From patchwork Mon Apr 6 12:03:08 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 85317 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0DE1EF4ED5 for ; Mon, 6 Apr 2026 12:03:25 +0000 (UTC) Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.53472.1775477004607803589 for ; Mon, 06 Apr 2026 05:03:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=Z4frEofh; spf=pass (domain: gmail.com, ip: 209.85.221.46, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-43cf5ad500fso3367487f8f.0 for ; Mon, 06 Apr 2026 05:03:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775477003; x=1776081803; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=DDi8Tp+xmMM6uFm9baiHHPXShDnVPvcfuJkdwGk60Ow=; b=Z4frEofhIQ+0bn9jYluZOn4IhH6SZO05gED//cmlYUnEKItG3fOd1CxuJPn/Jybvx5 ekdno5yT2WpHvC5x83ppLuqKlaOXKOSdyCzllDxZpxD9K0i11mTBuOsPkifKGs1Jo/// rz+52xuQTi/E4/DMkyKjCqdBtSfP2rQPEH+7e/xVhPmr41x9+5xcYKDuvtVccuD5EjYq dK8oleHVBkXyA9DqA8c8u+5y7mQC4HAnmK3ShfA2H9FxiPPGeoctx+1EVWF2gqAEVVkr Wg9sY0sC7OafRRTr8q9A8LecQUeYapxk+if4Kqnl/0we7anXFI2UrHCjS2jo9sjuMi/t 84JA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775477003; x=1776081803; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=DDi8Tp+xmMM6uFm9baiHHPXShDnVPvcfuJkdwGk60Ow=; b=hOreiyDnunt9lF0O9Uylc1iNQL7SkO6EaopnzTm4Ytq/kgn/7lVpkG6CMDfJn81ADQ NgKrqWX0omlNmnhS/HOqO4eyUEW/F9mr/xcve1Nm1sFDbK/lSTHUebH35yPyKnj2zZmZ 5pdB5S+NUlFM+BGt2MkiTmhXWznSh7fdVGbpgTFpwUKNDWg0ZyTL45AUc82nb8DjP9d/ L42ko5L6TvsvTw5WliD7rSPJEdZ/qRylXBx4epDGzkrIG41iWVjuZd98XZ+vtUwDAYY8 Rlx0hP2ASwpNrI8XWcs9OfVRUx7jRK0hh8B2aJ8GuHo3/jpjc053mxoV57v34JMyl/Z6 1MkA== X-Gm-Message-State: AOJu0YzZArxPYpPVUXof7K12O3f+qkD8BmzYJN6oDSyfoJ4w6JeiNGuB 9lieOYuwZNGVrS2b1DDTLt2hKb4eJKAfmz0/wKDuKLayb4xkO4hevHBM5KYckA== X-Gm-Gg: AeBDieutWqS2MjdW7xQj42Z5l03RTuz3Wd4/jC7cNhpi0b8ffycvM5GJjtTXNxeR1PS VR8bMlg6b6sHnMJ4vqFq2RAEpbLdw8ePnnv83N9tAjvv8nHMmoR12naMS/vgu17IS6sJGJsoaId TnWQfy4Sc2DAFa1BhiMt7LKxA0AXbQ7lEdrkirQvgfdaKdDYtjyMjPLGgNUoB1eHEWdt5f870LP vtn4e7+8qf63WRjm0LPJ+TidTbvV7kv//yrB9Ps34ZZjeO4IvGDitPoI2ADd+X37hd7jH3ZBK85 RrCSaDmMWBd/oLiNq/jzvpUhRZ1DT+pdKT18g4WkT6S2cIuYrBenwTQIpkxijmN1PV/hvmyPxj/ xP/JaCeislJaqOb3q6o/N+o2YOvPK9CS4N9MKoXROOPd7k466anlDvbXVZ71EZQbmEHGFcTfH0y DOnPEGDF6MY1nZRx8CakF4 X-Received: by 2002:a05:6000:230c:b0:43d:2581:3053 with SMTP id ffacd0b85a97d-43d292ff9c6mr17118563f8f.45.1775477002601; Mon, 06 Apr 2026 05:03:22 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43d1e4f843dsm38673310f8f.37.2026.04.06.05.03.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Apr 2026 05:03:20 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 1/7] botan: upgrade 3.11.0 -> 3.11.1 Date: Mon, 6 Apr 2026 14:03:08 +0200 Message-ID: <20260406120314.3514982-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 12:03:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126038 Contains fixes for CVE-2026-35580 and CVE-2026-35582 Changelog: https://botan.randombit.net/news.html#version-3-11-1-2026-03-31 -CVE-2026-35580: Resolve certificate verification bypass bug introduced in 3.11.0 -CVE-2026-35582: Resolve TLS 1.3 client authentication bypass -Add optimized Argon2 implementation using AVX512 -Add optimized and constant-time Twofish implementation using AVX512/GFNI -Add optimized and constant-time SEED implementation using AVX512/GFNI -Add optimized and constant-time Whirlpool implementations using AVX2 and AVX512 -Add SSSE3/NEON and AVX2 optimized codepaths for CTR -Add constant time implementations of Camellia, ARIA, SEED and SM4 using AES-NI or ARMv8 AES instructions to implement sbox lookups -Improve performance of the AVX512 implementation of SHA-512 especially for Clang -Optimizations for the IDEA modular multiplication -Fix various minor TLS conformance issues flagged by TLS-Anvil -Fix bug in Ed25519 where an invalid signature checked with PK_Verifier might cause a later valid signature to be rejected. -Fix a bug in handling of ECDSA DER-encode signatures where an invalid signature checked with PK_Verifier might cause a later valid signature to be rejected. -Fix a problem introduced in 3.11.0 which could cause crashes on processors without SSSE3 support, particularly when compiled by GCC. -Fix various new warnings from clang-tidy 22 -Fix a compilation error introduced in 3.11.0 which prevented using ffi unless bcrypt was also enabled. -Avoid a macro collision with Microsoft headers that could cause a compilation problem in amalgamation mode. -Enable explicit_bzero, getentropy, getrandom on Hurd Signed-off-by: Gyorgy Sarvari --- .../recipes-crypto/botan/{botan_3.11.0.bb => botan_3.11.1.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-crypto/botan/{botan_3.11.0.bb => botan_3.11.1.bb} (95%) diff --git a/meta-oe/recipes-crypto/botan/botan_3.11.0.bb b/meta-oe/recipes-crypto/botan/botan_3.11.1.bb similarity index 95% rename from meta-oe/recipes-crypto/botan/botan_3.11.0.bb rename to meta-oe/recipes-crypto/botan/botan_3.11.1.bb index e60d826459..d3d0498ec6 100644 --- a/meta-oe/recipes-crypto/botan/botan_3.11.0.bb +++ b/meta-oe/recipes-crypto/botan/botan_3.11.1.bb @@ -6,7 +6,7 @@ SECTION = "libs" SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz \ file://run-ptest" -SRC_URI[sha256sum] = "e8dd48556818da2c03a9a30932ad05db9e50b12fec90809301ecc64ea51bd11e" +SRC_URI[sha256sum] = "c1cd7152519f4188591fa4f6ddeb116bc1004491f5f3c58aa99b00582eb8a137" S = "${UNPACKDIR}/Botan-${PV}" From patchwork Mon Apr 6 12:03:09 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 85318 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F27E1EF4ED8 for ; Mon, 6 Apr 2026 12:03:35 +0000 (UTC) Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.53488.1775477005934921154 for ; Mon, 06 Apr 2026 05:03:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=DPG5N6Dp; spf=pass (domain: gmail.com, ip: 209.85.221.53, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-43d01d6b50cso3615279f8f.1 for ; Mon, 06 Apr 2026 05:03:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775477004; x=1776081804; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zX6Mh8rP142dxfSLAli2/Cvn+RqCIeLcBy1IMsocQc8=; b=DPG5N6DpPqwscz68A89Id3hULGWXOAMqfECZcKr4ve+v6GEgdICUfcOk9H9uE4LV4n nhZ1QukMYIfByHft1ubVoYxa51CjyOdFRJnIDQ4IUXj5q8SZtIPfdvOT/Q8gNHTdKkTN vMNj3rT6/chjJqZRPBdXhyoZallkYHNVD2/oncmn0E7p97fzIYFs54DHbKi7Lxi8dHUe flcFWbdrbo/lSBhrSE6K+84e9IbPmMcuDAFmdda3T4sit+I7NHwJDqiFh7aPccOBd3Mr c9TnjELw/L6qJZUmJ8nBq85r8v1wK19p0m6tINo8ZoalBFqGcdoEG4oihw8QF/Yagwin xKxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775477004; x=1776081804; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=zX6Mh8rP142dxfSLAli2/Cvn+RqCIeLcBy1IMsocQc8=; b=tDmYQhOBrMBNKgDYFCXW9Ol5qBFGT1MiCLC4yPvAQKtVrOiBcUHiqqUN5obhMA9g5A XhpfbtGEl6l8Oqq5a/8rnR6KSXsyPHUNWj/dhuUj8gqeolShxft8evND0XzPB/fy2AQk 2DVw0gTC7feyIn/ayWXmr9UIGMJ/E/kkRU9OzRf34L343y6h7y766HxKr7gUh/5tDjRg gKSnI5FNASzfF+NqNpnOLr6rytiRT4sOcFZyLh+nwZDG5Zz45SBjwAe6g5WmYDn03xVc esThFgRuNOLlypdUzyWRTqPRX51aj5QocITw6IpgSyP4zrLrBgro/qRHl5OJJbCfCjfc DiRQ== X-Gm-Message-State: AOJu0YzdM37p0K5b7GNcKtfsp0BYuG7Ve/2g80eRQDtnLTwx/IhMp64g Q3Gn/AnidqJcj7WYzTQHHcRJAPCd/o7Hp2BXr1U0b7M+04NrCc0gmaZ24Z9VRQ== X-Gm-Gg: AeBDiesAu1G3LG41I9n/i3KJbU3jyEyy9cC2RzbuOsmpZsPG2O4z7RiShQLbji0E2Nw rZuxmCqG5gUg8G6DVPW/jMK9cm5DOQNewVghTLo5gPEeCxeYC/rTIpvyk71GXVQQdKDm63PtzqU itG9Gpi87vULoTf2FUGHS+tRU+jtXfZb0L9re2pL4MojJq5/7mSDZWh6Xq3XJ8wmsHeKgtcu7xr 5w7TEnKbYTvupynerEJjXB1nfqzpL6/O4nB0bnmyQNTJRU22bM5cF37zR98G95cdwkzWbZx5VnB zzXfHLiIia6o0mSimayuEN6yPxBX7vYILzG0APUGSJg74hSOb9YNW2KGMzfRIZA+q9W7aAPI010 Tg9fuF38172mA56Smx+kktjLs9AtQ4+H37kK0klQGXjfkBpN6LPt1ljreDxJA07ocnZqmPDZVxH WPyQ68sodLuSbwZrD4/1c6 X-Received: by 2002:a05:6000:250e:b0:43b:998c:9bbe with SMTP id ffacd0b85a97d-43d2927bc12mr18707061f8f.13.1775477004085; Mon, 06 Apr 2026 05:03:24 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43d1e4f843dsm38673310f8f.37.2026.04.06.05.03.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Apr 2026 05:03:23 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 2/7] botan: mark CVE-2026-32877 and CVE-2026-32883 patched Date: Mon, 6 Apr 2026 14:03:09 +0200 Message-ID: <20260406120314.3514982-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260406120314.3514982-1-skandigraun@gmail.com> References: <20260406120314.3514982-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 12:03:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126039 Both CVEs were fixed in version 3.11.0, however NVD tracks them without version/CPE info. Relevant commits: CVE-2026-32877: https://github.com/randombit/botan/commit/798a332e11949afa8b004564bb9031e66c1a4d13 CVE-2026-32883: https://github.com/randombit/botan/commit/6ecc62a4e36937d036df8c8eda6a85708abb8c37 Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-crypto/botan/botan_3.11.1.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-oe/recipes-crypto/botan/botan_3.11.1.bb b/meta-oe/recipes-crypto/botan/botan_3.11.1.bb index d3d0498ec6..2d6b64ad64 100644 --- a/meta-oe/recipes-crypto/botan/botan_3.11.1.bb +++ b/meta-oe/recipes-crypto/botan/botan_3.11.1.bb @@ -65,3 +65,6 @@ FILES:${PN}-test = "${bindir}/botan-test ${datadir}/${PN}/tests/data" COMPATIBLE_HOST:riscv32 = "null" BBCLASSEXTEND = "native nativesdk" + +CVE_STATUS[CVE-2026-32877] = "fixed-version: fixed since 3.11.0" +CVE_STATUS[CVE-2026-32883] = "fixed-version: fixed since 3.11.0" From patchwork Mon Apr 6 12:03:10 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 85323 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DDD4E64016 for ; Mon, 6 Apr 2026 12:03:36 +0000 (UTC) Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.53473.1775477006646186714 for ; Mon, 06 Apr 2026 05:03:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=gDFf/SSR; spf=pass (domain: gmail.com, ip: 209.85.221.46, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-43cf7683a28so2232614f8f.2 for ; Mon, 06 Apr 2026 05:03:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775477005; x=1776081805; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OJywD/00p/DmhU3CbmDOvJMiCh+e7LeMdm1zQF34lA0=; b=gDFf/SSR6We4k759piaYlC40ioowE0zox8EVurkp87+sZOMuZCFxCk1uK6IgttNCqx MCc/I84itAfRXe5km+zB73KFXJ7JNN6ro7DuxjOtchij3rwt+qXgj7XxiSQjsv/RyIK4 sbM23y+CIK4G9KEDZ4X6zrCVajI5QOctm39CB2FC6KtrfrACro+kBj0npBJIoq9eDBvM oyBcl5pLL9212RZRTLG+QFmyOIByAOOXVRgUYPVGztURjYsBa8kAbF3M6dE4cahB0Gox 1tKK0M96BoMIIzuCwURx/jpDSY8URPNvojpHE+qNWltou7zVgUoQU14SZpvYd3ke+1Ja 9xrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775477005; x=1776081805; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=OJywD/00p/DmhU3CbmDOvJMiCh+e7LeMdm1zQF34lA0=; b=avfyesQQIzzEI9XYRnhoyJcUi6Oav74UNE63sE9H7xTVAUCXP8WelNYByWZiAIdLeT 5lozoz0+DJUET9zG04cdCw6JoAwA8sZ7UvLCJ4Vxt4uQ86Acio7Vh8CvIHA2EeC9HXMJ l4pmZx1ofAsJdmQR34T6mCaaEMNHtYkmaO5xlNrkGHOyfnuFOFf0NvAbIEIchZOwfSMG U8h+aDom+Lmi8oJH8jZlHb7RoV5qpGV8hsTRTqSGr1iNzQfq0M+72B4SwLrlZiS3JEci 01kpVvmDcMRRBTywzyXgW5pEDST/khWvSSSwu7HWnzY6uTNQV+xbvj5IeuAmLVRRjWKx m64g== X-Gm-Message-State: AOJu0YzHRZUJ7QnwMgwFP1GjzUQjHwbvGYAiui3zYhwcC2SHITDirG62 AQaqTcwacd4WnEz84LX6tCNmtM82IrD1WWT839VrejS+8ECVhgZah8ZVde9t6w== X-Gm-Gg: AeBDiev+vjYcMVyegdXxt9PVRk9bkCBaeLjsQzIjJXrnoqnTu9ecHR2ln6Pb5tZ9YT8 45rh3RF1YwUWDhQhCdr1kq8RPYiJBo3fraKHAHRo3H/+sByxTKQlvdeaidKdP4yfLK02onY3n/r IWNX8FrrIJaYvrEDSCGMyOIQKpYQGlL2yOcOqnO0LYan7XEbzo0XAvwU7PhxuS48QQgB9TuMHSK rkNOeK4pn3vWmhM7TacKVvbKCr2qoUGbWc+9oJ3gwurDTf6YQYJy1AGc41j9nhcgjgxfKaOjKsa 5BWoSAM2JFmG+o1n/ovhPlMfTkUHZe1btLKAKnWqdStuTvWO8k/ewpkyFzPYYd1dp5fLgz8a88B CbbJQTSdmTOhuRwDmVU6xX7z4IPIor818apaCvt/mwDXre0Saxo0zivfvSZXhhKIGCh3dSAALqz JiA1d7JI7D0g4sOaZ+L2td X-Received: by 2002:a05:6000:420c:b0:43d:1cec:4767 with SMTP id ffacd0b85a97d-43d292da9fbmr18365449f8f.36.1775477004858; Mon, 06 Apr 2026 05:03:24 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43d1e4f843dsm38673310f8f.37.2026.04.06.05.03.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Apr 2026 05:03:24 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-networking][PATCH 3/7] dovecot: ignore already fixed CVEs Date: Mon, 6 Apr 2026 14:03:10 +0200 Message-ID: <20260406120314.3514982-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260406120314.3514982-1-skandigraun@gmail.com> References: <20260406120314.3514982-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 12:03:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126040 The following CVEs are fixed in the current version already, however they are tracked without version info. Upstream has confirmed[1] that these vulnerabilities are fixed, and Debian has also identified the relevant commits: CVE-2025-30189: https://security-tracker.debian.org/tracker/CVE-2025-30189 CVE-2026-0394: https://security-tracker.debian.org/tracker/CVE-2026-0394 CVE-2026-24031: https://security-tracker.debian.org/tracker/CVE-2026-24031 CVE-2026-27855: https://security-tracker.debian.org/tracker/CVE-2026-27855 CVE-2026-27860: https://security-tracker.debian.org/tracker/CVE-2026-27860 [1]: https://seclists.org/fulldisclosure/2026/Mar/13 Signed-off-by: Gyorgy Sarvari --- meta-networking/recipes-support/dovecot/dovecot_2.4.3.bb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta-networking/recipes-support/dovecot/dovecot_2.4.3.bb b/meta-networking/recipes-support/dovecot/dovecot_2.4.3.bb index a8930979ea..10ca595029 100644 --- a/meta-networking/recipes-support/dovecot/dovecot_2.4.3.bb +++ b/meta-networking/recipes-support/dovecot/dovecot_2.4.3.bb @@ -81,3 +81,8 @@ FILES:${PN}-dev += "${libdir}/dovecot/libdovecot*.so" FILES:${PN}-dbg += "${libdir}/dovecot/*/.debug" CVE_STATUS[CVE-2016-4983] = "not-applicable-platform: Affects only postinstall script on specific distribution." +CVE_STATUS[CVE-2025-59031] = "fixed-version: fixed since v2.4.2" +CVE_STATUS[CVE-2026-0394] = "fixed-version: fixed since v2.4.1" +CVE_STATUS[CVE-2026-24031] = "fixed-version: fixed since v2.4.3" +CVE_STATUS[CVE-2026-27855] = "fixed-version: fixed since v2.4.3" +CVE_STATUS[CVE-2026-27860] = "fixed-version: fixed since v2.4.3" From patchwork Mon Apr 6 12:03:11 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 85320 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1EE1BEF4EDC for ; Mon, 6 Apr 2026 12:03:36 +0000 (UTC) Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.53489.1775477007266028460 for ; Mon, 06 Apr 2026 05:03:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=IFzWqNZw; spf=pass (domain: gmail.com, ip: 209.85.221.46, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-43b9d3ebed5so3467427f8f.1 for ; Mon, 06 Apr 2026 05:03:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775477006; x=1776081806; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Doa4N3qrJ/SBJ6VTfTmUzxo+p/ZmxoOzheOvZtGMKUA=; b=IFzWqNZwTMakJhRgF+rmZQF1Ab5wiTWkVKsAjJUrwicBGil1FXspSeAQcyxUBwpviz d+vrJmjDBFYfNSj4fJwuF+qR4EICV2eMa7qEpIqMZ26HvOuIM2crj0YBQ5mTkSj+wdlm HCxCVHWZQ5Intq21pWTDZgrqYDC386CUvaaASLjiQhu0XPmi0GhKtu8tGOAkW9pdExi0 Bww5Kpd/d5Ri9i849wdnZGSGySZIjHAQ844hdi3GuFH9zT2FXPvveaAosDPceoZT4EVb ADCq4qFFcaUewvAi2KeKBYT37pWiWaNl1/pdekEhj+pTFIjNshWWxsCcU1GMFINW4DNr F7Hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775477006; x=1776081806; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Doa4N3qrJ/SBJ6VTfTmUzxo+p/ZmxoOzheOvZtGMKUA=; b=d8QU0TGLp0w7qTmTllHaO7urjm0AVkaxbSKGR8mHqZrW0hkP3msf4J5/jw/VLtnK6F oh9w5iEnICI5a6ZLQwoU5SL7HAyg1VMP7M6JyN8IzA0iRx4z+frpIxH9Wq1lHtQ7NbW3 nPgbKz8gtYpOfqjb9TiRU8Q9lxT4X4XcKxgP5WgsSHfRC0lkYLJTHW0ledOap7bIOEBV MUrs6YOAg8Ph0Sd6oNlhpkBt4QnFCtxxOynkxtA77E8zxGehPHu7YdFEs5tLQTs9igp0 MTdw5YY4yZJeO1XoHmuZKTRWHEzEUro15pbDdacHddASs3kFk/gvaN4J8TU5dnHNCMFd 33dA== X-Gm-Message-State: AOJu0YzmdLn4PM75i1fUJJkA4ZcOUQaqXVy0hyR7tfFxgAdHuhioQtlU CGKtvcZaSLa6F+A89SSPh4cIdRPR6fwSAY7sEWG+GwCo8qvJmyKnx+gIbK4sZQ== X-Gm-Gg: AeBDiesuTVW6ghvuZXjlVyVQYnOBIpBfUb4m0hUXeXv1hbVDZAGVoxO+d5EyO3JecGP s4kFmgDcdFYExfgsMgwQIf2kBdVD0E+Aztd17kdUnyYjJ4hckPL2nYGZZ+COEmiTpFa59BJytO2 A9ZpsAOrjxPnGLHhgjRL1tSimhz9bjMzgGoXTBK0Ua5GJ1tMwBnTmxw2YxgTgvMe/uMXNXadqaY Rg7y2kD2E1tGvna7BVCR+SfrYEFh+HFEeiONg+Q8aKfkwF4rjT0yzuLTytOE2z49z3VGr4Rf6NO eHlU3u+cP+RKiNCaab6x4Sr0GZRtWSyBZVWk72s36zZbkzHVYoW5tQUmkSAxhy0IEvqH7ybh+RH sd8IFeeV4cazepXHuvpRGv342RiansTcuEXUGZm4AFJM0Jz6hgn+Tz/YlYKUXA8t6mlUMlktsOU zd2czSdtojXDot+r3nB7uipEl/FsR9bMM= X-Received: by 2002:a05:6000:40da:b0:439:bd70:610f with SMTP id ffacd0b85a97d-43d292ecc9amr17260683f8f.44.1775477005489; Mon, 06 Apr 2026 05:03:25 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43d1e4f843dsm38673310f8f.37.2026.04.06.05.03.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Apr 2026 05:03:25 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 4/7] freeipmi: mark CVE-2026-33554 patched Date: Mon, 6 Apr 2026 14:03:11 +0200 Message-ID: <20260406120314.3514982-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260406120314.3514982-1-skandigraun@gmail.com> References: <20260406120314.3514982-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 12:03:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126041 The CVE is tracked by NVD without version info. It's description confirms that it is fixed in version 1.6.17. Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-support/freeipmi/freeipmi_1.6.17.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-oe/recipes-support/freeipmi/freeipmi_1.6.17.bb b/meta-oe/recipes-support/freeipmi/freeipmi_1.6.17.bb index 50a1877c0e..7970e0f563 100644 --- a/meta-oe/recipes-support/freeipmi/freeipmi_1.6.17.bb +++ b/meta-oe/recipes-support/freeipmi/freeipmi_1.6.17.bb @@ -23,3 +23,4 @@ inherit pkgconfig autotools EXTRA_OECONF = "--without-random-device" +CVE_STATUS[CVE-2026-33554] = "fixed-version: fixed since 1.6.17" From patchwork Mon Apr 6 12:03:12 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 85321 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F147EF4EDA for ; Mon, 6 Apr 2026 12:03:36 +0000 (UTC) Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.53490.1775477008001255010 for ; Mon, 06 Apr 2026 05:03:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=VktQvMyB; spf=pass (domain: gmail.com, ip: 209.85.221.44, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-43cfac48bc7so2048960f8f.0 for ; Mon, 06 Apr 2026 05:03:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775477006; x=1776081806; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WwaagKKHEUGO2q2Oj1LzDdVGw49Eo+7X0uKtnMbjosw=; b=VktQvMyBQYkKmjXoto9v/LIe7iizuFtglq2tVcz/w7VSgfxrg+psol7MAfwZJyH+zl oF8IL85lhrNdfxy6sq7wfs8S8/paCIqbwZ5RY2ohosmMDWiBg2TJfcJciA/JeCScjAI4 ty2DYd58UclJAqdMSMFxjdFiKYiIYDWGSESRoHoZEPddkSnPxILbGKcD0gtQT6gM6Dyg gqypSRv2ijh6UZwS1z5KA7lRKvXu1uC5yJImMms34aRBlqqRLUfMyLa6qlfqAJsTfPmj t9bes8uk3ldcVvyLkeprjLMAOLegBsUHfuS+wT74AzJz8stm2SzI8K0DSIkZfAWRsbNw P2oA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775477006; x=1776081806; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=WwaagKKHEUGO2q2Oj1LzDdVGw49Eo+7X0uKtnMbjosw=; b=UyHw6P8o1JvdDhBoN51YHPKzcbUsTW7zBs/tXTbTEL0iHtrpRHN1oKZ5j7RNX46Fg9 nsU+N64BXOqmBVW1IRcA75zlmCgpWZZqmWYs8y8fF8vvQaRsitSocUdr7qcRELK5PcvH HkOC/eov0hsyy+ThiHya3/FJtwn75oA6OWcvZrpeQXifnQxyfkEiDlmMsGmTi86cvltG ZrAX0AKMH/e1kUwqi4UxMVAMnKBx7Ijfv0DLw9LwYOkzpxPrtRM61loJK4HgT5Jr0wcJ GGckLTCHJoUXZi42h/ihVs8NFRYl2Znqampsg0lD+zlK7UtYv4ST1NkFUCSp4CB9QXkn 7C5A== X-Gm-Message-State: AOJu0YzZ1gy5WIbeoGqGci53QHmoMN8k5q8r1+Xn16Wgz4dTDlV73vBD SqUf/HNsGUw8L0cS3/wYP+f4QPreC4AInyok8bsHK1fnwiIupDUynvBtzliOLA== X-Gm-Gg: AeBDievrSgZCYxMUHrkbH5vMMtxykbQFJbbC2idHQhKWxR211RcH/EcDFDhwgxjvC96 /QbvYnp8sD67QI4vtoR6piP+V8rdV9JwIK+5aBsOazF1M6Cqj591JU2CfCcWsm2JExNtCJqFkel w7oEovACMt+gUUw+mPl9jJx/WcAntnq5ra6yUaQKoRtDPPXdrrMU+zUirSb4N6JLtSvlMLuMoaM G7P2HYvoE79nR0kQwb8cjBjAvAQ7Q2rXuHnqbEQqjpjXWYfo2e95u9/TwASX1TpOieuQZesh6K+ Z20pCtDTXd7bfy3TYblw28MlvRwr/U8haoGZxA6bZ9cvq9DSi2Eg4E0BVmjjcyr/bAvOJUZUz1j lRtV0wGEjCHx6OIi1eq3DMwhs0HRVcFwbF57QgZyQIDR1cMAnNz53oBTGWn/X8L1LkGMBtYmrow gGzczaYwRkzCuQmX5+KvYM X-Received: by 2002:a05:6000:2c0a:b0:43d:14cb:8470 with SMTP id ffacd0b85a97d-43d2930630dmr18131997f8f.46.1775477006239; Mon, 06 Apr 2026 05:03:26 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43d1e4f843dsm38673310f8f.37.2026.04.06.05.03.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Apr 2026 05:03:25 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 5/7] giflib: mark CVE-2026-23868 patched Date: Mon, 6 Apr 2026 14:03:12 +0200 Message-ID: <20260406120314.3514982-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260406120314.3514982-1-skandigraun@gmail.com> References: <20260406120314.3514982-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 12:03:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126042 The fix[1] that is referenced by the NVD advisory is already included in the current recipe version. [1]: https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/ Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-devtools/giflib/giflib_6.1.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-devtools/giflib/giflib_6.1.2.bb b/meta-oe/recipes-devtools/giflib/giflib_6.1.2.bb index 77f8905358..9cb2a51879 100644 --- a/meta-oe/recipes-devtools/giflib/giflib_6.1.2.bb +++ b/meta-oe/recipes-devtools/giflib/giflib_6.1.2.bb @@ -26,3 +26,5 @@ FILES:${PN}-utils = "${bindir}" BBCLASSEXTEND = "native" RDEPENDS:${PN}-utils = "perl" + +CVE_STATUS[CVE-2026-23868] = "fixed-version: fixed since v6.1.2" From patchwork Mon Apr 6 12:03:13 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 85322 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 27EF2EF4EDE for ; Mon, 6 Apr 2026 12:03:36 +0000 (UTC) Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.53491.1775477008797876127 for ; Mon, 06 Apr 2026 05:03:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=q1KRXPuV; spf=pass (domain: gmail.com, ip: 209.85.221.44, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-43cf73bbfbdso2382347f8f.1 for ; Mon, 06 Apr 2026 05:03:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775477007; x=1776081807; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ElSHwN4geY7E0XPJPBKiGUVmv5LmvxPsuwF3XVLkLK0=; b=q1KRXPuVhMnh/IXpVb5EH9lGf2szRPeFDYBQ/LzQgjrjixlYq6yY+N7dJNz7D3th9L 3LK8GekoQcBf2R14N2DvPdAF4qergKLqJyCPyw00FTqXH0+RZX6SWNgiMXICzC3jznZo 4mOjB7gDRoLTsigyI6cKK+DSGmHZjNRwh7x7nEz6eZQxL7KlYBneVWYDGWKJWm2qEtVq iwu6XUfac+iTCE9vXVoHwl0vtUILBpp8KIxWRlQHCK16u8QDYfMHEhNKkcBagZvEFvY5 /5PMd9QGma3EEnPagNV0rBrYZY38d54o9C7F9VjP+oqhn8NTubrBMQ3AuYbaGBKM7KEx whvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775477007; x=1776081807; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ElSHwN4geY7E0XPJPBKiGUVmv5LmvxPsuwF3XVLkLK0=; b=OffhD8GGY42ZrkzgZvIShP4AlSTV/JHx/J2MCsAdSiCigCdcd6WmCVZQPj6FT076WW gVow0dpkPCefwxd3+ykACsrdr84HZxBLWKwskcbRvJTl3B/ieHBidfy5iHZSuwDfh8k2 NIvi4MeVZp0dWd5DafTM7BDj7y/PjxP103hLrhMx0Szu9/6nu/to2FE/0g5E6BzSm0xX wS3sjRlBOZy6XamAt+aagzmSf2QZsXDVTcyWfe9uSUDhick7sq4u8EG0asa9c9XpIy77 fr+ZB+7Ss7VlaNhseC2X8b4qT3xmOrqQ5n1wrpJ5ag0BMLBaq1NxCIJrshfB8T+ruQ50 YNEQ== X-Gm-Message-State: AOJu0YzUnDZtTvteARQZ+6W6E3YnpsLfili6pZ3V3RskhkHQk6hLmOvE hjjGlxyGsRO7ggObJoLYhZj15yo8HS7Kv9ZFh6Bes+7qSdv9zo1sLD5wD75ZDw== X-Gm-Gg: AeBDieuy1PN5SCf0MiKYM2+zRTY8aYrjNi3BspYBxNsyBWhuL88Bjbk7wL2tSGsCtDs +92DJdzt9x5fXNHwa5LZOc2425u978fgKibVUhvhGebbSAJ2Hid7psD4C6ZS0t3mA3pevQXOVLH XOpx5Mr4pPdyY0TEotPOHRYHh8PnmY7RTr946X9eyPr5FoTZdgzvO5b8Bp3vNo+DP76pCTpf7US g3IZnvZcLJZlMWO2jiYBNr4PyDfWNRu6HNAye/JIxajfxxZR0RT/5px19mUrJTcR1kINHJz7B6s 0aHh26CZ0vQsd4Xa2CpTMTMbUJ+OO1uvnacCgPVsq+Ah3OQq9rIakgMDNLPVrHIiXXr8iSlukPC ak3vZkPmtaCi2g2hfiwnNRoUtVTckVBczSqGrSR6BMRXn1MLI9NuhSDCvfeJYNwjCse/WLHxI5k D3lwwRfTUPZczhfqSJhIfa X-Received: by 2002:a5d:5f91:0:b0:43c:fc5c:a9fe with SMTP id ffacd0b85a97d-43d292c2a28mr18526509f8f.20.1775477007072; Mon, 06 Apr 2026 05:03:27 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43d1e4f843dsm38673310f8f.37.2026.04.06.05.03.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Apr 2026 05:03:26 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 6/7] leancrypto: upgrade 1.7.0 -> 1.7.1 Date: Mon, 6 Apr 2026 14:03:13 +0200 Message-ID: <20260406120314.3514982-6-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260406120314.3514982-1-skandigraun@gmail.com> References: <20260406120314.3514982-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 12:03:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126043 Contains fix for CVE-2026-34610 (which is however tracked without a version by NVD, so it is marked as patched explicitly) Changelog: - Offer a means to select the AES-C constant time / S-Box implementation via lc_init API - use the AES-C constant time implementation by default - it is about 3 times slower than the AES-C S-Box implementation, but more secure. As the leancrypto library is about secure by default, the CT implementation is just right. Furthermore, if a caller wants to have the faster AES-C S-Box, he can call lc_init(LC_INIT_AES_SBOX) at the beginning. - X.509: fix security issue (CVE-2026-34610) Signed-off-by: Gyorgy Sarvari --- .../leancrypto/{leancrypto_1.7.0.bb => leancrypto_1.7.1.bb} | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) rename meta-oe/recipes-crypto/leancrypto/{leancrypto_1.7.0.bb => leancrypto_1.7.1.bb} (95%) diff --git a/meta-oe/recipes-crypto/leancrypto/leancrypto_1.7.0.bb b/meta-oe/recipes-crypto/leancrypto/leancrypto_1.7.1.bb similarity index 95% rename from meta-oe/recipes-crypto/leancrypto/leancrypto_1.7.0.bb rename to meta-oe/recipes-crypto/leancrypto/leancrypto_1.7.1.bb index 7c9187ab94..9e7883ad3c 100644 --- a/meta-oe/recipes-crypto/leancrypto/leancrypto_1.7.0.bb +++ b/meta-oe/recipes-crypto/leancrypto/leancrypto_1.7.1.bb @@ -14,11 +14,12 @@ SECTION = "libs" SRC_URI = "git://github.com/smuellerDD/leancrypto.git;branch=master;protocol=https;tag=v${PV} \ file://leancrypto-tests.sh \ " -# SRCREV tagged v1.7.0 -SRCREV = "e60fba94e8cabf1661a1da488b78b84a4fba56e9" +SRCREV = "e7fa8c87a46c5787174c18fac385aa08eecdedd1" inherit pkgconfig meson +CVE_STATUS[CVE-2026-34610] = "fixed-version: fixed since v1.7.1" + EXTRA_OEMESON = "-Dstrip=false" TARGET_LDFLAGS:append = " ${DEBUG_PREFIX_MAP}" From patchwork Mon Apr 6 12:03:14 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 85319 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DE64AEF4ED4 for ; Mon, 6 Apr 2026 12:03:35 +0000 (UTC) Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.53492.1775477010664047486 for ; Mon, 06 Apr 2026 05:03:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=BsTzmKqo; spf=pass (domain: gmail.com, ip: 209.85.221.50, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-43d17bb1c65so2237823f8f.0 for ; Mon, 06 Apr 2026 05:03:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775477009; x=1776081809; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zPL3MuGbLk9KLhGntEDHOwXuQBz5TrAXCSRpo+GgseY=; b=BsTzmKqoiH+LXM11M4CdA76VwBa0JAClWe/TbkmRxukvIHiBU1eFBzsL+xQESLFnPY lZ9zeDLQ8OCcTYznNJMLDvK/tz4Bl4qYHTOLUUPsIkuSotb55tZgGki4LMcdECoeJvKi bKQfcLcSb/z2TBdr3140ISBVSis5fmtb1306byZDjH7yfSabwsBADe/uoR4LsQOaO63b 4UUEFilQKfiQWVrXVSSQEX5DxrbWn2RetBN0QD79xzll+E/+UaV3viy8q+qZcWZqqSDh x5yf12yzwyLmdt9ketK1pugSgEQ52wuiLtEgxdfb/dCojhWaghdBJWtbWMa21cwLdoi5 tllw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775477009; x=1776081809; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=zPL3MuGbLk9KLhGntEDHOwXuQBz5TrAXCSRpo+GgseY=; b=IAUOwkvcCeY/Mt8Z5W6g7Ovtz/M1HuLWdBzpWpZQofYPquiU/fdYTPAD8xTsUTcZed 44x2xtp+l+U3NDBhc/Io5qkEls+urbBsc4OJMNB28mM7mzjwsAh53UNxiLsWt0HlFqdM oNDoYRooZQuFv5UnxnSzKLUMCYDGuv9x0XFdADAPJEZZNSAseDPSm1dIxCxnJMwjzgKg HmpuGNuxr1UQiMzRTzO/IH1ZYqgVAz1n3B4oxuCN0RC01I4nSfim62oudxgvstwNrpho YG9pwTnw3qna7onQno8EiRyVmCnUu+hwVtFzVoVlBWEsDoj30oiVYUt5fsEPzLIK7QqN Zvog== X-Gm-Message-State: AOJu0YylyZ+Tz731nCaf4D9WP+54KllrWuMQ6gT0W4YgHzOFqLumBy73 +lhg8xRPYulcu5zndD9es5usS/KmH2BdnhIPj6za6NrwrU6ye82aBvMbt3ck8w== X-Gm-Gg: AeBDievlyJLrGrakZ1pNZc+IHbDZ6RFjorW0cIRNvlKoFZdNoAjav2R+XdnmlBhIDv5 kLFJtDXmUdSSU/S74lkN4NQf/0t12OEZJFbB6rSYk1bqsXs3szXoC35J4YzMN+9LqJDTTzk4djv eFeBwONQZJM4PEhzjZC50Q6GBLEFDkCuJBcOqA5zhhSLF/ZKkYUNX381B91s/rxTbHPyAbpwafU I6n+gE6mVdMmmd1GkUnY5mtwal6Jo/jRL6ws27lOycyJdkrSli7pWOby3ZpyitO8pWBPSOaDaeq +w5zAzuTEezZTJpLjJfTFA/8B/NidmdqBHXiOeoZTVY/d6eSJZsPxopqSJabwZ7CKsDjAnAZYaM BWYMXXd/Ag/prv1pujS0xTTGqu461Xw/YIh90jfvPiwN36rOriscONok6zpwpGpuYGU3lO1/s2K 40b6YG8I0zpYJPP1XzDHVU X-Received: by 2002:a5d:5d0f:0:b0:43c:ff58:35c2 with SMTP id ffacd0b85a97d-43d2929dc19mr18775028f8f.20.1775477008840; Mon, 06 Apr 2026 05:03:28 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43d1e4f843dsm38673310f8f.37.2026.04.06.05.03.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Apr 2026 05:03:28 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 7/7] libraw: upgrade 0.21.4 -> 0.22.1 Date: Mon, 6 Apr 2026 14:03:14 +0200 Message-ID: <20260406120314.3514982-7-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260406120314.3514982-1-skandigraun@gmail.com> References: <20260406120314.3514982-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 Apr 2026 12:03:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/126044 Contains fixes for CVE-2026-5318[1] and CVE-2026-5318[2] (both are tracked without a version by NVD, so they are explicitly marked as patched) License-update: copyright year bump Changelog: https://github.com/LibRaw/LibRaw/blob/0.22-stable/Changelog.txt [1]: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b [2]: https://github.com/LibRaw/LibRaw/commit/2468614a9cbcab6b75ca279ab60cac62156f7aeb Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-support/libraw/libraw_0.21.4.bb | 10 ---------- meta-oe/recipes-support/libraw/libraw_0.22.1.bb | 13 +++++++++++++ 2 files changed, 13 insertions(+), 10 deletions(-) delete mode 100644 meta-oe/recipes-support/libraw/libraw_0.21.4.bb create mode 100644 meta-oe/recipes-support/libraw/libraw_0.22.1.bb diff --git a/meta-oe/recipes-support/libraw/libraw_0.21.4.bb b/meta-oe/recipes-support/libraw/libraw_0.21.4.bb deleted file mode 100644 index ef0a0255d9..0000000000 --- a/meta-oe/recipes-support/libraw/libraw_0.21.4.bb +++ /dev/null @@ -1,10 +0,0 @@ -SUMMARY = "raw image decoder" -LICENSE = "LGPL-2.1-only | CDDL-1.0" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=1501ae0aa3c8544e63f08d6f7bf88a6f" - -SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=0.21-stable;protocol=https;tag=${PV}" -SRCREV = "9646d776c7c61976080a8f2be67928df0750493e" - -inherit autotools pkgconfig - -DEPENDS = "jpeg jasper lcms" diff --git a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb new file mode 100644 index 0000000000..bd0a4c0b03 --- /dev/null +++ b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb @@ -0,0 +1,13 @@ +SUMMARY = "raw image decoder" +LICENSE = "LGPL-2.1-only | CDDL-1.0" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=1d66195044cfbe4327c055d1c9c1a229" + +SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=0.22-stable;protocol=https;tag=${PV}" +SRCREV = "b860248a89d9082b8e0a1e202e516f46af9adb29" + +inherit autotools pkgconfig + +DEPENDS = "jpeg jasper lcms" + +CVE_STATUS[CVE-2026-5318] = "fixed-version: fixed since 0.22.1" +CVE_STATUS[CVE-2026-5342] = "fixed-version: fixed since 0.22.1"