= "94fe5264de5b6ba6a5fab53b3f2283e36033e373" -SRCREV_machine:qemuppc ?= "a065262f1076ca606ea8229f84b23c10be2680e7" -SRCREV_machine:qemuriscv64 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" -SRCREV_machine:qemuriscv32 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" -SRCREV_machine:qemux86 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" -SRCREV_machine:qemux86-64 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" -SRCREV_machine:qemumips64 ?= "00831bab13b4320ee27e4ddc72b55542bfe75ec8" -SRCREV_machine ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_machine:qemuarm ?= "9750e854c9e92d55a2cb042c5ce72e712b24217d" +SRCREV_machine:qemuarm64 ?= "8634ca1dd87be9b55bd383dc8636b73b82a28051" +SRCREV_machine:qemumips ?= "54eca1788efd507120c9dc08681a6a31038513a1" +SRCREV_machine:qemuppc ?= "3a3a4ecdcebb4d3deaa8b5c4ec3e167d5f31305c" +SRCREV_machine:qemuriscv64 ?= "b5ccd2e275c9b68e5dc564b6febeaae8dda42bc5" +SRCREV_machine:qemuriscv32 ?= "b5ccd2e275c9b68e5dc564b6febeaae8dda42bc5" +SRCREV_machine:qemux86 ?= "b5ccd2e275c9b68e5dc564b6febeaae8dda42bc5" +SRCREV_machine:qemux86-64 ?= "b5ccd2e275c9b68e5dc564b6febeaae8dda42bc5" +SRCREV_machine:qemumips64 ?= "e643e82fef4b4352b8f6ddf802181526edc806ca" +SRCREV_machine ?= "b5ccd2e275c9b68e5dc564b6febeaae8dda42bc5" SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll @@ -31,7 +31,7 @@ SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "e45d5d41c1343aad8c7587a5b15d58e99aff4c8a" +SRCREV_machine:class-devupstream ?= "3330a8d33e086f76608bb4e80a3dc569d04a8814" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.200" +LINUX_VERSION ?= "5.15.201" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Mon Apr 6 06:26:32 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85295 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF543EF4EB2 for ; Mon, 6 Apr 2026 06:27:40 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.49600.1775456853246278236 for ; Sun, 05 Apr 2026 23:27:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=RTjra5kQ; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-488aa77a06eso15915055e9.0 for ; Sun, 05 Apr 2026 23:27:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456851; x=1776061651; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=xFSjZKpY+ZOBlTnU1ZhWa2/FzL7hm+4wH1p530QQaSk=; b=RTjra5kQAq6fpPJJTCstq3YdxrbfXvP6APBQH5cWol7liQuR+Z7kcHfm41Y5ubMTc5 8F2ro6EgDcacivXaoafqOpAys08/NuoCDPYWZOL0wwuKbSBzQ41Rf1EXlAAWEnoKg1vz xccA5Ysq4SGs9TBUMpwZtympJvGa3jg3pHqoQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456851; x=1776061651; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=xFSjZKpY+ZOBlTnU1ZhWa2/FzL7hm+4wH1p530QQaSk=; b=HEC1AmTSr1Acg+IxzrIcfsoYhAk0/OOoMWOQyrfxVktBEudjpykO0fqKynap/e/OXK eupNYlAZuQ/B6PFvo14eFUox/bLVrSnVXgUZUqHpi8dee40NgXDC56JEviVd48/OIvou wox41FtkdzszJQjHvIisNdsy69dbB6ZF1aq2guQMe9rFPXWA69l4CKs3JMX0rx44H2+3 hnZb6br3wPF1VvqrUdWaCOs9gjOJ0Kr130rwutqSKPHv6vMu5eX354zxJJhNrzMDQLUZ RlfKJ7p9bgir8BnQxds6xycH7pH81SQ+yLo6x33G+ukgwD2FTBCNs9deoHgkS6SFvbZq kxWw== X-Gm-Message-State: AOJu0YzMn2M3hpGpCCn3MK3RcLX4cvLGjh9uoRoYi34AnC4LxKQ6kNw7 jBcjpAn1skQUdbqyoi3ZffctXmSF7v46mXVG0jD+o5BJmyrzuEPhHSgfZTKkMnc7r62bNgt+lA1 wFQ0nqfA= X-Gm-Gg: AeBDieuDSDcAcZ2rWz2bnOSPgce9M4XDeIlmt0kHvuwDQT42uQFcoSj5vWc1hENKaMf 7SBjVn4eOen6xxlP3n/BhdQvfAPslr71oViqRA1wpyCtf3TO+7n6SVsSsyOPr5U7wh+0sHvWBXE 3U4PTYCDHrE/a1zzYT2hzwrKhSno0b27yiwmgr83XkivbZbtSXNPYSqAbMCfmJjXnJFVOHxOYhj RzmodWZ8pIZDB5bNLM9YUznMGv+7Ve8/0OJXUGPi35g2J35dIU8w5VMvr4Qeho8M5FxkyJ7zc56 McKH0axDTGADfZdvr4P5jaKlwuCTRBgncP5JKlP/o54IjYOy0ySGOgrydRt8gIIoC+0N/h2qaov EaoYJM0AQv/IwlxOJA7c3jQY4Y+MN/6xnAX+wv312fAvSm8DpDklJTIZMiLRBGfDZ69eUOz4E9X feocYQrUMdtJJzT0tRFNyYyU4FailM81dI8/5j8co+BxZaYIiR1zlFDRybKHqIbhsSDkGXtmWLm ck5iXSym/preXd+3XaUplcJ3aM= X-Received: by 2002:a05:600d:a:b0:486:fc3b:3e61 with SMTP id 5b1f17b1804b1-488997d1788mr135253845e9.18.1775456851327; Sun, 05 Apr 2026 23:27:31 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:30 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/18] create-pull-request: Keep commit hash to be pulled in cover email Date: Mon, 6 Apr 2026 08:26:32 +0200 Message-ID: <58138d386f1c221e87d2217bddc7e31d02cab58c.1775435063.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234649 From: Paul Barker The cover email mangling in create-pull-request was cutting off the actual commit hash to be pulled, making it difficult to verify that the changes a maintainer merges exactly match those intended by the pull request author. The extra lines we want to include are, for example from a recent whinlatter stable branch PR: for you to fetch changes up to 6c4c6d39ea3202d756acc13f8ce81b114a468541: cups: upgrade from 2.4.14 to 2.4.15 (2025-12-29 09:49:31 -0800) Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit c78f5ae4a5ba3675b78cc226feb7b9fbbfd8da19) Signed-off-by: Fabien Thomas Signed-off-by: Yoann Congal --- scripts/create-pull-request | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/create-pull-request b/scripts/create-pull-request index 885105fab3d..5c4414ecd5f 100755 --- a/scripts/create-pull-request +++ b/scripts/create-pull-request @@ -219,7 +219,7 @@ fi # The cover letter already has a diffstat, remove it from the pull-msg # before inserting it. -sed -n "0,\#$REMOTE_URL# p" "$PM" | sed -i "/BLURB HERE/ r /dev/stdin" "$CL" +sed -n "0,\#^----------------------------------------------------------------# p" "$PM" | sed -i "/BLURB HERE/ r /dev/stdin" "$CL" rm "$PM" # If this is an RFC, make that clear in the cover letter From patchwork Mon Apr 6 06:26:33 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85296 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E407EF4EB0 for ; Mon, 6 Apr 2026 06:27:40 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.49601.1775456853883199097 for ; Sun, 05 Apr 2026 23:27:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=zb26hW+1; spf=pass (domain: smile.fr, ip: 209.85.128.54, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-48557c8ad47so28347215e9.0 for ; Sun, 05 Apr 2026 23:27:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456852; x=1776061652; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=aZXJksZ6cDyZy+zz8rFNmc7ug59d92x1hFHDvQgME1M=; b=zb26hW+1Twrnibdxlai8wKU99tbSrhSFsHBOQO2WYwwhaiEfMbly8mT79WoQ2PUvHD khrzJVjMYXPTJjaa+iy8dZUFCs2/XXOUytC2HRrxwvpUTE0Kt76Uq8MrbV2IvJSBlngl GvjKJJ5l06CFsvIbB8Dn9b8rMyNWJc7z1V7ZM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456852; x=1776061652; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=aZXJksZ6cDyZy+zz8rFNmc7ug59d92x1hFHDvQgME1M=; b=rdDHcDJ0Ex8rV0DSVy02A5MkEetd5naGiu/O1BdWKW54EauLDqJU7e5cy+4MEoeEXc VDEL7HAXi/OtuFvAFx6BhkYkvTnmPm70fUBSXdKcYR7l+f4ulHLESiXmZ/n4tzyMfGYc q/9A/pxiElVByZ1G7IBS9UUTFsrvRd3ExxRk3zTIt+D8ujvxg1SzCD15SlOpHsAykynr 0nqIOwYOF2ue3baccrAh4b/GTE4TjV+ZB6D2PIUS2PDrImh9Iy2Tw/grwmYQs0LEkAvk QsB3oLFT+tMzb0YcBK907w4br/xlZixIR0HdxGTgVXUssZTw44thVWsbt0r8H0q7zykV YxJA== X-Gm-Message-State: AOJu0Yw99BeiibDsVBHj8f8VnZ2/oMNM+tp7eai//bT2xCLyJ3GySul4 gdIZBr10MGx74yJ5EfR6qfHsVoS92Wf2L3xQOyjtTQut2+wngNRfJgAvML2SoHnlWhJbzkRwbGo k47o5JmA= X-Gm-Gg: AeBDies0LSdemwhTYWw1n54J2G4aTRrNue+2DLXqsI33TEr5fkwZT0UA4qorCkEzpxt d1P2ZJ5nrUcR0E2Z5m+FUaJHfoi/h5Bg/4KMW/003kwPJU7LpWytWqVYOGvgN2dlGJY2cXg3Cs5 WmhgvwHVIoQmtmuCxvX2QLYykFhpE2iDCAqD886GfiYzWnvlgMfLqB8RhWbkyAYTD1LTq5Ok7s8 PdYDXTEF1kugJnBrz96OuxW83LeOHfu25+WorGPpTJ61OxSwPE6tWjtguP/YlxUJJsxGgpvz/3L 9CPhcqY9ltyvdt0qWWffMHzS799tCyDNQYR/G216XM68pacA1yz2GpXNzk20JMYEtlNU1vkdOml prZv9+724rwJVaIL1C8YRVHVNgzkyDvfBiuQqjkc5GLG9yQ0kFmaLAUfxmsKp43lp5oI+Sz1Vte lt1tJm0t4Z03qVAKbmdKbxmi5N15dGhO6yYE7ofWXwerd2RpFZvuTe//PMS7ECXT0mWSQTxZmMd NxE3XikZXH2LAH0ZqK9bcQeNiE= X-Received: by 2002:a05:600c:1381:b0:487:1108:48af with SMTP id 5b1f17b1804b1-488996a351bmr166747245e9.4.1775456851861; Sun, 05 Apr 2026 23:27:31 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:31 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/18] README.OE-Core: update contributor links and add kirkstone prefix Date: Mon, 6 Apr 2026 08:26:33 +0200 Message-ID: <2e04debcb02caa9121a8f933c59fd69666a44fd8.1775435063.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234650 From: Fabien Thomas The current README points to an old Wiki page. Update this to the Yocto documentation. Additionally, add a helper command for git-send-email that includes the 'kirkstone' subject prefix to ensure patches are correctly identified by the maintainers and CI. Suggested-by: Yoann Congal Signed-off-by: Fabien Thomas Signed-off-by: Yoann Congal --- README.OE-Core.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/README.OE-Core.md b/README.OE-Core.md index 2f2127fb03a..8a724dd6d0a 100644 --- a/README.OE-Core.md +++ b/README.OE-Core.md @@ -16,9 +16,13 @@ which can be found at: Contributing ------------ -Please refer to -https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded -for guidelines on how to submit patches. +Please refer to our contributor guide here: https://docs.yoctoproject.org/dev/contributor-guide/ +for full details on how to submit changes. + +As a quick guide, patches should be sent to openembedded-core@lists.openembedded.org +The git command to do that would be: + + git send-email -M -1 --to openembedded-core@lists.openembedded.org --subject-prefix='kirkstone][PATCH' Mailing list: From patchwork Mon Apr 6 06:26:34 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85294 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 609A9EF4EAE for ; Mon, 6 Apr 2026 06:27:40 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.49602.1775456854352932548 for ; Sun, 05 Apr 2026 23:27:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=evsV+1bv; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-4887eca00c4so24312975e9.2 for ; Sun, 05 Apr 2026 23:27:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456852; x=1776061652; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CT90VZFAvpsWISE0hnXnwKX8/4gqB+DBOKG5HEgjKQY=; b=evsV+1bvPuigOmbB5NuzAYkCwNrZFNs31tFrMHiT36vh0CC2y83EvoygcHjr0hYZ9e Tt+y6Z2JjrwK+IZtBb5S0oZ9JFOqv0FVJ5rrkv1R27eK3No5p9sOwZ3sGys8aIwb7uaO QsdGHf4LzgGHOgaoOFFiR3VR6LRV4TMB01BMs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456852; x=1776061652; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=CT90VZFAvpsWISE0hnXnwKX8/4gqB+DBOKG5HEgjKQY=; b=P88ue9fnuHgB00X5B0RPMmwIuYsOVc7ukSsxg98cdhzc/7yoZ+nOybsB43lxRc1Lj1 2BKB5e1xmBDICWeu0DMvF1gy5cJEODdSkF37t31a9q5lJpug715HRPJPMOD0DP6bHp5j 9jeKuw6jFErTZ0zRDS5i8CjlS6vj2HKPFx1Emoskgu5GFdEYr+Yrz3ZnlyKW2HrDx2vK zsdiUhWxQV/4q/qgmKE9p63XkLDfp89i5lbl2EcBGHFfPg8SXQDnsZ7edYHkNcYOiXKe Fu0YHQmwk88H33OH8OKId1TnqqYuoqGdw9QqkQAOqhlOGF7/5mGstuHNOuUjON8mypOJ k3vw== X-Gm-Message-State: AOJu0YwgLrc6sy0ReW8JOJDrLdfq3I+F7imddmxc57oDqwNN5G3vBEQm 5GcdZ8xDIIwV6EWpjf4JX6r/6IJTuG2YkVuvacMYoZUohSfsC0ogaNGGr4kTsJYkpkKQxm0AqZO Z1obmdlw= X-Gm-Gg: AeBDieuLXVv/4jQUNRfKPine/yMN/+23wIHi+wquwAXM3bfBB5Vw9NqJ51nE8hqZbhZ TXmmZrL45tzLjkFJNhwEJjD80B5G+xs9Tdu7zctQYAs34jlcEP9AHlDaG4eY50F7OhpZYQGpz4S INOdZIBmyQq3T66pcgR73tR3N9N5+BM3qkjyePyPE1HR0P22dC/D4V/r9fuCdGhom2zC1o7id3S RDP+mt1dKcK3JuRC+ACYpBzFKb6WNqkjhqRyFmIn/onuO9d4Ol7wF5qbGXyZzXi5m+wnvrQ8Upu EeNv4ijQnGCGMeHcbg/j/H8BnImooKP1JqsJVHXjxl7tk74RHT1pDDww4/OHCWadf6D47kIiPNY jceAnNdnym3lq5CTksLt3NVoOJY9CrVIcVat5ARZAfWrRwtr7/ai3iAl0FojFdQirB0quZOqrv8 yyBVVJT0aHsa6+Fg7x8makZKLKf/wBt5q9UnqXWIPJa792hiLPf0VwJf2c53TGpXGPEAKoigNru sea8qHtv/k50yuUeSVAH7PDrhc= X-Received: by 2002:a05:600c:1396:b0:487:338:b4f3 with SMTP id 5b1f17b1804b1-488997d1371mr171155985e9.17.1775456852448; Sun, 05 Apr 2026 23:27:32 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:32 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/18] libtheora: mark CVE-2024-56431 as not vulnerable yet Date: Mon, 6 Apr 2026 08:26:34 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234651 From: Peter Marko CVE patch [1] aplies only on main branch which is base for 1.2.x. Branch 1.1 has a different initial commit and does not contain vulnerable code where the CVE patch applies. Also Debian [2] marked 1.1 as not vulnerable. [1] https://gitlab.xiph.org/xiph/theora/-/commit/5665f86b8fd8345bb09469990e79221562ac204b [2] https://security-tracker.debian.org/tracker/CVE-2024-56431 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal Signed-off-by: Paul Barker Picked from scarthgap commit 07f35d022b88ab4d297d0252f9909e252b7e4cfe Reworked from CVE_STATUS to CVE_CHECK_IGNORE Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb b/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb index ad0be85559b..4066bb1513b 100644 --- a/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb +++ b/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb @@ -22,3 +22,6 @@ CVE_PRODUCT = "theora" inherit autotools pkgconfig EXTRA_OECONF = "--disable-examples" + +# fixed-version:branch 1.1 is not affected, vulnerable code is not present yet +CVE_CHECK_IGNORE += "CVE-2024-56431" From patchwork Mon Apr 6 06:26:35 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85292 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19223EF4EAC for ; Mon, 6 Apr 2026 06:27:40 +0000 (UTC) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.49603.1775456854939050964 for ; Sun, 05 Apr 2026 23:27:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=My6OaRyg; spf=pass (domain: smile.fr, ip: 209.85.128.50, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-48558d6ef83so36702745e9.3 for ; Sun, 05 Apr 2026 23:27:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456853; x=1776061653; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WBTX+qTNavn6kWq18ryoO1tzu8j0c9iwV7PD4ZfpRZY=; b=My6OaRygffvbwJ2dORZYrFisnOVm/FxPr4/6FgklHWas81bG4ZqZwQ0Rytmlh6UWar mS/KKx9PzHvphipb8n6DrK8NXhGKNf+t6t1CShKS8nviv/3j1N9NMm1vpsVqL8eWafQl 8DSGSuAcqmEiRl/fJ7SA/kGEX7cbPOA9wI3Zg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456853; x=1776061653; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=WBTX+qTNavn6kWq18ryoO1tzu8j0c9iwV7PD4ZfpRZY=; b=ma2Me1jx7Zd2Db2BGcYS2kBk1cxPmRU0XWtgb4RuYGmOymX0OHFUcRv2JxuIHfBgNb PpThc1prNXW07oS+/lG0Xi/CU557FRHb2Ken3+mmqaAR70qbQqb79p7MCJQ/40P1lHN6 7LS5A5JzeuQwRzJZlBxCNZ38Ioy4GSCyvh26ou9z12JbKSdqXAIKwyH/+PFhZHAmCVVG A3azQzLpsva4WpUlXMUHF2jkinngnaBxy12AumNH9J7liidwOvNUIkNa2Oz+1vdi18jr RksmG4qRLavVIGLbgUN10d0cb4bqI8v+RQbMn3/IQcN+0kl6geNF57Lulo85SVS5U/pJ 0z9Q== X-Gm-Message-State: AOJu0YwHL153tqbIs7Eiwurs58Li1hBkIZOb2bjRkpFwXXrUG+GwBwAt AY1C6dUP3dT0wPlfyJ+1gmBavzboDE5Da5qdNwKr+bWC5TFUvjNNjc5Cvi30jYNJmiAhsQ0NAAX sd77xzn4= X-Gm-Gg: AeBDiev6PVFDEku5WF5DfHR7FkSVsjT5SE2kvkazKvUTQnI69+9QzZsoZq/GxzX7nl7 2RB+ZzpEa6zX0EnvtmvOGGdEX9RhfgE1Z4kD9UckcWnagiHi4k3mz+axKQ+85mliVsp29dsR6J2 P9F6RvAX/nLa9sAduDLenZOed7USiXhwu+62gEZcZUlv6sctz3deV171E4zlO/tIUZIQcngjzZJ gnYNlL/sr8mcP2SHUuP5SaGQLEL8FuByr0UC6eagJF9V4g4dLxEORLpD7JJnh3SZ79k1R7etbsv s+qrdhJre5QstnI8eoD21Xn+rYjJTnWIaXx7GrX9IG99x/cSfb8c97mF5ITsyzyV+JEJwt7vHDq KqEi6zVgQKLYIuAT38O7fw3fHPmPzoEpgKT3GS4mWc8zhjtsci8FIlUI3mB6ECC/wgiPywivjR4 ENGf7oecQe3+gNfRYQY3CZQqemhBdnnIJnKrnC22f53A9ujZyM26bNKp8WQArEi+Ys6pqQ+s//V zbx1LCY1dS57f7DPL0vWQSpvwY= X-Received: by 2002:a05:600c:5292:b0:486:fbd1:9dc0 with SMTP id 5b1f17b1804b1-488997a51b2mr180277875e9.22.1775456852999; Sun, 05 Apr 2026 23:27:32 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:32 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/18] tzdata,tzcode-native: Upgrade 2025b -> 2025c Date: Mon, 6 Apr 2026 08:26:35 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234652 From: Vijay Anusuri This release mostly changes code and commentary. The only changed data are leap second table expiration and pre-1976 time in Baja California. Full release notes: https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/TAGXKYLMAQRZRFTERQ33CEKOW7KRJVAK/ Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 452334219309793ad74abd6ff390dcb06cab929b) Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- meta/recipes-extended/timezone/timezone.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index bb81d77ccc5..1c08d4b1023 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2025b" +PV = "2025c" SRC_URI =" https://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ https://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${WORKDIR}/tz" UPSTREAM_CHECK_URI = "https://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "05f8fedb3525ee70d49c87d3fae78a8a0dbae4fe87aa565c65cda9948ae135ec" -SRC_URI[tzdata.sha256sum] = "11810413345fc7805017e27ea9fa4885fd74cd61b2911711ad038f5d28d71474" +SRC_URI[tzcode.sha256sum] = "697ebe6625444aef5080f58e49d03424bbb52e08bf483d3ddb5acf10cbd15740" +SRC_URI[tzdata.sha256sum] = "4aa79e4effee53fc4029ffe5f6ebe97937282ebcdf386d5d2da91ce84142f957" From patchwork Mon Apr 6 06:26:36 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85291 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8CFDEF4EAA for ; Mon, 6 Apr 2026 06:27:39 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.49552.1775456855507953666 for ; Sun, 05 Apr 2026 23:27:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Py4mijys; spf=pass (domain: smile.fr, ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-4887eca00c4so24313095e9.2 for ; Sun, 05 Apr 2026 23:27:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456854; x=1776061654; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NCGN8BUF5urP1YIACI5hJZJcaPbWT21zdmBon9wV9V4=; b=Py4mijysFsMtPqQjnRWPb4IdkMOm3XxdefQHKzhXV/I7o3j+QKTC1X3GFNxaDyvg6P Bui0Iguq+rlmY1w4deyj50nb3aJrtHf6nKNVjbG39fZii0ternuamDjDBYYilfPU9wT1 tS/Fkqw/aNelMHIARPiDkhnESUKboVomCJ2pg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456854; x=1776061654; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=NCGN8BUF5urP1YIACI5hJZJcaPbWT21zdmBon9wV9V4=; b=IXUymvwr1iNKnyXB2FgpyGXBa5nwOkJGibr9a16BkFoDLWBVtluG6ofwC2ciTNdb2A 8AVcOdrpY3aUMW1ba2GTNEmRoJdkBQBbvOdMdherTJesdp7OCXMLTYrMuRkLeYipl+T/ /SdHKFo0dXAOP4lLUL+3aOL19+9vjqvFkdPi9VIfsys0Z2+e8S3ZieehBY3Lk/VlWnFh XfNualh5rMvoRwkSp10efuNQ3qEeUJwKXZtU6rtzsEkljGeVsq25XlvYzayawbl7Y2XQ tL2vTJhpy8KvLq3zpouFuPB/p5PdpZLV5CRq88dY3gRU1Sx3nI1H0KSmSYVrIXd5ufd6 mTPw== X-Gm-Message-State: AOJu0YyxG6ggcZXK0mDFy5Sj5igdv1ALk29/vBnRN+D+YGXqQhr7CgXz xdS6sw2SFgg/wLGYpzrlDImiaqe8FsEARhuzu31J+aehII5BIxXmV6rETZt1eozPrOCusyHxXWD xDiJ2fi0= X-Gm-Gg: AeBDietgkibQ3HT0AwMbVkQPuphue0p3zNgMHF9yMugqhc7kAhFSTmd5isyHMKzZ1it tvff5HdjJwedSRsJJVkZ7lmrr2VVsVLzWVL7Uq/5eUw1JQ5f2jlxKVmEg8n+6W8IgTiD7vt0eWF 3KEM21VQNbV3nEQudp1TskRVEiEsvQWVblKElXJ1hmSUGE7MjX0zX6wXRxyoh0G5mt2g/ItEnvg FEBsUvepKDquQnadXlMge/bJfCOiMMWq0amGpwAgSHBhz2o2bksQf8F0uDDhMufHvxZuh3EuyL4 FVFUe6F/Jb8OBb+AU8KvwwI9J1NBadwTy/i9ASLO56mwm0If/TKrqbfAY4aKMcOilJUwVTuWUmx IVPI++fzP9vIuwEW6UhzXeNyv4fvwaUuzSdNIw0fjrHdyCDRQ/YZYDKKr6ihPeBSUi4u3ZE9/6u ov0yc2qDQ5L1FRjGkYIf+tD+8GlRi3Yo5UEi4q5dH2qUQKffmp0GL1WHNpV8mBOm2KVH6HfK6Ef 3rWdtFjc63fQS1p8VmKqSrT6Ak= X-Received: by 2002:a05:600c:64cd:b0:487:1520:d107 with SMTP id 5b1f17b1804b1-488998f8b3dmr146035095e9.31.1775456853573; Sun, 05 Apr 2026 23:27:33 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:33 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/18] tzdata/tzcode-native: upgrade 2025c -> 2026a Date: Mon, 6 Apr 2026 08:26:36 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234653 From: Jinfeng Wang Signed-off-by: Jinfeng Wang Signed-off-by: Richard Purdie (cherry picked from commit 217ede26d64901d9a38fc119efa684487714c08a) Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- meta/recipes-extended/timezone/timezone.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index 1c08d4b1023..c498c0c9ffa 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2025c" +PV = "2026a" SRC_URI =" https://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ https://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${WORKDIR}/tz" UPSTREAM_CHECK_URI = "https://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "697ebe6625444aef5080f58e49d03424bbb52e08bf483d3ddb5acf10cbd15740" -SRC_URI[tzdata.sha256sum] = "4aa79e4effee53fc4029ffe5f6ebe97937282ebcdf386d5d2da91ce84142f957" +SRC_URI[tzcode.sha256sum] = "f80a17a2eddd2b54041f9c98d75b0aa8038b016d7c5de72892a146d9938740e1" +SRC_URI[tzdata.sha256sum] = "77b541725937bb53bd92bd484c0b43bec8545e2d3431ee01f04ef8f2203ba2b7" From patchwork Mon Apr 6 06:26:37 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85288 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B1E93EF4EA8 for ; Mon, 6 Apr 2026 06:27:39 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.49604.1775456855995552355 for ; Sun, 05 Apr 2026 23:27:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=DJCwg5Yn; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-4852b81c73aso29740385e9.3 for ; Sun, 05 Apr 2026 23:27:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456854; x=1776061654; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CFDYq1hymxGGa8wpDCm2EwDUSrGltlTF2uYzOu0R92k=; b=DJCwg5YnCM0vTi0hXi1aN/pKl86+la5h1y4+6jiCGO8elyzbovmDKs/bs6+Y17+aaz S/uDebhLYnUpKhgUWOxFX5uwkGTXPDA/r95Foi6CrsKtiaZuQ94OY+6BlF3yQLXh7grO mHw3hCxKLCsIUDFIAvGzn5/5LqSW4W3QvTOZw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456854; x=1776061654; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=CFDYq1hymxGGa8wpDCm2EwDUSrGltlTF2uYzOu0R92k=; b=L/f6QybNJ/zkJ8NW3sprvS7bm2nl1qkwLFSxZPfcwYcbwk6iwDwCoXUzLJm6LJQFFm uRGR+Lg3hw/ZMWLp82WJZ9sIqaIjdzc8anDfKhVcNq1p9h1Ux0DzaE0nVWqoOHcWviP5 zAGyy/TGXYy5YaPdKdVw7ZklvMnFbbEM4uY/C0QaLi+vznGyzRyDsg4FSvxNUITqXZ12 iHFWbKyUBf3C8Yk4j7BwlJxD+4XolGXOfqHOlCd3OXEc2T4Fx0IN0qkfYr3SLdgkQeH2 IBgFV/cdG2jq6h48fbHTTsYawxyD/cEH9NrG2DbOriYrgLdaRJuCezmgbcITmz0IvFBJ SRPQ== X-Gm-Message-State: AOJu0Yx0+aZLD9JHbkNqyFCphA8q3i3u4+0/lqrrzinHLhES4lVhxchH A+fT8MTDFB3zdeQYLd1fuWHlXkFpC2a+1spssTersEkgktA27JMQ84v090Y6ZYHEJZPlh5YJ40X 8lrzv/kE= X-Gm-Gg: AeBDiet/48E2lo1WfKCAF2Lpsjh8pRLggoaZTKuaPdRcJOETbztwYM3ux9UNOuucohP 2WA/owPvZJxm7vl1EE9AP+JP2DyR6AHz6QDiGVIOdZwo2YAdPY/Ui7fsBk8Y//rehHx9VOcOxjI uRmrD/hV+duFSNumneTmzrRP6poHDGT3FmIna6hzKyShHKuvAx1r2NesQxM4QUAdU1VakiomxuE LobfgCn9sGXQkQQU3mF1QslDk62No6zhm/oEZqKScHVbmJ+6fSqc27rjUGPOjVPom9N2fiPDego MK1sDaKspVTIR88pJADrerE6on/dcvKhLspWIaksU2oeUTMlGahJ7fdwgRCb4pb4mLdcseF1FWN UkUQ23QFTAWTg42dhlnZeCRGI614tcl0JdPDZ/utzxUR0X/1JwHKXzsb2PA/1RqaaoQpno13fW+ BJySmPaNHu7ko54J/3h6DdYFGy4D8VWrIz+gvk9trbmPW38fpcBNjq19o9qNkeMroml7g+Bpofc Y6O+4+6hvWVyDwDK6UoOJswaXE= X-Received: by 2002:a05:600c:3b1e:b0:485:3abe:ab86 with SMTP id 5b1f17b1804b1-488996cd897mr158955455e9.4.1775456854083; Sun, 05 Apr 2026 23:27:34 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:33 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/18] python3: Fix CVE-2025-15282 Date: Mon, 6 Apr 2026 08:26:37 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234654 From: Vijay Anusuri Pick patch from 3.10 branch [1] https://nvd.nist.gov/vuln/detail/CVE-2025-15282 [2] https://security-tracker.debian.org/tracker/CVE-2025-15282 Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../python/python3/CVE-2025-15282.patch | 68 +++++++++++++++++++ .../python/python3_3.10.19.bb | 1 + 2 files changed, 69 insertions(+) create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-15282.patch diff --git a/meta/recipes-devtools/python/python3/CVE-2025-15282.patch b/meta/recipes-devtools/python/python3/CVE-2025-15282.patch new file mode 100644 index 00000000000..80ef2fcde8b --- /dev/null +++ b/meta/recipes-devtools/python/python3/CVE-2025-15282.patch @@ -0,0 +1,68 @@ +From 34d76b00dabde81a793bd06dd8ecb057838c4b38 Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Sun, 25 Jan 2026 11:05:15 -0600 +Subject: [PATCH] [3.10] gh-143925: Reject control characters in data: URL + mediatypes (#144115) + +(cherry picked from commit f25509e78e8be6ea73c811ac2b8c928c28841b9f) +(cherry picked from commit 2c9c746077d8119b5bcf5142316992e464594946) + +Upstream-Status: Backport [https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38] +CVE: CVE-2025-15282 +Signed-off-by: Vijay Anusuri +--- + Lib/test/test_urllib.py | 8 ++++++++ + Lib/urllib/request.py | 5 +++++ + .../2026-01-16-11-51-19.gh-issue-143925.mrtcHW.rst | 1 + + 3 files changed, 14 insertions(+) + create mode 100644 Misc/NEWS.d/next/Security/2026-01-16-11-51-19.gh-issue-143925.mrtcHW.rst + +diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py +index 82f1d9dc2e7bb3..b08fc8f2b19463 100644 +--- a/Lib/test/test_urllib.py ++++ b/Lib/test/test_urllib.py +@@ -11,6 +11,7 @@ + from test import support + from test.support import os_helper + from test.support import warnings_helper ++from test.support import control_characters_c0 + import os + try: + import ssl +@@ -683,6 +684,13 @@ def test_invalid_base64_data(self): + # missing padding character + self.assertRaises(ValueError,urllib.request.urlopen,'data:;base64,Cg=') + ++ def test_invalid_mediatype(self): ++ for c0 in control_characters_c0(): ++ self.assertRaises(ValueError,urllib.request.urlopen, ++ f'data:text/html;{c0},data') ++ for c0 in control_characters_c0(): ++ self.assertRaises(ValueError,urllib.request.urlopen, ++ f'data:text/html{c0};base64,ZGF0YQ==') + + class urlretrieve_FileTests(unittest.TestCase): + """Test urllib.urlretrieve() on local files""" +diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py +index 6edde1f73189b1..c378a86a70cbeb 100644 +--- a/Lib/urllib/request.py ++++ b/Lib/urllib/request.py +@@ -1654,6 +1654,11 @@ def data_open(self, req): + scheme, data = url.split(":",1) + mediatype, data = data.split(",",1) + ++ # Disallow control characters within mediatype. ++ if re.search(r"[\x00-\x1F\x7F]", mediatype): ++ raise ValueError( ++ "Control characters not allowed in data: mediatype") ++ + # even base64 encoded data URLs might be quoted so unquote in any case: + data = unquote_to_bytes(data) + if mediatype.endswith(";base64"): +diff --git a/Misc/NEWS.d/next/Security/2026-01-16-11-51-19.gh-issue-143925.mrtcHW.rst b/Misc/NEWS.d/next/Security/2026-01-16-11-51-19.gh-issue-143925.mrtcHW.rst +new file mode 100644 +index 00000000000000..46109dfbef3ee7 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2026-01-16-11-51-19.gh-issue-143925.mrtcHW.rst +@@ -0,0 +1 @@ ++Reject control characters in ``data:`` URL media types. diff --git a/meta/recipes-devtools/python/python3_3.10.19.bb b/meta/recipes-devtools/python/python3_3.10.19.bb index fbb2f80886b..e2a0ae9fe77 100644 --- a/meta/recipes-devtools/python/python3_3.10.19.bb +++ b/meta/recipes-devtools/python/python3_3.10.19.bb @@ -41,6 +41,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://CVE-2025-13836.patch \ file://CVE-2025-13837.patch \ file://CVE-2025-12084.patch \ + file://CVE-2025-15282.patch \ " SRC_URI:append:class-native = " \ From patchwork Mon Apr 6 06:26:38 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85289 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5DE9DEF4EA6 for ; Mon, 6 Apr 2026 06:27:39 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.49553.1775456856586675280 for ; Sun, 05 Apr 2026 23:27:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=MpEc/g3/; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-4888375f735so32383875e9.3 for ; Sun, 05 Apr 2026 23:27:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456855; x=1776061655; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=PGwAQjzppj08vZE+eBqJn8AJRwFKcPlSu7fv234ON6o=; b=MpEc/g3/ftdSs36H5pnJsheHHVSZpqbG6d5B2wxUyPmPwnHvj3wWJLvPJNwbJ+mtF3 Pw3Y1O7BQH1XgCR6czIeNi52wlfkvJvYQfafkX3ugDeUNW3uKLbj5YQp6d7UF9TjLsdP MLk656JPzR3ua6FHwcljSkODvzdxu4EDtS8Ls= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456855; x=1776061655; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=PGwAQjzppj08vZE+eBqJn8AJRwFKcPlSu7fv234ON6o=; b=bopwVpQtIFAfiouoKZcyOm81a7B+30RXgrugEaWSC55CZ9PMbkJmx2mD7uH+0sA5mv wyr81V4HrtMxi0gZvlW0TpXCr1OYZQMNJjtGt7JML44jVB47h4L++HtdlP61rwCTG8uW qxq6k1+X9koG1+FWKKGwv0Asm37ls24irYXLsVeIZ55lKHnFXw5rJiLGXJXf035rXlxl hOrg0s8K8/NnalgSC74JegIKdj0aSPu5tmRMbJVifAFcoZES1sH2nLnYO4fdlbqFIxOk /NOh1ylrceOGSovXUZBR0HSMETsR6Zkhz5nhluZyNtqY9UrCQzHQ7uuz9ed02U0ll6ZA iX1w== X-Gm-Message-State: AOJu0YzH9g/3xBsaywjO6KuTO2GytMYqHDMFHdWIS8SnAdb8F/5Vlx0e 0rgJ4JEL76PMnvrHwRTlgWl6bksyjdBnuBZDCy6h0fKhbarn19+2O+9yXy+DDIZaTyYA/H600cC H7nhHktA= X-Gm-Gg: AeBDievo1aUtEnA2OgZ0yfE/TIYDnBqGz6seakVs1LYuxGRIo9r2QrQYputESApBfIh 51wDun7u4Qx29SO/NDt2wBj7gFhfXfNwMaJqhEYyO/dwu/S9L6oFm9OxR37Tdi0H4sxhfkJZPV1 xT8K1wNOd5gVnPjubzYGipNzLTfTpXcrYU0qU82lWrUg8zRAEK5Qidg+9T6ynvuuElZKHzg2wxK ou8aeT83fGC/l5rthBr9a1Mj4YfbaqrEHUK8RaGar2tCVLpX+i+glhFtJAPg6TfUOiAeKtNbdj8 w0dzHl5T7+5vJ+bMDSTeT+Z8AfBbqitDH7JTCbYeEFkWC/9ntGKxOAtxF/MEitXhu98L7Sew4OF XFixfeB3Xec+YoYVDQ0EvSiaxhrkpd/Sz27QZPCJRHwTWf66zvPUIYkfdWAF//vTwPij/6lLTWy bBJitI2ScVSWQMgE8EKcPV0NUzU0q7RVQ7JOl6i3Jp9jEQK2lYFbrDyie4Ga0VvvJhX9PrPE+LO nO+xEImL2RLkmqqevohvYNiXbw= X-Received: by 2002:a05:600c:4f15:b0:488:945a:ed63 with SMTP id 5b1f17b1804b1-488995cbaa7mr179717425e9.0.1775456854637; Sun, 05 Apr 2026 23:27:34 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:34 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/18] python3-pyopenssl: Fix CVE-2026-27448 Date: Mon, 6 Apr 2026 08:26:38 +0200 Message-ID: <2d2cd3e06323a6b12db80cd3b359c0d550996e5f.1775435063.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234655 From: Vijay Anusuri Pick patch mentioned in NVD [1] https://nvd.nist.gov/vuln/detail/CVE-2026-27448 [2] https://ubuntu.com/security/CVE-2026-27448 Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../python3-pyopenssl/CVE-2026-27448.patch | 125 ++++++++++++++++++ .../python/python3-pyopenssl_22.0.0.bb | 4 + 2 files changed, 129 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch diff --git a/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch new file mode 100644 index 00000000000..4a06e2c0201 --- /dev/null +++ b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch @@ -0,0 +1,125 @@ +From d41a814759a9fb49584ca8ab3f7295de49a85aa0 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor +Date: Mon, 16 Feb 2026 21:04:37 -0500 +Subject: [PATCH] Handle exceptions in set_tlsext_servername_callback callbacks + (#1478) + +When the servername callback raises an exception, call sys.excepthook +with the exception info and return SSL_TLSEXT_ERR_ALERT_FATAL to abort +the handshake. Previously, exceptions would propagate uncaught through +the CFFI callback boundary. + +https://claude.ai/code/session_01P7y1XmWkdtC5UcmZwGDvGi + +Co-authored-by: Claude + +Upstream-Status: Backport [https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0] +CVE: CVE-2026-27448 +Signed-off-by: Vijay Anusuri +--- + CHANGELOG.rst | 2 ++ + src/OpenSSL/SSL.py | 7 ++++++- + tests/test_ssl.py | 50 ++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 58 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG.rst b/CHANGELOG.rst +index c84b30a..5b6d523 100644 +--- a/CHANGELOG.rst ++++ b/CHANGELOG.rst +@@ -20,6 +20,8 @@ Deprecations: + Changes: + ^^^^^^^^ + ++- ``Context.set_tlsext_servername_callback`` now handles exceptions raised in the callback by calling ``sys.excepthook`` and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. ++ + - Expose wrappers for some `DTLS + `_ + primitives. `#1026 `_ +diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py +index 12374b7..6ef44d4 100644 +--- a/src/OpenSSL/SSL.py ++++ b/src/OpenSSL/SSL.py +@@ -1,5 +1,6 @@ + import os + import socket ++import sys + from sys import platform + from functools import wraps, partial + from itertools import count, chain +@@ -1431,7 +1432,11 @@ class Context(object): + + @wraps(callback) + def wrapper(ssl, alert, arg): +- callback(Connection._reverse_mapping[ssl]) ++ try: ++ callback(Connection._reverse_mapping[ssl]) ++ except Exception: ++ sys.excepthook(*sys.exc_info()) ++ return _lib.SSL_TLSEXT_ERR_ALERT_FATAL + return 0 + + self._tlsext_servername_callback = _ffi.callback( +diff --git a/tests/test_ssl.py b/tests/test_ssl.py +index ccc8a38..77e1876 100644 +--- a/tests/test_ssl.py ++++ b/tests/test_ssl.py +@@ -1884,6 +1884,56 @@ class TestServerNameCallback(object): + + assert args == [(server, b"foo1.example.com")] + ++ def test_servername_callback_exception( ++ self, monkeypatch: pytest.MonkeyPatch ++ ) -> None: ++ """ ++ When the callback passed to `Context.set_tlsext_servername_callback` ++ raises an exception, ``sys.excepthook`` is called with the exception ++ and the handshake fails with an ``Error``. ++ """ ++ exc = TypeError("server name callback failed") ++ ++ def servername(conn: Connection) -> None: ++ raise exc ++ ++ excepthook_calls: list[ ++ tuple[type[BaseException], BaseException, object] ++ ] = [] ++ ++ def custom_excepthook( ++ exc_type: type[BaseException], ++ exc_value: BaseException, ++ exc_tb: object, ++ ) -> None: ++ excepthook_calls.append((exc_type, exc_value, exc_tb)) ++ ++ context = Context(SSLv23_METHOD) ++ context.set_tlsext_servername_callback(servername) ++ ++ # Necessary to actually accept the connection ++ context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem)) ++ context.use_certificate( ++ load_certificate(FILETYPE_PEM, server_cert_pem) ++ ) ++ ++ # Do a little connection to trigger the logic ++ server = Connection(context, None) ++ server.set_accept_state() ++ ++ client = Connection(Context(SSLv23_METHOD), None) ++ client.set_connect_state() ++ client.set_tlsext_host_name(b"foo1.example.com") ++ ++ monkeypatch.setattr(sys, "excepthook", custom_excepthook) ++ with pytest.raises(Error): ++ interact_in_memory(server, client) ++ ++ assert len(excepthook_calls) == 1 ++ assert excepthook_calls[0][0] is TypeError ++ assert excepthook_calls[0][1] is exc ++ assert excepthook_calls[0][2] is not None ++ + + class TestApplicationLayerProtoNegotiation(object): + """ +-- +2.25.1 + diff --git a/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb b/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb index db0e809ef54..13d87939b62 100644 --- a/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb +++ b/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb @@ -10,6 +10,10 @@ SRC_URI[sha256sum] = "660b1b1425aac4a1bea1d94168a85d99f0b3144c869dd4390d27629d00 PYPI_PACKAGE = "pyOpenSSL" inherit pypi setuptools3 +SRC_URI += " \ + file://CVE-2026-27448.patch \ +" + PACKAGES =+ "${PN}-tests" FILES:${PN}-tests = "${libdir}/${PYTHON_DIR}/site-packages/OpenSSL/test" From patchwork Mon Apr 6 06:26:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85290 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 300ECEF4EA2 for ; Mon, 6 Apr 2026 06:27:39 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.49605.1775456857093154090 for ; Sun, 05 Apr 2026 23:27:37 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=YbDwoegr; spf=pass (domain: smile.fr, ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-48897fd88ebso22428525e9.2 for ; Sun, 05 Apr 2026 23:27:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456855; x=1776061655; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DS4DHbc7Jf3zRsV2JHtkpVskXSIoVHL+z+JE3NrXy+4=; b=YbDwoegrYxu7r6sEjE7Z3cHijbCTzn7fVT97ocGCGeXdembZncojFfxoCe+rOwuN4z S2wgEl05he2lKNWeFUDNVz1H/J/qby5RwGyR5vnizDQJdHvllDwsLjvfLb3VU45na5av qiQBqtsmWpXCzInLPrvMZNXNTtAFnbrc+lFGw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456855; x=1776061655; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=DS4DHbc7Jf3zRsV2JHtkpVskXSIoVHL+z+JE3NrXy+4=; b=cFCcmpJkt7hzaVhM30+9lj33WBaGx9Fp+PyYAq1uuU0+XhjGn0zUlUejtj5wvK8pRO abbxQwYx52R8g+MGVx6MM/H7Y3IsPIqTLOf0OUS92sWXHJnKDteEl/RLVi/GL3UB/OUO rttKBxgW01YSsm+mG67V8d2DxHUlvopFLVoJh8wnJRDgSY47qapt523e8nQJtiiCMPNM XOe1+t5o5TWafb5hvZhK7VpA9O0FfvWvTqMbazvnFmIrA5TZKhXPCvP/LWaBlsKMV0s3 LnHKMWrBDqVdBhmryI0mg3IvmsiMpaGQK5d9xQ5wtfSDstUN9VDejUFzaWco0AFeby0E bMTg== X-Gm-Message-State: AOJu0YzWkwE1KzAel5nqzelS/sv6hjrIbH3g+MJ4B5/qQlZLsc4eU6CD /cGEb7yImpLDBq5okaO3TGamHT8E1zFLQEUUHLFthoZlS49N8jhlSfydRQ8Ho0qGHEOnrYlW8bV FalKlWJI= X-Gm-Gg: AeBDieuhoaPwWj1jSJthG2yKXmW0846bprA01Yxj7nmAh32FDkD3u8QP4MjU5xfCZv9 dqpZzNISOaNdqEhbNwGH/D6bHyJm4BeYHhQcrvEmO0tcRjUfof7JQeAd9wNYL/Bxgbeu6x7BT4U tBZJtlLVKnj0cj2gfBIyLT+C39/4kB95PVE367B3bbYIJqGIP0Co4fShCbu+npKGhzmqrOeclLg Ete0VO/xQr3lMbc14I40weRU74fxxcH6yHhoxAYBYv3es7+5JJ6GZE7MncUo5SEwKgTbz1rACaW DW2hBGltzorg/p/vOmQ4rPGGbnoOrSQs4Z+naBdg3/h7tWzGdKMsNEssRENsdAvVuZVbQ7PZ9Ej YrrfUsLBqb+0w70SDRB74/d9jOKcrEnKt5bhiFOYMBMtLH4yfkf8prbonoN+KuQajirESPkkydf bWVKYJo89mVcLgTwDLb9bjMMR0YIJ7bu32klyMeFuzb1FEJLkfgtNQiEw3N7xjszoYXkGWosen5 Ato2r1E44pX7nH8x4oJhkwwfos= X-Received: by 2002:a05:600c:4447:b0:480:1c69:9d36 with SMTP id 5b1f17b1804b1-48899785c7bmr185709395e9.17.1775456855182; Sun, 05 Apr 2026 23:27:35 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:34 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/18] python3-pyopenssl: Fix CVE-2026-27459 Date: Mon, 6 Apr 2026 08:26:39 +0200 Message-ID: <6985f9ba57fef2d9bc212a7f9a23e35979983d29.1775435063.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234656 From: Vijay Anusuri Pick patch mentioned in NVD [1] https://nvd.nist.gov/vuln/detail/CVE-2026-27459 [2] https://ubuntu.com/security/CVE-2026-27459 Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../python3-pyopenssl/CVE-2026-27459.patch | 106 ++++++++++++++++++ .../python/python3-pyopenssl_22.0.0.bb | 1 + 2 files changed, 107 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch diff --git a/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch new file mode 100644 index 00000000000..b5e37a6900d --- /dev/null +++ b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch @@ -0,0 +1,106 @@ +From 57f09bb4bb051d3bc2a1abd36e9525313d5cd408 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor +Date: Wed, 18 Feb 2026 07:46:15 -0500 +Subject: [PATCH] Fix buffer overflow in DTLS cookie generation callback + (#1479) + +The cookie generate callback copied user-returned bytes into a +fixed-size native buffer without enforcing a maximum length. A +callback returning more than DTLS1_COOKIE_LENGTH bytes would overflow +the OpenSSL-provided buffer, corrupting adjacent memory. + +Co-authored-by: Claude Opus 4.6 + +Upstream-Status: Backport [https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408] +CVE: CVE-2026-27459 +Signed-off-by: Vijay Anusuri +--- + CHANGELOG.rst | 1 + + src/OpenSSL/SSL.py | 7 +++++++ + tests/test_ssl.py | 38 ++++++++++++++++++++++++++++++++++++++ + 3 files changed, 46 insertions(+) + +diff --git a/CHANGELOG.rst b/CHANGELOG.rst +index 5b6d523..13d8abd 100644 +--- a/CHANGELOG.rst ++++ b/CHANGELOG.rst +@@ -20,6 +20,7 @@ Deprecations: + Changes: + ^^^^^^^^ + ++- Properly raise an error if a DTLS cookie callback returned a cookie longer than ``DTLS1_COOKIE_LENGTH`` bytes. Previously this would result in a buffer-overflow. + - ``Context.set_tlsext_servername_callback`` now handles exceptions raised in the callback by calling ``sys.excepthook`` and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. + + - Expose wrappers for some `DTLS +diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py +index 6ef44d4..fa1b556 100644 +--- a/src/OpenSSL/SSL.py ++++ b/src/OpenSSL/SSL.py +@@ -556,11 +556,18 @@ class _CookieGenerateCallbackHelper(_CallbackExceptionHelper): + def __init__(self, callback): + _CallbackExceptionHelper.__init__(self) + ++ max_cookie_len = getattr(_lib, "DTLS1_COOKIE_LENGTH", 255) ++ + @wraps(callback) + def wrapper(ssl, out, outlen): + try: + conn = Connection._reverse_mapping[ssl] + cookie = callback(conn) ++ if len(cookie) > max_cookie_len: ++ raise ValueError( ++ f"Cookie too long (got {len(cookie)} bytes, " ++ f"max {max_cookie_len})" ++ ) + out[0 : len(cookie)] = cookie + outlen[0] = len(cookie) + return 1 +diff --git a/tests/test_ssl.py b/tests/test_ssl.py +index 77e1876..fb77b75 100644 +--- a/tests/test_ssl.py ++++ b/tests/test_ssl.py +@@ -4455,3 +4455,41 @@ class TestDTLS(object): + assert 0 < c.get_cleartext_mtu() < 500 + except NotImplementedError: # OpenSSL 1.1.0 and earlier + pass ++ ++ def test_cookie_generate_too_long(self) -> None: ++ s_ctx = Context(DTLS_METHOD) ++ ++ def generate_cookie(ssl: Connection) -> bytes: ++ return b"\x00" * 256 ++ ++ def verify_cookie(ssl: Connection, cookie: bytes) -> bool: ++ return True ++ ++ s_ctx.set_cookie_generate_callback(generate_cookie) ++ s_ctx.set_cookie_verify_callback(verify_cookie) ++ s_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem)) ++ s_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem)) ++ s_ctx.set_options(OP_NO_QUERY_MTU) ++ s = Connection(s_ctx) ++ s.set_accept_state() ++ ++ c_ctx = Context(DTLS_METHOD) ++ c_ctx.set_options(OP_NO_QUERY_MTU) ++ c = Connection(c_ctx) ++ c.set_connect_state() ++ ++ c.set_ciphertext_mtu(1500) ++ s.set_ciphertext_mtu(1500) ++ ++ # Client sends ClientHello ++ try: ++ c.do_handshake() ++ except SSL.WantReadError: ++ pass ++ chunk = c.bio_read(self.LARGE_BUFFER) ++ s.bio_write(chunk) ++ ++ # Server tries DTLSv1_listen, which triggers cookie generation. ++ # The oversized cookie should raise ValueError. ++ with pytest.raises(ValueError, match="Cookie too long"): ++ s.DTLSv1_listen() +-- +2.25.1 + diff --git a/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb b/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb index 13d87939b62..42de3207b46 100644 --- a/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb +++ b/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb @@ -12,6 +12,7 @@ inherit pypi setuptools3 SRC_URI += " \ file://CVE-2026-27448.patch \ + file://CVE-2026-27459.patch \ " PACKAGES =+ "${PN}-tests" From patchwork Mon Apr 6 06:26:40 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85287 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 217B9FF4936 for ; Mon, 6 Apr 2026 06:27:39 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.49554.1775456858120644051 for ; Sun, 05 Apr 2026 23:27:38 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=UOpLqWhU; spf=pass (domain: smile.fr, ip: 209.85.128.54, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-488971db0fdso25248165e9.0 for ; Sun, 05 Apr 2026 23:27:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456856; x=1776061656; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ugHqcjdN6zoBas+QQwnv65Xz4W7IIwZMWDc6pFdOi90=; b=UOpLqWhU9PFfR2NWp5YqXL/eN3IxzYFxDV3bZKeJYxSzK/BAXfmRZXYW9vRb0F4I8V cMjBrY2ydQZ3dkT3jkeT6a/j6nTDj0lHvMKYjkPaBrvxQf92iyNC3ubwOaeb2pus6xE3 dPAlwe4Rv+kUnDC5+bPb3hoK9+GB5DOodAl7Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456856; x=1776061656; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ugHqcjdN6zoBas+QQwnv65Xz4W7IIwZMWDc6pFdOi90=; b=iv5noPLs98DEnLMCdz3he4JjlYMlV7AJ9ZsJTiQo/K3gTt4eYMoDuGIbpK1SR/xgSn 6qvhfKMdrihQl+ktDCRFELLGViQMT1FHo+ldpBPDgyzLYfHw0TFX46i7MAVgzKCYCOxI FNxaWT2HdCTZ9ZU3zycHUBy1lLvT+ybAd3X5RV07S0Tkb/JEgCQ7axpERWQKU/hrqFA1 AK7nFcyYlBUZjuKUe86qWDlGNR4ZTRJf6tBvUw9tn/l479mxhAOySTdd9cjEW6gKq0wQ wuIX1thF8EkCHJaxhNUU2S4duNjAZYoYyznZ5+8eX8rFuDpC3pCAvGTAt9rjqeFz82+Q bIow== X-Gm-Message-State: AOJu0YxT78It/FtjE5/MMxMEPt9PfK46xobjltfKDow8IRdRUwlBCT6F DXQ11dqbJxhcA7i6HOis9sQmzbimKflnqaJUpu62QGDGig0uQmOGW9qerNBSq6KO6PjxzEiCBHV 59mb3YqE= X-Gm-Gg: AeBDieuzyWDGDlC0hfEio7TLQZQ66oTi8Pucwqmp0jFzHb2W63OyDePvCxqA2L0uWnq VyX3a3twqX/AiVD1BvOEO9uZCO+eO1HBqB3MPf151qv+8QZvnBZ3U8Texk4KwP1zpfad2nsepFA LuYs/TzDhM+iqSElGQpUtl+ef8GmCq+EylD12JPraT6Ih3tMBPZ6WqjRrSSJROQ28RZmh7ceqs4 PdJZ08JTSfiCOjEuT3gXvTAXtsTWTRbKpoNWOBsq599eGnpB7P/B/94y4bhCC6hJ/5VfqWHrWgE a+ndT/4uyG+2pWlWi7GSKLTfbT9b4EyezsGZCF0L6sXsIK2nnBEiXwAS+tLIMvoCc1gpliaitSz O+Ks6G0X68/fUZ8sE4X9K3601b3JxfeDL0qKMnO5WMcPXK3pP80IYcYF8qqFRH3J4ufCgUr5Gu8 7H0ritbzme7IbZlZWm+gvCshgM7a4Hs6p5Tbo7enYb0y1B+0rNBTVcl6r/FKJG5Hnf1H4yJOiYB eOtybFe8WqqJM4Sa7BI5KZ+hN4= X-Received: by 2002:a05:600c:8b34:b0:487:1fb4:7e1 with SMTP id 5b1f17b1804b1-488997d530fmr170622705e9.22.1775456855677; Sun, 05 Apr 2026 23:27:35 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:35 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 11/18] libarchive: Fix CVE-2026-4111 Date: Mon, 6 Apr 2026 08:26:40 +0200 Message-ID: <936b97d2655394865d134620f95e4de389cd8f95.1775435063.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234657 From: Vijay Anusuri Pick patch according to [1] [1] https://security-tracker.debian.org/tracker/CVE-2026-4111 [2] https://github.com/libarchive/libarchive/pull/2877 [3] https://access.redhat.com/errata/RHSA-2026:5080 Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../libarchive/CVE-2026-4111-1.patch | 32 ++ .../libarchive/CVE-2026-4111-2.patch | 308 ++++++++++++++++++ .../libarchive/libarchive_3.6.2.bb | 2 + 3 files changed, 342 insertions(+) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch new file mode 100644 index 00000000000..1f065b13648 --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch @@ -0,0 +1,32 @@ +From 7273d04803a1e5a482f26d8d0fbaf2b204a72168 Mon Sep 17 00:00:00 2001 +From: Tim Kientzle +Date: Sun, 1 Mar 2026 20:24:56 -0800 +Subject: [PATCH] Reject filters when the block length is nonsensical + +Credit: Grzegorz Antoniak @antekone + +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/7273d04803a1e5a482f26d8d0fbaf2b204a72168] +CVE: CVE-2026-4111 +Signed-off-by: Vijay Anusuri +--- + libarchive/archive_read_support_format_rar5.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c +index 38979cb..867f0a8 100644 +--- a/libarchive/archive_read_support_format_rar5.c ++++ b/libarchive/archive_read_support_format_rar5.c +@@ -2914,7 +2914,9 @@ static int parse_filter(struct archive_read* ar, const uint8_t* p) { + if(block_length < 4 || + block_length > 0x400000 || + filter_type > FILTER_ARM || +- !is_valid_filter_block_start(rar, block_start)) ++ !is_valid_filter_block_start(rar, block_start) || ++ (rar->cstate.window_size > 0 && ++ (ssize_t)block_length > rar->cstate.window_size >> 1)) + { + archive_set_error(&ar->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Invalid filter encountered"); +-- +2.25.1 + diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch new file mode 100644 index 00000000000..243a03a8e5d --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch @@ -0,0 +1,308 @@ +From ef53e2023d75a205cf7cbddb5d01c4cc592e9ce4 Mon Sep 17 00:00:00 2001 +From: Tim Kientzle +Date: Sun, 1 Mar 2026 10:04:01 -0800 +Subject: [PATCH] Infinite loop in Rar5 decompression + +Found by: Elhanan Haenel + +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/ef53e2023d75a205cf7cbddb5d01c4cc592e9ce4] +CVE: CVE-2026-4111 +Signed-off-by: Vijay Anusuri +--- + Makefile.am | 2 + + libarchive/test/CMakeLists.txt | 1 + + .../test/test_read_format_rar5_loop_bug.c | 53 +++++ + .../test_read_format_rar5_loop_bug.rar.uu | 189 ++++++++++++++++++ + 4 files changed, 245 insertions(+) + create mode 100644 libarchive/test/test_read_format_rar5_loop_bug.c + create mode 100644 libarchive/test/test_read_format_rar5_loop_bug.rar.uu + +diff --git a/Makefile.am b/Makefile.am +index dd1620d..14edb2a 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -507,6 +507,7 @@ libarchive_test_SOURCES= \ + libarchive/test/test_read_format_rar_invalid1.c \ + libarchive/test/test_read_format_rar_overflow.c \ + libarchive/test/test_read_format_rar5.c \ ++ libarchive/test/test_read_format_rar5_loop_bug.c \ + libarchive/test/test_read_format_raw.c \ + libarchive/test/test_read_format_tar.c \ + libarchive/test/test_read_format_tar_concatenated.c \ +@@ -869,6 +870,7 @@ libarchive_test_EXTRA_DIST=\ + libarchive/test/test_read_format_rar5_invalid_dict_reference.rar.uu \ + libarchive/test/test_read_format_rar5_leftshift1.rar.uu \ + libarchive/test/test_read_format_rar5_leftshift2.rar.uu \ ++ libarchive/test/test_read_format_rar5_loop_bug.rar.uu \ + libarchive/test/test_read_format_rar5_multiarchive.part01.rar.uu \ + libarchive/test/test_read_format_rar5_multiarchive.part02.rar.uu \ + libarchive/test/test_read_format_rar5_multiarchive.part03.rar.uu \ +diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt +index 05c6fd7..c8f2e90 100644 +--- a/libarchive/test/CMakeLists.txt ++++ b/libarchive/test/CMakeLists.txt +@@ -156,6 +156,7 @@ IF(ENABLE_TEST) + test_read_format_rar_filter.c + test_read_format_rar_overflow.c + test_read_format_rar5.c ++ test_read_format_rar5_loop_bug.c + test_read_format_raw.c + test_read_format_tar.c + test_read_format_tar_concatenated.c +diff --git a/libarchive/test/test_read_format_rar5_loop_bug.c b/libarchive/test/test_read_format_rar5_loop_bug.c +new file mode 100644 +index 0000000..77dd78c +--- /dev/null ++++ b/libarchive/test/test_read_format_rar5_loop_bug.c +@@ -0,0 +1,53 @@ ++/*- ++ * Copyright (c) 2026 Tim Kientzle ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#include "test.h" ++ ++DEFINE_TEST(test_read_format_rar5_loop_bug) ++{ ++ const char *reffile = "test_read_format_rar5_loop_bug.rar"; ++ struct archive_entry *ae; ++ struct archive *a; ++ const void *buf; ++ size_t size; ++ la_int64_t offset; ++ ++ extract_reference_file(reffile); ++ assert((a = archive_read_new()) != NULL); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a)); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a)); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_open_filename(a, reffile, 10240)); ++ ++ // This has just one entry ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae)); ++ ++ // Read blocks until the end of the entry ++ while (ARCHIVE_OK == archive_read_data_block(a, &buf, &size, &offset)) { ++ } ++ ++ assertEqualIntA(a, ARCHIVE_EOF, archive_read_next_header(a, &ae)); ++ ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); ++ assertEqualInt(ARCHIVE_OK, archive_free(a)); ++} +diff --git a/libarchive/test/test_read_format_rar5_loop_bug.rar.uu b/libarchive/test/test_read_format_rar5_loop_bug.rar.uu +new file mode 100644 +index 0000000..3e47004 +--- /dev/null ++++ b/libarchive/test/test_read_format_rar5_loop_bug.rar.uu +@@ -0,0 +1,189 @@ ++begin 644 test_read_format_rar5_loop_bug.rar ++M4F%R(1H'`0#%&C,R`P$``)T-9%L.`@+P0`"`@`P`@`,``6'(WFP@`?\7_U/^ ++M8@!.`B`H```````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++5```````````````````Y^;*!`@4` ++` ++end +-- +2.25.1 + diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index e74326b40fd..85fe6e5baa2 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -50,6 +50,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ file://0001-Merge-pull-request-2768-from-Commandoss-master.patch \ file://CVE-2025-60753-01.patch \ file://CVE-2025-60753-02.patch \ + file://CVE-2026-4111-1.patch \ + file://CVE-2026-4111-2.patch \ " UPSTREAM_CHECK_URI = "http://libarchive.org/" From patchwork Mon Apr 6 06:26:41 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85286 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 068FEF3D5E3 for ; Mon, 6 Apr 2026 06:27:39 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.49606.1775456858331312505 for ; Sun, 05 Apr 2026 23:27:38 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=KUCXBMRH; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-488aa77a06eso15916015e9.0 for ; Sun, 05 Apr 2026 23:27:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456856; x=1776061656; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BP2dmZ8/tCvcPVYoWBz+GfrxwcZDBTHysfpT3H3eCm0=; b=KUCXBMRH3hdk4gBZtyCRLltXYay/LOaWb8f8lQ3Tys42qEaykcnttvM6c+aOcAht43 niL7XjtKUmTIfL1DzNrVqzEgZ1NCi8JF2wY1bcb6INJ+1AhTtf+uSU84AVLXwIF5B0xb /jJdcLljDyYBbZoTMBAtJ9sXNiyp3GL1tlh1M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456856; x=1776061656; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=BP2dmZ8/tCvcPVYoWBz+GfrxwcZDBTHysfpT3H3eCm0=; b=gIfwzbB5DoWzYlHPnZhcN1bqkfLJtDHKxX+9pVjtCqQNL7OGpZjUAiLSk4iSz0PzVZ P+PgMvl7+/vDqtwDGm2v+w4MHoU2XH32QqxvFWi2HWETmcFZvSG8GXMAeWx+v5NznXiS Iu5ag8/ijayid/Y41qoA9MNIdya18FOSwteRQ6N4+yg8hKf0yUZVMc9uHLyuK458STdE Sqsl78fOuikEJUq1Oj9o80Bg5kgYeDvWgKdHvo1X/31dU85ECbzA8r6Kq3FFdFzOgACt JXtIeL1BjeCv5iBHbtGSJmySz12Hv9kCFd60//5+sHK5/A1TCD3Ueab4dxEdgDPkXbSt MR2g== X-Gm-Message-State: AOJu0YwgArgVLMVIj6Sa1N8drfYTqBkU45lPkWPwPozQF2dMBA9aqwDQ C9jzOCg2PMb5Mv4VMUMwRs6DLOiJQ75AQAnogzwAso+80+UJKSc/iNnFLJ8gQSAchXzytpDSgOq 5F2iH0rY= X-Gm-Gg: AeBDieuwI2cbe07QEk6T0sLVTbk0bZjDqlkJ5OHfxxGRpUmG0umStF+bfESZrpNJgPP yfqtyoYYFJCXL0ZVYPy3qFaQg8WDo8gUySZ6t6+MWZtGwt0Q9RxMYyr3g1VFIXC/rn87Bked0NY FJVD1L8jUuS0wjuSZO/pgaFIDQOqjD2gv3St/x3RzBcoTPSYw3R2+0YTspP2IgGPtmpco2H+548 e1GvcYHnMlrumG1CnQlAMbkKat3Mq3D2beJW4skdk2yvTOaLqvX3xwO2EvxSA2OPDg7jdOoTwuu wYp7paba/Ec8MrOIYgY6QYbCztgP0RbzaqQC82IfHKBwUn+pgb3adJyvyr9bi3uzg7aIHnf7zGE WAnX07KotntnnSQEa858+8c7LB/ARqJxnObRBvBqAsHe7j0yJ+UYyYCQhvUZxc6Xpohnn+K3Uoq QYCh2XOqgD0mOJ+PnpTsUWumkeGfRMm9Pah+JJVYrxjauD0HoxcSgzGNA9MTV3n6JI+ZNMR4r/1 wYzGUseoG7Sgs6SRUp9RQDjNf79xoL3x4JqVw== X-Received: by 2002:a05:600c:15d2:b0:488:a14d:3d81 with SMTP id 5b1f17b1804b1-488a14d3ef0mr68325915e9.2.1775456856272; Sun, 05 Apr 2026 23:27:36 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:35 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 12/18] vim: Fix CVE-2026-33412 Date: Mon, 6 Apr 2026 08:26:41 +0200 Message-ID: <50d4357e4c38f90aaf64092dc5a2b7bb7c515f21.1775435063.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234658 From: Hitendra Prajapati Pick patch from [1] also mentioned in NVD report with [2] [1] https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a [2] https://nvd.nist.gov/vuln/detail/CVE-2026-33412 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../vim/files/CVE-2026-33412.patch | 61 +++++++++++++++++++ meta/recipes-support/vim/vim.inc | 1 + 2 files changed, 62 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2026-33412.patch diff --git a/meta/recipes-support/vim/files/CVE-2026-33412.patch b/meta/recipes-support/vim/files/CVE-2026-33412.patch new file mode 100644 index 00000000000..62daa308b58 --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-33412.patch @@ -0,0 +1,61 @@ +From 645ed6597d1ea896c712cd7ddbb6edee79577e9a Mon Sep 17 00:00:00 2001 +From: pyllyukko +Date: Thu, 19 Mar 2026 19:58:05 +0000 +Subject: [PATCH] patch 9.2.0202: [security]: command injection via newline in + glob() + +Problem: The glob() function on Unix-like systems does not escape + newline characters when expanding wildcards. A maliciously + crafted string containing '\n' can be used as a command + separator to execute arbitrary shell commands via + mch_expand_wildcards(). This depends on the user's 'shell' + setting. +Solution: Add the newline character ('\n') to the SHELL_SPECIAL + definition to ensure it is properly escaped before being + passed to the shell (pyllyukko). + +closes: #19746 + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c + +Signed-off-by: pyllyukko +Signed-off-by: Christian Brabandt + +CVE: CVE-2026-33412 +Upstream-Status: Backport [https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a] +Signed-off-by: Hitendra Prajapati +--- + src/os_unix.c | 2 +- + src/version.c | 2 ++ + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/os_unix.c b/src/os_unix.c +index cf195e62e1..d767956b1a 100644 +--- a/src/os_unix.c ++++ b/src/os_unix.c +@@ -7106,7 +7106,7 @@ mch_expandpath( + # define SEEK_END 2 + #endif + +-#define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|" ++# define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|\n" + + int + mch_expand_wildcards( +diff --git a/src/version.c b/src/version.c +index 4f3912aedd..712a3e637c 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -724,6 +724,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 1684, + /**/ + 1683, + /**/ +-- +2.50.1 + diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 289f31be707..fc9b4db055a 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://disable_acl_header_check.patch \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ + file://CVE-2026-33412.patch \ " PV .= ".1683" From patchwork Mon Apr 6 06:26:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85297 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 371E9EF4EBA for ; Mon, 6 Apr 2026 06:27:41 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.49555.1775456858781706173 for ; Sun, 05 Apr 2026 23:27:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=pdeoAcRX; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-4887f49ec5aso51480335e9.1 for ; Sun, 05 Apr 2026 23:27:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456857; x=1776061657; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=sMEM8VvFmNdDO0qa35jZnfImu6P/RN8dlTc/DuIxpfs=; b=pdeoAcRXl6yDeCnM9X25p03D+l+QLNOWmW6zJiGHzGa//Tdv65ducIWgZq/iI5nCR6 BwCLUa90OaiMWKAvknBD/b7mh9vtlMegfHGPnQ3iNkKRFTLXjK/EBW0fmaoWEI0K/rK3 2T9rUHybF/n5dqQoBRp9V7UDestIohOvwL9hA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456857; x=1776061657; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=sMEM8VvFmNdDO0qa35jZnfImu6P/RN8dlTc/DuIxpfs=; b=LgU7GqVbW7hhMNtZ0fl2AdKIthw46Zy/cVMEd2iTNZlmGgn37VDfk3JRyt+4Fh+t7k NFsO7USL8H6n1Tz8o33/HTefMx1oYU9h6JgbPURJVWldXgBdw7tmFuF0JbkM2+QbRZxn PD2wbKN9ky6JRIXFNtEn5lKUPiuyXkBdKBeBN8/ciLSefQBle/v2fr9PMG2tovMTJPpf 0xOBKHEdf0nfILt5e7h6uJzxNRDuz7vqZyoz/0xJStgda+9EoTy908QpfoqXllo7DidV t5r9z4qknOQ0RzA3Ga8Zrj4lIL4h56e9bsSq5RDZo6k8Vj6qs/pNQooKLoxbCyaz+7BI a2yw== X-Gm-Message-State: AOJu0YxVIjZxLXiSQNg2bg+il+SpmkWliTmp1QMcq48nMc6F2wzNbtgy 1B8Dm1E+brLifxJhwE0DcPcaDBK64dFSoZROpG3BcV+Q97W1dr+3SEagvY1/jfEB9DkOptI1Wn+ lyuYyQik= X-Gm-Gg: AeBDietx0OQ2XlAFHqMlqqDpoCPhf/9QHTCToeK3Vjcx1tZjYq8pIlWby1KMD9bgOI4 DxyeP7NF45tGmO2tbyMHamIMJ4CUDBXAEkXXGxEVjdlNUNzs7t6VWFl7YSChFKsx3+TNS0o7d7r 0DffCQ9E6Ov6vFibBf0VzKEeB/vw5WUGCsX8Ielpt7482oKD99Lz/ILuTyG/jEOOkRv6NytR3Gc fLVy25B3PTXsFm5fZRMxgHzsYt1IjQpZaH9mQ8UVc1bqe7FBUi+Fq03d6QiYkdtnnhsS2lbqXUE l4Ni8olf7IgUt7U2CYMuV5ljYdz55gNt1LCopLXJbe1qbZZUJeRneix6aVkSbQth6ot0ppHK+N9 UOeyAmlzin+8+/B8l9OY23c3xaY31e5UESg6wu9XhDEHrSwT1XwXXAaQU77PTeTSgDSf47AbH1M mIeJmiv9BoGWYdBg7xffTJfS8iy93PTZZnp1MNXaAov7HVB8kg33iY1mhf+1EwpHlfXXhQWMN6P FHHv+vKAuP3qT9NDx03tAuihr8= X-Received: by 2002:a05:600c:3546:b0:487:5c0:671f with SMTP id 5b1f17b1804b1-488996e8774mr168589235e9.9.1775456856753; Sun, 05 Apr 2026 23:27:36 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:36 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 13/18] sqlite3: Fix CVE-2025-70873 Date: Mon, 6 Apr 2026 08:26:42 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234659 From: Vijay Anusuri Pick patch as per [1] [1] https://sqlite.org/src/info/3d459f1fb1bd1b5e [2] https://sqlite.org/forum/forumpost/761eac3c82 [3] https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054 Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../sqlite/files/CVE-2025-70873.patch | 33 +++++++++++++++++++ meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-70873.patch diff --git a/meta/recipes-support/sqlite/files/CVE-2025-70873.patch b/meta/recipes-support/sqlite/files/CVE-2025-70873.patch new file mode 100644 index 00000000000..86004c0b741 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2025-70873.patch @@ -0,0 +1,33 @@ +From 5a05c59d4d75c03f23d5fb70feac9f789954bf8a Mon Sep 17 00:00:00 2001 +From: drh <> +Date: Sat, 6 Dec 2025 20:41:24 +0000 +Subject: [PATCH] In the zipfile extension, only return as many bytes as + Inflate actually generated. [forum:/forumpost/761eac3c82|Forum post + 761eac3c82]. Adjust ./configure so that it builds zipfile into testfixture if + ZLIB is available, so that tests get run on unix platforms. + +FossilOrigin-Name: 3d459f1fb1bd1b5e723629c463ab392af7b206ece3388bda216c6a4c26160909 + +Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/5a05c59d4d75c03f23d5fb70feac9f789954bf8a] +CVE: CVE-2025-70873 +Signed-off-by: Vijay Anusuri +--- + shell.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/shell.c b/shell.c +index fa45d40..3c4902c 100644 +--- a/shell.c ++++ b/shell.c +@@ -7668,7 +7668,7 @@ static void zipfileInflate( + if( err!=Z_STREAM_END ){ + zipfileCtxErrorMsg(pCtx, "inflate() failed (%d)", err); + }else{ +- sqlite3_result_blob(pCtx, aRes, nOut, zipfileFree); ++ sqlite3_result_blob(pCtx, aRes, (int)str.total_out, zipfileFree); + aRes = 0; + } + } +-- +2.25.1 + diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb index acdd80022e1..9e10caa399a 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb @@ -10,6 +10,7 @@ SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://CVE-2023-7104.patch \ file://CVE-2025-29088.patch \ file://CVE-2025-6965.patch \ + file://CVE-2025-70873.patch \ " SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c" From patchwork Mon Apr 6 06:26:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85300 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F33BEF4EBB for ; Mon, 6 Apr 2026 06:27:41 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.49556.1775456859334075632 for ; Sun, 05 Apr 2026 23:27:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=TwsLhWHT; spf=pass (domain: smile.fr, ip: 209.85.128.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-488aa77a06eso15916125e9.0 for ; Sun, 05 Apr 2026 23:27:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456857; x=1776061657; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DnPfSxuNmlH81fbdPnvc6ltVJQ+styhsyLQRmmXMXrU=; b=TwsLhWHT8kCOvjpb45E797RxUBgUMX759ltLhAHiLUg6vInd+MTWCShCzez4nAlQgW WT88+nBXFGwR1LcorkSW6O2SANuZ8iNfiDp3eYNLYZmIE59rJadySDiehsjfkX3tNBtZ KnS6IAjfuwJ0JhyGr1FzcEx+vHhSndiFokhHQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456857; x=1776061657; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=DnPfSxuNmlH81fbdPnvc6ltVJQ+styhsyLQRmmXMXrU=; b=FR3lgBSqg4hP+pf1nZbPRTIskp2JxoJ2bQW4cKUNyRDrJgfPgGTLdOtKTUqBlDfgtR VW9YVQ1U7nfUxD5YMyYp/U53ttjg/lQeqZ3NQ7u4P0uyrOYfHLkMiqUSkqvAt4fdFH5v vK3ZaSBYl8aBlPpZPFur//gHTWZp0jmBtHFPZnIQLVQ+YEZa7SCn3kLbNh+pUETxYMeT TNp+OVdSOO5wdLw/8XrWVdoOBHUV3y674ZyOx5tPpe0qC7Bv6avVeCHAb1Qv+osSc9sx iHlVV7v45+iR5LbhV+bWingqpFzf1dc5X29k7P4X6tzxvhzkPhhogcLGRgq76xOy7q4d OOng== X-Gm-Message-State: AOJu0YxzCYCp8Zq9tnz4T7b4qhdT98bC6Gf9QE3A4ag/3stI0lDF+8XW yP1D9lqQX0Zmp+Ye9eilDX3QRcEhWibBvyqtZ0OFepC4SCEhMJabdqIJxez0vLCzmZ/Vv5N1uYK vM18E9mk= X-Gm-Gg: AeBDieuWM93fGmy+BKcOi7mHBOe5f4n2hwvuKLRepLZK6hyHd9n/YcsIMiz9/n3VmMy C3IaNyWwMVWrVQdabDoPgwI0ltKRRtLRPoGeWdKHPWmQ8Bpfbmnd/aqzn4eaiE2SzYVxP0aRy6D 9y1+rZOK7UUFi+Y01EWoumZZiA3XOHHsfqJguZbu1AXEqbPq3H2NSKae+CPIsdR35CMiwJws3zm UXNhf9dIBggk+Zz0T1P+5wYaV0Z66bsL874bWpFlcEptvsLPAeS7GGC64iW0MAIHlOSHNJ2Y+9z NKFijpz458hnpfBwxwCCDW3DUjEvvjpz3KEqG4RVUSTv8OxZl3/rsF8vDvuaqRJ4PxijfWo5366 F7jfb1ARIuJnAd1/sEdZoARhiJMjxAZ5ez5R7IcjnTR2JK2ylBa4GwPCcRz8Pyb9MZGVw3RExS9 FbnNTVQWybbQ38mdtcq19om48d7/26Fh68zcv63eaJh04v879ryD9/E2Wuyqs4IjCldG5gexm03 7ulqrjB/hNxBIdOMwmg7A4UVSQ= X-Received: by 2002:a05:600c:64c7:b0:488:a8f0:35bd with SMTP id 5b1f17b1804b1-488a8f037c4mr96417445e9.8.1775456857381; Sun, 05 Apr 2026 23:27:37 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:36 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 14/18] curl: patch CVE-2025-14524 Date: Mon, 6 Apr 2026 08:26:43 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234660 From: Vijay Anusuri Pick commit per [1]. [1] https://curl.se/docs/CVE-2025-14524.html [2] https://security-tracker.debian.org/tracker/CVE-2025-14524 Signed-off-by: Amaury Couderc Signed-off-by: Paul Barker Signed-off-by: Vijay Anusuri [YC: cherry-picked from scarthgap commit 951113a6e8185969444b5e28292f23434dba1f6c] Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2025-14524.patch | 42 +++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14524.patch diff --git a/meta/recipes-support/curl/curl/CVE-2025-14524.patch b/meta/recipes-support/curl/curl/CVE-2025-14524.patch new file mode 100644 index 00000000000..0ab77ade9d5 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2025-14524.patch @@ -0,0 +1,42 @@ +From b3e2318ff3cbe4a9babe5b6875916a429bd584be Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 10 Dec 2025 11:40:47 +0100 +Subject: [PATCH] curl_sasl: if redirected, require permission to use bearer + +Closes #19933 + +CVE: CVE-2025-14524 +Upstream-Status: Backport [https://github.com/curl/curl/commit/1a822275d333dc6da6043497160fd04c8fa48640] + +Signed-off-by: Amaury Couderc + +--- + lib/curl_sasl.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c +index 7e28c92..f0b0341 100644 +--- a/lib/curl_sasl.c ++++ b/lib/curl_sasl.c +@@ -345,7 +345,9 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, + data->set.str[STRING_SERVICE_NAME] : + sasl->params->service; + #endif +- const char *oauth_bearer = data->set.str[STRING_BEARER]; ++ const char *oauth_bearer = ++ (!data->state.this_is_a_follow || data->set.allow_auth_to_other_hosts) ? ++ data->set.str[STRING_BEARER] : NULL; + struct bufref nullmsg; + + Curl_bufref_init(&nullmsg); +@@ -531,7 +533,9 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, + data->set.str[STRING_SERVICE_NAME] : + sasl->params->service; + #endif +- const char *oauth_bearer = data->set.str[STRING_BEARER]; ++ const char *oauth_bearer = ++ (!data->state.this_is_a_follow || data->set.allow_auth_to_other_hosts) ? ++ data->set.str[STRING_BEARER] : NULL; + struct bufref serverdata; + + Curl_bufref_init(&serverdata); diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index 72bd1a20881..b8fa8b5266a 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -70,6 +70,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2025-14017.patch \ file://CVE-2025-15079.patch \ file://CVE-2025-15224.patch \ + file://CVE-2025-14524.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Mon Apr 6 06:26:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85299 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 415F5EF4EBC for ; Mon, 6 Apr 2026 06:27:41 +0000 (UTC) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.49557.1775456859976534405 for ; Sun, 05 Apr 2026 23:27:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=BLZzLacc; spf=pass (domain: smile.fr, ip: 209.85.128.50, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-4887f49ec5aso51480515e9.1 for ; Sun, 05 Apr 2026 23:27:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456858; x=1776061658; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OCrRpjcSzw3cpfrKy1N2tyj/zldtSrQhQmfan6FM4XI=; b=BLZzLacc657EAF2ffRz4r3vwp42Tuu4+BW0dLCAMQIPfkIuSfrXz7RBVam70RvXCeh 1mXVjmXg45JEgnIpBuGR59oZDQ0WFwaZQZ+ZDSG6B8vuuznUvDATkJs7uO5uCISY2FvA f4CD7VBya1doz3uJcKjHnpSzP5/P7mMKzsU+Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456858; x=1776061658; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=OCrRpjcSzw3cpfrKy1N2tyj/zldtSrQhQmfan6FM4XI=; b=gXwdSSsNufnxusAInPwJyk/yR2t0NAOcoGHtQUTWTpABdEbx3063davBUSsoizY4H4 K2OfGYLFLgy0bGxGXlk20IYqvNt71h+eSm8SnFyQZMT9efhEH/UCWOLu4oj6zUIR1Rms zeL4dKErz60jf6WFMSYHDZZFHtiift7g/a+ie+h4+mlqriXPRUZpl+ussVi/PnPFMksO rvcGfvGh9rVna4jj3WQFVsMePI2G3NbUrB2DzqZWZ3TfRqsaSIdlJHqW0xzxwvK+D0R8 LTZvpzQMwsfqeVDjXLUfmuoyMD7bT0RBkmDi+cQbGBm12CW0Oz750510s7gHzSPqPszq KXlw== X-Gm-Message-State: AOJu0YwBQPFXf/oiyEj3hrsaTlQByaCBDkDlGDUSwCVuh8RxWh0xttrK rBT1RzVmk+jqb5ft4dwHcbIwMPoo258HF8YVllxZrn+tGB9D6tiiMRCzf4O/vbZ4K77fxCC5Xb0 wkbwaSJI= X-Gm-Gg: AeBDieu2SpTYobaZVrvWxB11QCjt7LGHZHTEUjt1N2kkN8sU+c5pu3TolHhYoHAkQz1 1+hd462Ag3UIjBPMW4YruGOAJ3zm5tJc+XeVIJg0j7sBfVURiballjRLzVkzd001KtKW+8kfkkV f2pnexLLnhQNTBiTH5yqOuq5ZQSmMqRlIhKIXc9w8LKAYTNYFI3frL4W1sajWBpDbKf1L7n3DnH SWJ12gEKb3hqkg7E+dZDUb3yoF7w5FsqcbwkaeBijp8vr8cQMuHhJGHhPcBtHAk6ZZ2c4fYaqQo zpuwVxAhxHUmHvbDwy8cZinBISO+RIkv7nXTm5XUfz5NUJjJ8DC8we7UNFhboXAtgrPfOicLxuE GiwvQhplg+vBmtJfsDsHqJ9yyxpX7ajmIEBoSTJysgXchK80LGDJVY03WQOcm2nZ/LsQqlKSJdU FKEM8d1/bOX/rmetN1vlWMkHyQ9QMQ/LkdxkEmzlSOqaf20hzyGYuFjv8xiJfxnpD6rNq+PezvV tznYYTTHi0Vgf8oTupgQaBO08c= X-Received: by 2002:a05:600c:3acb:b0:485:46fd:7887 with SMTP id 5b1f17b1804b1-4889972b76amr174079765e9.13.1775456857954; Sun, 05 Apr 2026 23:27:37 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:37 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 15/18] curl: patch CVE-2026-1965 Date: Mon, 6 Apr 2026 08:26:44 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234661 From: Vijay Anusuri pick patches from ubuntu per [1] [1] https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz [2] https://ubuntu.com/security/CVE-2026-1965 [3] https://curl.se/docs/CVE-2026-1965.html Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2026-1965-1.patch | 98 +++++++++++++++++++ .../curl/curl/CVE-2026-1965-2.patch | 29 ++++++ meta/recipes-support/curl/curl_7.82.0.bb | 2 + 3 files changed, 129 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-1.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-2.patch diff --git a/meta/recipes-support/curl/curl/CVE-2026-1965-1.patch b/meta/recipes-support/curl/curl/CVE-2026-1965-1.patch new file mode 100644 index 00000000000..1d0f5c59e8d --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-1965-1.patch @@ -0,0 +1,98 @@ +From 34fa034d9a390c4bd65e2d05262755ec8646ac12 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 5 Feb 2026 08:34:21 +0100 +Subject: [PATCH] url: fix reuse of connections using HTTP Negotiate + +Assume Negotiate means connection-based + +Reported-by: Zhicheng Chen +Closes #20534 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/34fa034d9a390c4bd6] +Backported by Ubuntu team https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz + +CVE: CVE-2026-1965 +Signed-off-by: Vijay Anusuri +--- + lib/url.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 82 insertions(+), 5 deletions(-) + +--- a/lib/url.c ++++ b/lib/url.c +@@ -1145,6 +1145,18 @@ ConnectionExists(struct Curl_easy *data, + #endif + #endif + ++#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) ++ bool wantNegohttp = ++ (data->state.authhost.want & CURLAUTH_NEGOTIATE) && ++ (needle->handler->protocol & PROTO_FAMILY_HTTP); ++#ifndef CURL_DISABLE_PROXY ++ bool wantProxyNegohttp = ++ needle->bits.proxy_user_passwd && ++ (data->state.authproxy.want & CURLAUTH_NEGOTIATE) && ++ (needle->handler->protocol & PROTO_FAMILY_HTTP); ++#endif ++#endif ++ + *force_reuse = FALSE; + *waitpipe = FALSE; + +@@ -1496,6 +1508,57 @@ ConnectionExists(struct Curl_easy *data, + continue; + } + #endif ++ ++#ifdef USE_SPNEGO ++ /* If we are looking for an HTTP+Negotiate connection, check if this is ++ already authenticating with the right credentials. If not, keep looking ++ so that we can reuse Negotiate connections if possible. */ ++ if(wantNegohttp) { ++ if(Curl_timestrcmp(needle->user, check->user) || ++ Curl_timestrcmp(needle->passwd, check->passwd)) ++ continue; ++ } ++ else if(check->http_negotiate_state != GSS_AUTHNONE) { ++ /* Connection is using Negotiate auth but we do not want Negotiate */ ++ continue; ++ } ++ ++#ifndef CURL_DISABLE_PROXY ++ /* Same for Proxy Negotiate authentication */ ++ if(wantProxyNegohttp) { ++ /* Both check->http_proxy.user and check->http_proxy.passwd can be ++ * NULL */ ++ if(!check->http_proxy.user || !check->http_proxy.passwd) ++ continue; ++ ++ if(Curl_timestrcmp(needle->http_proxy.user, ++ check->http_proxy.user) || ++ Curl_timestrcmp(needle->http_proxy.passwd, ++ check->http_proxy.passwd)) ++ continue; ++ } ++ else if(check->proxy_negotiate_state != GSS_AUTHNONE) { ++ /* Proxy connection is using Negotiate auth but we do not want Negotiate */ ++ continue; ++ } ++#endif ++ if(wantNTLMhttp || wantProxyNTLMhttp) { ++ /* Credentials are already checked, we may use this connection. We MUST ++ * use a connection where it has already been fully negotiated. If it has ++ * not, we keep on looking for a better one. */ ++ chosen = check; ++ if((wantNegohttp && ++ (check->http_negotiate_state != GSS_AUTHNONE)) || ++ (wantProxyNegohttp && ++ (check->proxy_negotiate_state != GSS_AUTHNONE))) { ++ /* We must use this connection, no other */ ++ *force_reuse = TRUE; ++ break; ++ } ++ continue; /* get another */ ++ } ++#endif ++ + if(canmultiplex) { + /* We can multiplex if we want to. Let's continue looking for + the optimal connection to use. */ diff --git a/meta/recipes-support/curl/curl/CVE-2026-1965-2.patch b/meta/recipes-support/curl/curl/CVE-2026-1965-2.patch new file mode 100644 index 00000000000..fa5fefd2517 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-1965-2.patch @@ -0,0 +1,29 @@ +From f1a39f221d57354990e3eeeddc3404aede2aff70 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Sat, 21 Feb 2026 18:11:41 +0100 +Subject: [PATCH] url: fix copy and paste url_match_auth_nego mistake + +Follow-up to 34fa034 +Reported-by: dahmono on github +Closes #20662 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/f1a39f221d57354990] +Backported by Ubuntu team https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz + +CVE: CVE-2026-1965 +Signed-off-by: Vijay Anusuri +--- + lib/url.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/lib/url.c ++++ b/lib/url.c +@@ -1542,7 +1542,7 @@ ConnectionExists(struct Curl_easy *data, + continue; + } + #endif +- if(wantNTLMhttp || wantProxyNTLMhttp) { ++ if(wantNegohttp || wantProxyNegohttp) { + /* Credentials are already checked, we may use this connection. We MUST + * use a connection where it has already been fully negotiated. If it has + * not, we keep on looking for a better one. */ diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index b8fa8b5266a..0e107f1e753 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -71,6 +71,8 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2025-15079.patch \ file://CVE-2025-15224.patch \ file://CVE-2025-14524.patch \ + file://CVE-2026-1965-1.patch \ + file://CVE-2026-1965-2.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Mon Apr 6 06:26:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85298 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2805DEF4EB8 for ; Mon, 6 Apr 2026 06:27:41 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.49607.1775456860568024009 for ; Sun, 05 Apr 2026 23:27:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=KIS0MUhu; spf=pass (domain: smile.fr, ip: 209.85.128.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-48897fd88ebso22428895e9.2 for ; Sun, 05 Apr 2026 23:27:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456859; x=1776061659; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=mHQ/4LWJhGkDYCDuIEIGCpAaK6+07wKzkT6vBVw3cXE=; b=KIS0MUhu/HccpeJC26QFd6yGN4A+GTSozdfpcizknTt5bUKbWRJ+dULTfhh6iDZwAe 473ZnAdmuP8EQxsfzCbRT625lOioNJmiOasCPrVg3cUBWSfsEGprWEHzOtmTfuDSeck+ hKFW7IF7t583L4/9JdIz+zWd9k+2xZlMbVAm8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456859; x=1776061659; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=mHQ/4LWJhGkDYCDuIEIGCpAaK6+07wKzkT6vBVw3cXE=; b=isyCDKFijKPC7f2/6jMRlRReZDayaWiWO8NAer7TD63v0XF6dpNc9hM5WkDG0BUMIN WFTpJTYLLpf0uc4gg/3W0/NdRdoEybS8ozulxJUbmRgc1fshXKY7I0BmQSglLWxtgF0f W7GJJSWmCUrt3K8YjTw6wPrLX9bgZCi0yRfaKoJAUSEWAq3MCHoAx3VU/IP1qA0cQ7wi Lm0Qruj3NyZoDBG1Oh0qabm0dbw4UR/LLCsTtcGoI1Li9+QMyXV7bikyHOKuTXUanZGu iB6/DeNYL955lEW4+gyRndhcZEHBkQ8FDzGatKRuqj+KuhQ/oG+nP7/1XTVHZz3lLbhD XEBQ== X-Gm-Message-State: AOJu0YyluenyvjtxjqXWpO+CP3RtpY91wSLPwKoG8xOin2LR9K0k5COc V2d2N0KiUchoaJIEIJpDdw1FPkouHe9We7m2GBb0A6eS6JdftC8EX55TFx2pF4Eii+QwAcS/vZE YIEgxoFE= X-Gm-Gg: AeBDiesAspqOtAEqxONPyz26KabkB24zjMfkXO7VMzaXm+Fl0I3XqBiw5BzAuO0BvPT gakhFy07xuDMhR9S9/mQnBaOZVPF5FOuBlnUYrHW0kwU0+vsc+rJsqqUBkh3qLEb3vrRqdU6i9x V4yVnyCsoo2NGgn//+qQVCnO5Xa2x22pTc6GEgA6Y6pxTPDctpiE79zdYtNrAEnBJo8Mfp6rSgn xIwIVzxYxGrT3VVstMlGX8hk5EpxOWnKYB6NiMX0dMZJIU/++W3Mv8uo9C7J6FI9gCdT9904GoN NaUAsfpuNw9aaztPWbIoGBm9g9hE4jk0gYYI2/YHgt9hJZEgbAzusAg9PHVO/24dLNviRk1bB2U i0zGOzRDXB5QDy/mtx9HmLWzQHArAbNT7SeHNwsP9d5cg0IQl8DWG8V2pddAcwN0Z26TRXd/M5k oDZFXpsUiPjqRJyFtVGPm7K9tHNhwtYK2m0i35R80Pj7ZOBe/0VH9ELnOfwTUGFMHjWRVabBjjm ifQY061MD3MQe+dXS6fZn4hfRI= X-Received: by 2002:a05:600c:5392:b0:486:fa9c:185 with SMTP id 5b1f17b1804b1-488997d69e4mr177729125e9.31.1775456858585; Sun, 05 Apr 2026 23:27:38 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:38 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 16/18] curl: patch CVE-2026-3783 Date: Mon, 6 Apr 2026 08:26:45 +0200 Message-ID: <73d357d83cc35803412e6a58f77d7bcefa2e11de.1775435063.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234662 From: Vijay Anusuri CVE-2026-3783-pre1.patch is dependency patch for CVE-2026-3783.patch cherry picked from upstream commit: https://github.com/curl/curl/commit/d7b970e46ba29a7e558e21d19f485977ffed6266 https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877 Reference: https://curl.se/docs/CVE-2026-3783.html Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2026-3783-pre1.patch | 66 ++++++++ .../curl/curl/CVE-2026-3783.patch | 157 ++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 2 + 3 files changed, 225 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783.patch diff --git a/meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch b/meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch new file mode 100644 index 00000000000..746e5d9ab6c --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch @@ -0,0 +1,66 @@ +From d7b970e46ba29a7e558e21d19f485977ffed6266 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 29 Apr 2022 22:56:47 +0200 +Subject: [PATCH] http: move Curl_allow_auth_to_host() + +It was mistakenly put within the CURL_DISABLE_HTTP_AUTH #ifdef + +Reported-by: Michael Olbrich +Fixes #8772 +Closes #8775 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/d7b970e46ba29a7e558e21d19f485977ffed6266] +CVE: CVE-2026-3783 #Dependency Patch +Signed-off-by: Vijay Anusuri +--- + lib/http.c | 30 +++++++++++++++--------------- + 1 file changed, 15 insertions(+), 15 deletions(-) + +diff --git a/lib/http.c b/lib/http.c +index 0d5c449bc72a..b215307dcaaa 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -651,6 +651,21 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data) + return result; + } + ++/* ++ * Curl_allow_auth_to_host() tells if authentication, cookies or other ++ * "sensitive data" can (still) be sent to this host. ++ */ ++bool Curl_allow_auth_to_host(struct Curl_easy *data) ++{ ++ struct connectdata *conn = data->conn; ++ return (!data->state.this_is_a_follow || ++ data->set.allow_auth_to_other_hosts || ++ (data->state.first_host && ++ strcasecompare(data->state.first_host, conn->host.name) && ++ (data->state.first_remote_port == conn->remote_port) && ++ (data->state.first_remote_protocol == conn->handler->protocol))); ++} ++ + #ifndef CURL_DISABLE_HTTP_AUTH + /* + * Output the correct authentication header depending on the auth type +@@ -775,21 +790,6 @@ output_auth_headers(struct Curl_easy *data, + return CURLE_OK; + } + +-/* +- * Curl_allow_auth_to_host() tells if authentication, cookies or other +- * "sensitive data" can (still) be sent to this host. +- */ +-bool Curl_allow_auth_to_host(struct Curl_easy *data) +-{ +- struct connectdata *conn = data->conn; +- return (!data->state.this_is_a_follow || +- data->set.allow_auth_to_other_hosts || +- (data->state.first_host && +- strcasecompare(data->state.first_host, conn->host.name) && +- (data->state.first_remote_port == conn->remote_port) && +- (data->state.first_remote_protocol == conn->handler->protocol))); +-} +- + /** + * Curl_http_output_auth() setups the authentication headers for the + * host/proxy and the correct authentication diff --git a/meta/recipes-support/curl/curl/CVE-2026-3783.patch b/meta/recipes-support/curl/curl/CVE-2026-3783.patch new file mode 100644 index 00000000000..769198d6883 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-3783.patch @@ -0,0 +1,157 @@ +From e3d7401a32a46516c9e5ee877e613e62ed35bddc Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 6 Mar 2026 23:13:07 +0100 +Subject: [PATCH] http: only send bearer if auth is allowed + +Verify with test 2006 + +Closes #20843 + +Curl_auth_allowed_to_host() function got renamed from +Curl_allow_auth_to_host() by the commit +https://github.com/curl/curl/commit/72652c0613d37ce18e99cca17a42887f12ad43da + +Current curl version 7.82.0 has function Curl_allow_auth_to_host() + +Upstream-Status: Backport [https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877] +CVE: CVE-2026-3783 +Signed-off-by: Vijay Anusuri +--- + lib/http.c | 1 + + tests/data/Makefile.inc | 2 +- + tests/data/test2006 | 98 +++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 100 insertions(+), 1 deletion(-) + create mode 100644 tests/data/test2006 + +diff --git a/lib/http.c b/lib/http.c +index 691091b..6acd537 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -757,6 +757,7 @@ output_auth_headers(struct Curl_easy *data, + if(authstatus->picked == CURLAUTH_BEARER) { + /* Bearer */ + if((!proxy && data->set.str[STRING_BEARER] && ++ Curl_allow_auth_to_host(data) && + !Curl_checkheaders(data, STRCONST("Authorization")))) { + auth = "Bearer"; + result = http_output_bearer(data); +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index ad41a5e..e641cb8 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -221,7 +221,7 @@ test1916 test1917 test1918 \ + \ + test1933 test1934 test1935 test1936 test1937 test1938 test1939 \ + \ +-test2000 test2001 test2002 test2003 test2004 \ ++test2000 test2001 test2002 test2003 test2004 test2006 \ + \ + test2023 \ + test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \ +diff --git a/tests/data/test2006 b/tests/data/test2006 +new file mode 100644 +index 0000000..200d30a +--- /dev/null ++++ b/tests/data/test2006 +@@ -0,0 +1,98 @@ ++ ++ ++ ++ ++netrc ++HTTP ++ ++ ++# Server-side ++ ++ ++HTTP/1.1 301 Follow this you fool ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 6 ++Connection: close ++Location: http://b.com/%TESTNUMBER0002 ++ ++-foo- ++ ++ ++ ++HTTP/1.1 200 OK ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 7 ++Connection: close ++ ++target ++ ++ ++ ++HTTP/1.1 301 Follow this you fool ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 6 ++Connection: close ++Location: http://b.com/%TESTNUMBER0002 ++ ++HTTP/1.1 200 OK ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 7 ++Connection: close ++ ++target ++ ++ ++ ++# Client-side ++ ++ ++http ++ ++ ++proxy ++ ++ ++.netrc default with redirect plus oauth2-bearer ++ ++ ++--netrc --netrc-file %LOGDIR/netrc%TESTNUMBER --oauth2-bearer SECRET_TOKEN -L -x http://%HOSTIP:%HTTPPORT/ http://a.com/ ++ ++ ++default login testuser password testpass ++ ++ ++ ++ ++ ++GET http://a.com/ HTTP/1.1 ++Host: a.com ++Authorization: Bearer SECRET_TOKEN ++User-Agent: curl/%VERSION ++Accept: */* ++Proxy-Connection: Keep-Alive ++ ++GET http://b.com/%TESTNUMBER0002 HTTP/1.1 ++Host: b.com ++User-Agent: curl/%VERSION ++Accept: */* ++Proxy-Connection: Keep-Alive ++ ++ ++ ++ +-- +2.25.1 + diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index 0e107f1e753..f50af1d4722 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -73,6 +73,8 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2025-14524.patch \ file://CVE-2026-1965-1.patch \ file://CVE-2026-1965-2.patch \ + file://CVE-2026-3783-pre1.patch \ + file://CVE-2026-3783.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Mon Apr 6 06:26:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85304 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61790EF4EAA for ; Mon, 6 Apr 2026 06:27:51 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.49608.1775456861062086700 for ; Sun, 05 Apr 2026 23:27:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=SODdkyGE; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-488a29e6110so15833295e9.3 for ; Sun, 05 Apr 2026 23:27:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456859; x=1776061659; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ImvltFtUT4cB6LZ4Yhh3fO4WvYNXpQvW2K3n+YAiVQk=; b=SODdkyGEAgnvcA4BWFmlUQFpKiBrxvw3uNpqesmXLjooqRycCejk1qBwlzZYIcbgnn 0MPri0Toy0EjC4IhCA207SUZJzNcoDryCleDx7Jt9uTt9SjjV+tyHq2MFJ6Bxdtk5IQD ZUqUKOldsW97+Sqnh1IG8tE5n9xjESwqXxGas= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456859; x=1776061659; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ImvltFtUT4cB6LZ4Yhh3fO4WvYNXpQvW2K3n+YAiVQk=; b=ZO6ZB7JPCIo1YZFITy80h7BqiGFEIcA4kbDwzB4MKX6Cv9ZrsCTzygSxyu05BtW73g tMHlurcbvB5OlVC3yRpHIpY3r5a4OQ+EhGV1sRkpvubFCRXpKCPSx7U1QQGgCOmrZLZh 70SjfKvHIq6xQ+tzSYis3dVuptMRF3EaDdEF1cgfNAtKUlLbfI5vamPNRVvPg3bIa2TA gmfyVde4nJ7bGjHnyGkqBg9jwbUXqVDLJYsSFPvSjVYa1rXia4/Mww1tvxAD9SgVaxvx 7PrXkq2PXIDnqG8WzN4LIQKfttgnnNZbzk4Hf2aQjBv3LJf7CpwyygwfUivWxa02gqMF tLIQ== X-Gm-Message-State: AOJu0YyGZC6xZHLYgelIGDYFI0h11eRJkp39PAFud3GLJZhmQzMlgljf JAkLQ0DJ69ZNoLIxDJqXUMczLV2ZjAGPisDhMF3kzXyAO7MWYDnFwKPimlbk7wH3D/cJmTR7HLE aYW+SkKw= X-Gm-Gg: AeBDietOOUHBmeWMR7xN50PnAcMBxNZgCRvCx5xcAJwnQear0mZNOGXB2zcKi9ADYB2 q3XFXTn38LP3xurq0tUcPICki9wmfHrq5TK+6n0QFF4JNlevs4uM94ZRIQ3eUykn9uNfT3ZCqzo q0W+wA3tdVCRfb6+FN5Z3C9ZlBEwO/UIY5/YY0BaYeOpUcyFvltCyCR4PYw7N5s3R6BsJZG/eC9 ZXGKrZktmQmKqjOsjA8l6z6TxyoF06R7NoU1chNQ3MfiSyIr2CGVUVimOya3FG3grK0zpIhy47w 66/+Mtr4BxIUjNrFFKMLKR72cC8yOJE8hGQmKJHC0YbFeCQY6NV0SE6J2gyVECXT8rrflz426UR sGeiGoUJKCLl7NiMegle119e9edgq029faLVLyWeAjSz0JAJKKrNfYuoz/u9mQWOsm3B6CHVZey h2pPZ9vmzb/l3jMDixgf5OB5hAkDfQbQmL9VGaHUBg0YK/10KldHkrJyL1cTE/FFH2GsyLGazv9 UDM6/164r+c6a78sxnmfCUHL/GtfjmhbN2Xxw== X-Received: by 2002:a05:600c:3f0a:b0:487:2439:b7c8 with SMTP id 5b1f17b1804b1-488996a206dmr182387605e9.1.1775456859164; Sun, 05 Apr 2026 23:27:39 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:38 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 17/18] curl: patch CVE-2026-3784 Date: Mon, 6 Apr 2026 08:26:46 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234663 From: Vijay Anusuri pick patch from ubuntu per [1] [1] https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz [2] https://ubuntu.com/security/CVE-2026-3784 [3] https://curl.se/docs/CVE-2026-3784.html Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2026-3784.patch | 73 +++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 74 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3784.patch diff --git a/meta/recipes-support/curl/curl/CVE-2026-3784.patch b/meta/recipes-support/curl/curl/CVE-2026-3784.patch new file mode 100644 index 00000000000..95784e47637 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-3784.patch @@ -0,0 +1,73 @@ +From 5f13a7645e565c5c1a06f3ef86e97afb856fb364 Mon Sep 17 00:00:00 2001 +From: Stefan Eissing +Date: Fri, 6 Mar 2026 14:54:09 +0100 +Subject: [PATCH] proxy-auth: additional tests + +Also eliminate the special handling for socks proxy match. + +Closes #20837 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/5f13a7645e565c5c1a06f3] +Backported by Ubuntu team https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz + +CVE: CVE-2026-3784 +Signed-off-by: Vijay Anusuri +--- + lib/url.c | 28 +++++++--------------------- + tests/http/test_13_proxy_auth.py | 20 ++++++++++++++++++++ + tests/http/testenv/curl.py | 18 +++++++++++++++--- + 3 files changed, 42 insertions(+), 24 deletions(-) + +--- a/lib/url.c ++++ b/lib/url.c +@@ -930,33 +930,15 @@ proxy_info_matches(const struct proxy_in + { + if((data->proxytype == needle->proxytype) && + (data->port == needle->port) && +- Curl_safe_strcasecompare(data->host.name, needle->host.name)) +- return TRUE; ++ curl_strequal(data->host.name, needle->host.name)) { + ++ if(Curl_timestrcmp(data->user, needle->user) || ++ Curl_timestrcmp(data->passwd, needle->passwd)) ++ return FALSE; ++ return TRUE; ++ } + return FALSE; + } +- +-static bool +-socks_proxy_info_matches(const struct proxy_info *data, +- const struct proxy_info *needle) +-{ +- if(!proxy_info_matches(data, needle)) +- return FALSE; +- +- /* the user information is case-sensitive +- or at least it is not defined as case-insensitive +- see https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.1 */ +- +- /* curl_strequal does a case insentive comparison, so do not use it here! */ +- if(Curl_timestrcmp(data->user, needle->user) || +- Curl_timestrcmp(data->passwd, needle->passwd)) +- return FALSE; +- return TRUE; +-} +-#else +-/* disabled, won't get called */ +-#define proxy_info_matches(x,y) FALSE +-#define socks_proxy_info_matches(x,y) FALSE + #endif + + /* A connection has to have been idle for a shorter time than 'maxage_conn' +@@ -1282,8 +1264,8 @@ ConnectionExists(struct Curl_easy *data, + continue; + + if(needle->bits.socksproxy && +- !socks_proxy_info_matches(&needle->socks_proxy, +- &check->socks_proxy)) ++ !proxy_info_matches(&needle->socks_proxy, ++ &check->socks_proxy)) + continue; + #endif + if(needle->bits.conn_to_host != check->bits.conn_to_host) diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index f50af1d4722..a2ee5736810 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -75,6 +75,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2026-1965-2.patch \ file://CVE-2026-3783-pre1.patch \ file://CVE-2026-3783.patch \ + file://CVE-2026-3784.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Mon Apr 6 06:26:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85303 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 520A4EF4EA6 for ; Mon, 6 Apr 2026 06:27:51 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.49558.1775456861567975193 for ; Sun, 05 Apr 2026 23:27:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=l9qb4qmN; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-4887f49ec5aso51480705e9.1 for ; Sun, 05 Apr 2026 23:27:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775456860; x=1776061660; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=E7WGJo+r4HFWOocOezDDbAgVUcH9E73x0W7UiWaboFc=; b=l9qb4qmN+c+5rFHiZDdkK+Mb7L5p7CCi5Emqm2FX7BSOu0is9hupaL5cR3CDB7/aMD 1SUNlA3zmYadWoBsYWmEpjLWobvYUkOuLB4gGwWFlfoM3JF9tr8ilQ0CuOFNI+jvyC6/ ILLhQTo0xbHFrGhp2Pnom6fUsW3mtf7IrEQtg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775456860; x=1776061660; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=E7WGJo+r4HFWOocOezDDbAgVUcH9E73x0W7UiWaboFc=; b=ZiMD5AXLa7BKE8z5oweUhFm8TvmSI1/0aJLujzOVat+mpUjU3Nm5DQ4kUsF5yzE+We 1yf39G/RJT937obNqplKqEr6p5CLYyl13Gzfe0zeqsAlqzco8N7Hjk01P543mzzioUud oHdTogdBbbO4X7+gIhHkUwaQH/f2oXXgcUIxNclVFYvnEtHJtBeM8Ni+ypcm20hpnPBc MEkDq+77Sj308ZOP66jNleYDtMTjk/5XUYoPL5nyQGap7YZmJz8F4uf+WXBNFJY0L7fh XS3q30HjQ4HhPvi3Bqe+W+JtA7LoXlKyALGGhRP/MAt5eF4G/wxdOofZY04IY5PtGjqw WXOA== X-Gm-Message-State: AOJu0YzKf4fj2BuXlwCWIdUsEDbWRhkYbMPf35b+wF2IJzYTyvMS+WsI 50rUcFc6xt9OfRb70jJXWVhGpEK1Jrff1u1uU5d5MbzqrgRchdQi3xlL12+SqCsXrf0J9yL6lYE rB0xK60I= X-Gm-Gg: AeBDieuuHpbzpWzlV3UBuO24hAwGmopX9abI3IJ8sUVfsFFtzuCZ2S6sj58iYajHCfb qMG4e0FrvuyOkdGh/dsitHKnsm536Z1R3Uhup42KEmtuPTkc/xND07mnuQhVEpbBHtPfTsWo8hu /l5xhfVqYFaS0nxU4FQTR5hCwBQKycVnAgWt+h4hQhvlM9tCkQkjOzDnM6Uz7BtePogVq9WdCRH 5c307VF9DAwNN5MRYi3/VnkEFjTh8xc4V/uybJ5vf59QmB9p8G5ZnFy/crYOPsYCyPJCICmp+Ri HkyYeEci01Rnpsbz/8KpQQu5+WvN6nON1/ShTtLSwc2nyW7eShRilhyR64XAfuzG0xqQVV5FUeA SiWMStMvL81esXDP0ZAOQDAcQCgStyOrDCrLDDZqvbBwrdsphSp/iyRNGvq8PoRzt5PruzeypW2 OGNvizRRsdRcrbUR9TDEkWATqxy9XL6lPclO9qVypT9vGf1iAkxXZZtO50CSMcaRg2aN9wOGn5J +g/OzMTQpR/Fes1h8dJkyuSz9I= X-Received: by 2002:a05:600c:3492:b0:488:b14f:b8ed with SMTP id 5b1f17b1804b1-488b14fb9e4mr37247295e9.0.1775456859666; Sun, 05 Apr 2026 23:27:39 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48899eab0f7sm84273785e9.29.2026.04.05.23.27.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2026 23:27:39 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 18/18] scripts/install-buildtools: Update to 4.0.34 Date: Mon, 6 Apr 2026 08:26:47 +0200 Message-ID: <38444a1a8eb2575e2ad273a922d9793e10c3858c.1775435063.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 06:27:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234664 From: Yoann Congal Update to the 4.0.34 release of the 4.0 series for buildtools Signed-off-by: Yoann Congal --- scripts/install-buildtools | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install-buildtools b/scripts/install-buildtools index 6a1762c14b3..8754f2d773e 100755 --- a/scripts/install-buildtools +++ b/scripts/install-buildtools @@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout) DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools') DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto' -DEFAULT_RELEASE = 'yocto-4.0.33' -DEFAULT_INSTALLER_VERSION = '4.0.33' +DEFAULT_RELEASE = 'yocto-4.0.34' +DEFAULT_INSTALLER_VERSION = '4.0.34' DEFAULT_BUILDDATE = '202110XX' # Python version sanity check