From patchwork Tue Apr 7 16:15:38 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85447 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 150BCFF5123 for ; Tue, 7 Apr 2026 16:16:25 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.85462.1775578577007689128 for ; Tue, 07 Apr 2026 09:16:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=FsRIGb80; spf=pass (domain: smile.fr, ip: 209.85.128.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-488c21c636dso3668645e9.2 for ; Tue, 07 Apr 2026 09:16:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578575; x=1776183375; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1ym6+A4JCVPCh2T4oIKQtV7Mrbzbqe03UJK+amU/8q8=; b=FsRIGb804+UNh9r759YWGC5fCemaw8/h9e8uahg2WLGRST4/BEaUWsvICNRq4srltw IkRkuJS6CvTrqFHWLErLWxV0vmvDsnOnvcPRqXLyVKDth3SP7I7ommyOqlhsFJ4j4kCx 4PsznqQo9wuvHxjTVJlZZJ0ViJTgvVeYbgXTE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578575; x=1776183375; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=1ym6+A4JCVPCh2T4oIKQtV7Mrbzbqe03UJK+amU/8q8=; b=AUxggWskXwUjykrtl756m/5tP+hL9MRz8X2+UOtOUAJzl1khpDHMfqU6mW7TYmyjTI WGFEJbSFZrpxp1Y5D3nOpZwzVg+R9tgR0OP4L1t18YujURJA13nWtC5UUqkHrn3CScQj 6oK4+f+OFXWG5qMB1e6vLYJ+y2j1smSi9hhUt1y4HI7zZRJxc+4RsbDTUAtGZDLYq4+P 6rYtxxvAkltivE97S34UxRnzrbWRuDeRxA9gQnX6Z9cG3XIuNSgTRzbL4SexCYhaIa+B AUB4TnR8QSga4zMBE/JvBSzig2ulNpWO9Zv0Onsz/GEzUXAQX5QUZ25TENiOyUbRIe1X QI1g== X-Gm-Message-State: AOJu0YxMUjiNviMxqB/AwKjyj6e7EUHaoNHKA+U9LyQS4JjR5zeQSVIN KJz1QHRadvMk4DX+2Ge5elVMnm38VHBwAyzkNPqTJ6JUeT+z+BB1YUX2HmpQxdjwvMh8cNujL1y UPFFo0nU= X-Gm-Gg: AeBDievaXrwoVcj744tCdl18kvl0o9lGKxysrudNgRfjPe/ga9CGPKNFdx5CdwDQWbX 9i+s5PsSU9d1kR85wr1py26IH8S0Hw7C4/bX0KiQlWe1irodq31i58mHKS+zdrIz2GlnjacSm0S E9dA+e6wshOKVXhSl9BeGVUwVp1vfe+ZWKd+XrSDZfGeeOk9cY348aKYUJGlk7YUOp7p7FKlzKm FNENiufTkHbFEYdVuCYz3dt2znKZFwqJfNkuJmM9HruOmuB+xJU89pxfc1JDaXk/yNt+Gzqp99a 71jW0Ngv/n3QijIcxM9TpUHVFdbahIlTq2DwrVOMFiOJBoL1Q+0hgVRVcP230CbvUl5yWyxMR8G KZOz308DdQ6COyMzxrm99HLJ49aLIPVsaODRdbXixG3rYoUKTb4v5EqJ66yHgaYhuGEi5xiYr9O jIpfP46j5xIZJU44DQgi2jLXqR6dY+cXJaEmGd9fo0C4CD9UgA9AqypJL5DTK4hRbT0RQbLNyW3 JD2tNd3d0sHMKrBioMnBlWcV8Qu X-Received: by 2002:a05:600d:1b:b0:488:b8bc:6a32 with SMTP id 5b1f17b1804b1-488b8bc6cc9mr62341925e9.23.1775578574932; Tue, 07 Apr 2026 09:16:14 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:14 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 01/19] linux-yocto/5.15: update to v5.15.200 Date: Tue, 7 Apr 2026 18:15:38 +0200 Message-ID: <0ebdf9563aa64a1b9d8c6ae6fbd701de8178fa8b.1775578386.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234754 From: Bruce Ashfield Updating linux-yocto/5.15 to the latest korg -stable release that comprises the following commits: e45d5d41c1343 Linux 5.15.200 7ca5540ba6239 riscv: Replace function-like macro by static inline function cbae610ca9e27 nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page() 6a04dc650cef8 spi: tegra: Fix a memory leak in tegra_slink_probe() c7a02a814dc51 spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer 9fa4262a80f75 spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer 55dfe2687a496 spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one eebd79beb268c spi: tegra210-quad: Move curr_xfer read inside spinlock 4f9e7de7a6b8f spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer b34289505180a iommu: disable SVA when CONFIG_X86 is set 1ecf6dc2676ea Bluetooth: hci_event: call disconnect callback before deleting conn 214b85b9b7187 gve: Correct ethtool rx_dropped calculation 9d93332397405 gve: Fix stats report corruption on queue count change 8aa1b0bc65967 tracing: Fix ftrace event field alignments c3c5cfa3170c0 gfs2: Fix NULL pointer dereference in gfs2_log_flush 343fe375a8dd6 hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() be6d98766ac95 riscv: uprobes: Add missing fence.i after building the XOL buffer d7ead65126504 ASoC: amd: fix memory leak in acp3x pdm dma ops 42afe8ed8ad2d nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec 4c09184f08ce6 nvmet-tcp: don't map pages which can't come from HIGHMEM 15e329ce1a957 nvmet-tcp: fix regression in data_digest calculation 1a5c3c99efa11 nvmet-tcp: fix memory leak when performing a controller reset 367fd132df419 nvmet-tcp: add an helper to free the cmd buffers 8c760ba4e36c7 netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() 166f29d4af575 hwmon: (occ) Mark occ_init_attribute() as __printf 3f531122a5801 tipc: use kfree_sensitive() for session key material 5dae6b36a7cb7 macvlan: fix error recovery in macvlan_common_newlink() 77611cab5bdff dpaa2-switch: add bounds check for if_id in IRQ handler 01fbca1e93ec3 net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup d86c58eb005eb net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup c81a8515fb8c8 net: liquidio: Initialize netdev pointer before queue setup 2fcccca88456b dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero c01cc6fe06cf2 platform/x86: intel_telemetry: Fix PSS event register mask 5bce10f0f9435 platform/x86: toshiba_haps: Fix memory leaks in add/remove routines 193f087207ad8 wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice 8518f072fc929 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() fd8b090017330 scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() c85c9de39cd5d wifi: cfg80211: Fix bitrate calculation overflow for HE rates 15e9607df7925 ASoC: tlv320adcx140: Propagate error codes during probe 1525f1068295f ASoC: davinci-evm: Fix reference leak in davinci_evm_probe 536238ba39829 wifi: mac80211: collect station statistics earlier when disconnect 6e4cc9e399952 ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free 16c2ca35257ed HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) 04485e691d8ca HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list 67e06e8a77c1a netfilter: replace -EEXIST with -EBUSY e9aefab3b7eb4 ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk 2d8af4db1f209 HID: playstation: Center initial joystick axes to prevent spurious events d21497331b967 HID: intel-ish-hid: Reset enum_devices_done before enumeration d5cce2ec0e985 HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL a2c68e256fb7a smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() e5dd6a58a52d5 block,bfq: fix aux stat accumulation destination 64240689acff8 net: usb: sr9700: support devices with virtual driver CD cd89a4656c03f wifi: wlcore: ensure skb headroom before skb_push b04c75366a547 wifi: mac80211: ocb: skip rx_no_sta when interface is not joined 9a6cdfd7b6aaa binderfs: fix ida_alloc_max() upper bound ba43ac025c431 timers: Fix NULL function pointer race in timer_shutdown_sync() f24f9ea7d69ef Bluetooth: hci_qca: Fix the teardown problem for real e7f1ca8ea41ab timers: Update the documentation to reflect on the new timer_shutdown() API 36bdfa51a1ad7 timers: Provide timer_shutdown[_sync]() debbcf812d735 timers: Add shutdown mechanism to the internal functions 21ca3ee3f6faa timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode a7035e7d720f8 timers: Silently ignore timers with a NULL function e45a52685b335 Documentation: Replace del_timer/del_timer_sync() 29d5751350cdf timers: Rename del_timer() to timer_delete() a431c4c27ee05 timers: Replace BUG_ON()s d2736470196f2 timers: Get rid of del_singleshot_timer_sync() 9b78a3b948bb6 clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function a97b47fed39d9 clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function b03eb334c42ea ARM: spear: Do not use timer namespace for timer_shutdown() function 7bcf91585f3b1 Documentation: Remove bogus claim about del_timer_sync() 4abccfb61f422 netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX d6ae339f18099 mm/kfence: randomize the freelist on initialization 2284bc168b148 KVM: Don't clobber irqfd routing type when deassigning irqfd a550cc2564cab ARM: 9468/1: fix memset64() on big-endian 5928ca551e361 rbd: check for EOD after exclusive lock is ensured to be held 446d7283cffa5 platform/x86: intel_telemetry: Fix swapped arrays in PSS output 674ebe2d6fe59 x86/kfence: fix booting on 32bit non-PAE systems Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_5.15.bb | 6 ++--- .../linux/linux-yocto-tiny_5.15.bb | 6 ++--- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index e23c8bf88ab..526f3c64b7d 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "27c8048897d9d7ff1ed6d2643cbc024eb13ae342" -SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" +SRCREV_machine ?= "671f06e26c741b7d55d8afcc30e64f1480cec166" +SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.199" +LINUX_VERSION ?= "5.15.200" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 21233285b57..1eeda2e22ca 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.199" +LINUX_VERSION ?= "5.15.200" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "7b20eb2129d25bb2a1cb963d30c2f3adb1e144b3" -SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" +SRCREV_machine ?= "0d4112b87ce7dd038dc712ef616c0b6dd333c786" +SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 861af0041af..5f8bfba396e 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -14,24 +14,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "0ea8d4a7d24642475c1d1e0d8be44976600eb630" -SRCREV_machine:qemuarm64 ?= "33aae9ebda82736fc0246e4d2bd7967bb7ef492a" -SRCREV_machine:qemumips ?= "0d159686c17443503bc7b59f25b5129c8543193d" -SRCREV_machine:qemuppc ?= "c8e213f83bae4792c1042bdcedd46fa60963c69b" -SRCREV_machine:qemuriscv64 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" -SRCREV_machine:qemuriscv32 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" -SRCREV_machine:qemux86 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" -SRCREV_machine:qemux86-64 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" -SRCREV_machine:qemumips64 ?= "58c96e47bbd784e078e265426b9276bad2bb7e22" -SRCREV_machine ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" -SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" +SRCREV_machine:qemuarm ?= "44b7b6bdfaab20ab51f175aeb0df8c27791cc40d" +SRCREV_machine:qemuarm64 ?= "d67ad97cb5d6a51184bd61853e3af7e044c7f1d4" +SRCREV_machine:qemumips ?= "94fe5264de5b6ba6a5fab53b3f2283e36033e373" +SRCREV_machine:qemuppc ?= "a065262f1076ca606ea8229f84b23c10be2680e7" +SRCREV_machine:qemuriscv64 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_machine:qemuriscv32 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_machine:qemux86 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_machine:qemux86-64 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_machine:qemumips64 ?= "00831bab13b4320ee27e4ddc72b55542bfe75ec8" +SRCREV_machine ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "7b232985052fcf6a78bf0f965aa4241c0678c2ba" +SRCREV_machine:class-devupstream ?= "e45d5d41c1343aad8c7587a5b15d58e99aff4c8a" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.199" +LINUX_VERSION ?= "5.15.200" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Tue Apr 7 16:15:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85443 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4B91DFF5117 for ; Tue, 7 Apr 2026 16:16:24 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.85463.1775578577557875002 for ; Tue, 07 Apr 2026 09:16:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=cuWreHU/; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-488b0e1b870so36567645e9.2 for ; Tue, 07 Apr 2026 09:16:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578576; x=1776183376; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=+yR9Dh3QlptEbmJEZasIQsqijuqDXfBH6Jm1XCMvk/I=; b=cuWreHU/w0kdgFgKQus4c17PvFlKJusEtOtKfnQZZaUyGj9xb7x84NZGfV5+cr8kv9 9tT/lWVOIViv5yfshtHaOgvce1EkUjIoTO/buA9CDz/ssoEWBiKXPlOVlL1dDs1Oegzm dFZgzbzobtwLDBgSd747neoZv9QzDCq9oq8aY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578576; x=1776183376; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=+yR9Dh3QlptEbmJEZasIQsqijuqDXfBH6Jm1XCMvk/I=; b=cidVEm0gW5bn7W+sF0s+/lPJEjBFRgINR6UfbNvsFRYA76liQEEeB3lD1GWLD24vqh FVgVPxwJa+NTha/4hrrneHHWL3B9uGDkeCZ43kkKRpIcb2nI8r77oBWJfloIZzDUlvx+ Po/mAW+SKnWzcr+2UpIc9ARnllrXzZdI4tLOpvF/ZoW4e0/CvGb0qv2H+eSKED4sC1e0 /Oa5DpDFfHx1Z79ELZJekky0hcdsMfD4Oxj0x1wdDfosdVdUwlkXrMge4PgEuw8uyuMQ /TAiYC6dD5XA0NrFzvcnGg4/0sEJMSotwRJlg5vgL2pQU3DJeSwz9FhPQfXUHTj6JYhk 1X0Q== X-Gm-Message-State: AOJu0Yzw2+BSyUPpd++1gx6fo9hRCVbyv7366HHpxVtFRlZboo21tQNJ wt4ORXSWbfj4Hg7Mx0yWqzhnYPsNPOewrRMzF5LEtK5apTwtXyCimhVKbRJhdRoAGfJrXeoOR6O mBmnOFBA= X-Gm-Gg: AeBDiet3sB1pfZ+0fTZk4oF8JKGQcIjfRyUuIa5V9a2qYQ6LCYHqc/oKp6JtU4WU6hM 1y6W+b7Alt9XkxUN+ctShF2DBSouBHNJnulthMBups6GbPJudYLoajTJ4T7FIzzveofn/jvmt8E jm+V1Re3g63mMJ2Mv2jjVyGiTuyaQ3WEBAsjJotWfsPTmMZBDWY2ADeT+2dq/4TnYW4c22sxAyB GHJI0a9kI6K6FWlVc4ui4h1HjDFR3x+SsktUpnZcXFB6UEL3+nJ9O6F7ZwyicQhT3WUuQ34M6Ok O8dpQ3qmSjdSBIQsovUM4EHifc8YSdkaNb7iolgEiICrWbjuBzlmSGDDlIr948pkiSPgxUTFXRE UCaXQMqYH3BaI2us7NpdfQXQziKy7UV5b4eYZMok80/PjtUq5LoZKGY6Hwi1tzDkn5CoUDOIB4m /q3QYqymQERxzgyibtknK8wVJPtiPBIy2U8fq2N1n4IJC5YTRz2wCt0jBDzUb8ixEnaXF75KIca TKnsGCcYg7ZbUlr7YBwNPamj9xWs0VRtc5+2Yo= X-Received: by 2002:a05:600c:a47:b0:485:4eaf:eb53 with SMTP id 5b1f17b1804b1-48899781357mr267702845e9.19.1775578575624; Tue, 07 Apr 2026 09:16:15 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:15 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 02/19] linux-yocto/5.15: update to v5.15.201 Date: Tue, 7 Apr 2026 18:15:39 +0200 Message-ID: <65c5b6d33aa81de3e85452a1c1e4395e49addcca.1775578386.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234755 From: Bruce Ashfield Updating linux-yocto/5.15 to the latest korg -stable release that comprises the following commits: 3330a8d33e08 Linux 5.15.201 cfd5eadd051a USB: serial: option: add Telit FN920C04 RNDIS compositions 438a405fbad6 f2fs: fix out-of-bounds access in sysfs attribute read/write 2f67ff1e15a8 f2fs: fix to avoid UAF in f2fs_write_end_io() 6167af934f95 fbdev: smscufx: properly copy ioctl memory to kernelspace 52916878db2b fbdev: rivafb: fix divide error in nv3_arb() fa9fb38f5fe9 PCI: endpoint: Avoid creating sub-groups asynchronously 7036aff5a5e8 PCI: endpoint: Remove unused field in struct pci_epf_group 8055827352b7 PCI: endpoint: Automatically create a function specific attributes group b74408de1f22 scsi: qla2xxx: Free sp in error path to fix system crash 794563147038 scsi: qla2xxx: Reduce fabric scan duplicate code 23507a811081 scsi: qla2xxx: Remove dead code (GNN ID) da9939b1ed8b scsi: qla2xxx: Use named initializers for port_[d]state_str f2bbb4db0e4a scsi: qla2xxx: Fix bsg_done() causing double free c71dfb7833db bus: fsl-mc: fix use-after-free in driver_override_show() 38770e103e4e bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions 6dd2645cf080 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() dc5f09466448 crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req 338d40bab283 mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() ec7b6a042414 selftests: mptcp: pm: ensure unknown flags are ignored 51df5513cca6 net: dsa: free routing table on probe failure 4a6e4c56721a smb: client: set correct id, uid and cruid for multiuser automounts b0bb67385480 btrfs: fix racy bitfield write in btrfs_clear_space_info_full() cfdb22762f90 Revert "wireguard: device: enable threaded NAPI" 20c83788eafe gpiolib: acpi: Fix gpio count with string references 612ffe1f4f04 ASoC: fsl_xcvr: fix missing lock in fsl_xcvr_mode_put() ff96318c22fa platform/x86: panasonic-laptop: Fix sysfs group leak in error path af673209d43b platform/x86: classmate-laptop: Add missing NULL pointer checks 72f97ee4950d drm/tegra: hdmi: sor: Fix error: variable ā€˜jā€™ set but not used f2521ab1f63a romfs: check sb_set_blocksize() return value f14e997a372a gpio: sprd: Change sprd_gpio lock to raw_spin_lock 1fe2603fb171 ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU 86588916e188 gpio: omap: do not register driver in probe() 7e0b2cdbe660 scsi: qla2xxx: Query FW again before proceeding with login 891f9969a29e scsi: qla2xxx: Delay module unload while fabric scan in progress a46f81c1e627 scsi: qla2xxx: Validate sp before freeing associated memory ba18e5f22f26 nilfs2: Fix potential block overflow that cause system hang 8ee8ccfd60bf crypto: virtio - Add spinlock protection with virtqueue notification 31aff96a41ae crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly a60b17cedb44 crypto: octeontx - Fix length check to avoid truncation in ucode_load_store Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_5.15.bb | 4 ++-- .../linux/linux-yocto-tiny_5.15.bb | 4 ++-- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 24 +++++++++---------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index 526f3c64b7d..ea763ce9aa1 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "671f06e26c741b7d55d8afcc30e64f1480cec166" +SRCREV_machine ?= "46e4e1200a4fa889438a2cc62151bb7f1057421a" SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.200" +LINUX_VERSION ?= "5.15.201" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 1eeda2e22ca..56853f481fa 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.200" +LINUX_VERSION ?= "5.15.201" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,7 +14,7 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "0d4112b87ce7dd038dc712ef616c0b6dd333c786" +SRCREV_machine ?= "5ae014d6b48449ae38584cc174ef362f6582a8fc" SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 5f8bfba396e..176d17e5736 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -14,16 +14,16 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "44b7b6bdfaab20ab51f175aeb0df8c27791cc40d" -SRCREV_machine:qemuarm64 ?= "d67ad97cb5d6a51184bd61853e3af7e044c7f1d4" -SRCREV_machine:qemumips ?= "94fe5264de5b6ba6a5fab53b3f2283e36033e373" -SRCREV_machine:qemuppc ?= "a065262f1076ca606ea8229f84b23c10be2680e7" -SRCREV_machine:qemuriscv64 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" -SRCREV_machine:qemuriscv32 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" -SRCREV_machine:qemux86 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" -SRCREV_machine:qemux86-64 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" -SRCREV_machine:qemumips64 ?= "00831bab13b4320ee27e4ddc72b55542bfe75ec8" -SRCREV_machine ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_machine:qemuarm ?= "9750e854c9e92d55a2cb042c5ce72e712b24217d" +SRCREV_machine:qemuarm64 ?= "8634ca1dd87be9b55bd383dc8636b73b82a28051" +SRCREV_machine:qemumips ?= "54eca1788efd507120c9dc08681a6a31038513a1" +SRCREV_machine:qemuppc ?= "3a3a4ecdcebb4d3deaa8b5c4ec3e167d5f31305c" +SRCREV_machine:qemuriscv64 ?= "b5ccd2e275c9b68e5dc564b6febeaae8dda42bc5" +SRCREV_machine:qemuriscv32 ?= "b5ccd2e275c9b68e5dc564b6febeaae8dda42bc5" +SRCREV_machine:qemux86 ?= "b5ccd2e275c9b68e5dc564b6febeaae8dda42bc5" +SRCREV_machine:qemux86-64 ?= "b5ccd2e275c9b68e5dc564b6febeaae8dda42bc5" +SRCREV_machine:qemumips64 ?= "e643e82fef4b4352b8f6ddf802181526edc806ca" +SRCREV_machine ?= "b5ccd2e275c9b68e5dc564b6febeaae8dda42bc5" SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll @@ -31,7 +31,7 @@ SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "e45d5d41c1343aad8c7587a5b15d58e99aff4c8a" +SRCREV_machine:class-devupstream ?= "3330a8d33e086f76608bb4e80a3dc569d04a8814" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.200" +LINUX_VERSION ?= "5.15.201" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Tue Apr 7 16:15:40 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85441 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C4103FF511F for ; Tue, 7 Apr 2026 16:16:24 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.85271.1775578578595024420 for ; Tue, 07 Apr 2026 09:16:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=W9Ixl3/z; spf=pass (domain: smile.fr, ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-488a29e6110so33954065e9.3 for ; Tue, 07 Apr 2026 09:16:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578577; x=1776183377; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=xFSjZKpY+ZOBlTnU1ZhWa2/FzL7hm+4wH1p530QQaSk=; b=W9Ixl3/zZNCajrYCPChckaeuX1PhFd41dHKgtnTJDc60pI68K9KU4OTZY567JkvqHR s7ygSf2eQZDM74I8A78xLj4Md/B/6VHaDj78Y7Wq6SlPaXeS/iG2V4JSLdKA0i6Wr9gO 3vvOTc/ziJ1ePHvhaDWIoVrDqFA7runZYRzxY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578577; x=1776183377; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=xFSjZKpY+ZOBlTnU1ZhWa2/FzL7hm+4wH1p530QQaSk=; b=WcFGgbLdxfU3CZc7LALkjT5EvZGoy/NugUDxX4tkHe4nZ7+ACDg/Z8/JapHLOeZbh2 bprhtLFBbzmEqAUByyVjkW1jcWsiR/s2O6nG+TzHxqrZGdkZSxA92Dy49gx71maIVBoX Jx0FdKk/79jI61j3COlpqSIFtc3QA8Bg2TrqDjxsyIUT8L77GE6lDmVHZb7RzdyWckFn XWN7eLA59WUHcrmhKYrAKsQtzuZRZVtF4NDvnvoVTPUwJzm5cldletxpZuuX/XGueew8 GD9/zN8oUEJjG2TVvOtHMmjRRN3DO9HtyDh686E8L9Mslc0Z+aeIU53uOvB3ccGgGHrC 5t6w== X-Gm-Message-State: AOJu0YzqxKuVLFszDAtCsPzHqWUujlDKercg4ZdtXV8zQ2vyB9QK7Pnw oKmXAZTSDBVk5GAxyTeJWttgTc2KmHU9aZCjJ/iDJJba/VXu1RCK2K2yUWwfgpEollFava4PDxj LYAQA0aw= X-Gm-Gg: AeBDieuzZTn4fBf8GYt91yDnwUMVnlSPCtn/KB1VQJxWx0OaboXp7FVvf2nARyYeQgr LZ7pKqqkQn87NJRar7DxiwGhZT9cxkTayFzNBPrZ4oEyvsa7fIGtK5VkdGfzB3JJYs2lFV/yGIc pLxJLbOHHaYEb1wBHrikbTG/c8mX6DfvsrwaFldW7p9bIBrlLg2pw6w6PjykuHMReW1AfR8LICZ pSWC1ev7g4xG16qbxoaXV86dtfFI3dWUUQpzBQLY5lspSu1jNPxqh22qBH/hYQSHuK/5QUUa0Pq XCTA5Apbohfv4FJR5BuKKQTNeHxmfeSH5RV0O1fStDNiEbjJ/zjYh1vXc+GoLl47Hwew/iYPQ/g emMTH4NrWy/xjEG3kelf+JAo9f47zHOBelKklYAeG4Y9k3+fX49rOUC/M8sCcQZf5e6u5I1gN1t 8bhfSt65BiKN1J/g5GJC21AbATFwR3anzSxzvT73Iv+umP2PhN/P1m9euSCNIccl2eDS2ksZqIj lOCNOKXqipViTph2sadNYxoAIPH X-Received: by 2002:a05:600c:8216:b0:488:ba19:da25 with SMTP id 5b1f17b1804b1-488ba19dbc2mr68776565e9.12.1775578576618; Tue, 07 Apr 2026 09:16:16 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:15 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 03/19] create-pull-request: Keep commit hash to be pulled in cover email Date: Tue, 7 Apr 2026 18:15:40 +0200 Message-ID: <58138d386f1c221e87d2217bddc7e31d02cab58c.1775578386.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234756 From: Paul Barker The cover email mangling in create-pull-request was cutting off the actual commit hash to be pulled, making it difficult to verify that the changes a maintainer merges exactly match those intended by the pull request author. The extra lines we want to include are, for example from a recent whinlatter stable branch PR: for you to fetch changes up to 6c4c6d39ea3202d756acc13f8ce81b114a468541: cups: upgrade from 2.4.14 to 2.4.15 (2025-12-29 09:49:31 -0800) Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit c78f5ae4a5ba3675b78cc226feb7b9fbbfd8da19) Signed-off-by: Fabien Thomas Signed-off-by: Yoann Congal --- scripts/create-pull-request | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/create-pull-request b/scripts/create-pull-request index 885105fab3d..5c4414ecd5f 100755 --- a/scripts/create-pull-request +++ b/scripts/create-pull-request @@ -219,7 +219,7 @@ fi # The cover letter already has a diffstat, remove it from the pull-msg # before inserting it. -sed -n "0,\#$REMOTE_URL# p" "$PM" | sed -i "/BLURB HERE/ r /dev/stdin" "$CL" +sed -n "0,\#^----------------------------------------------------------------# p" "$PM" | sed -i "/BLURB HERE/ r /dev/stdin" "$CL" rm "$PM" # If this is an RFC, make that clear in the cover letter From patchwork Tue Apr 7 16:15:41 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85444 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8AE5FF511D for ; Tue, 7 Apr 2026 16:16:24 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.85465.1775578579545024535 for ; Tue, 07 Apr 2026 09:16:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Z6U3r5PW; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-488ad135063so21392605e9.0 for ; Tue, 07 Apr 2026 09:16:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578578; x=1776183378; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=aZXJksZ6cDyZy+zz8rFNmc7ug59d92x1hFHDvQgME1M=; b=Z6U3r5PWx4exQDcHNdu1cd4Wr5CcYk3FM+G2p6V83OuScUpsxIIae9DXt1t0nUXymK hUIrYRtw9fa3yCz5DNByNXZqj0t0/HxnkhHHckqjCMNGr43QUDAoTQkand9gRdb2H5WB Dj/yf99RvcJdXbXcpNVagiREIwwcA6823wERc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578578; x=1776183378; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=aZXJksZ6cDyZy+zz8rFNmc7ug59d92x1hFHDvQgME1M=; b=X6AFUgMDDrWktxTalEdHWn1AQb01fDatJUgWy5Ahqr6IKUbQanhCUrLRoBCPLiBD64 q8vM0ztVsoiuRXsGz4JB8JgNzUimrKCAya0uKmKSqU3ZMyV6ZS2azZHz8evYGFdVD5NS 2zxTbj7FoKpeZNJy2/VXp2aUl7HlVZ7b1O1etpvae2kVfRP0WXMrTkKu2QW1yCBpws79 5FMdlPHOg0SER6r0cuYJjBGAJcdG6giGgxnGGxWbZs/PupM5vbiohLRQ+yiFVxA8jH+5 3cUgxJJnNisupRVAGjWOKLdIpsIrNE7eO7WaD1UIr2rtWK8B9PpBciBSEGGyIR2Orr0E BcCQ== X-Gm-Message-State: AOJu0YzuUSkgN6Gcfp+g9J6Tdd36vSMeaCWsGW/Zt5rSn4YVlGkHLSIb TAl5y6NcjrIYQ5Iz9vVAhjYlSRx0ompLx8vi+zJKEAPgvCfa31pZqiMmU95DsSpqN5zsoKWJjJk fNSALliQ= X-Gm-Gg: AeBDieu+kx4RV/YoxH9A0RsYtdeYrohcMqkJeoaUubtu3TE2n5XqHVHOb18l2CBzgHN V+LgNuj1aOJyw8/IfOC6Mto2+hYDI1KuaLt/kxlXTL40E4b1/P9fO7CpZLkSvHScCy6eRgx1SR7 fXB6uiniDGSnbeXx5wTrS+HrSJZw/LLUFfIa6mI46mecgGhPCs0nPwu+HiQcOlOhzQ2Qotdfgf7 GqwzMZ/EpGU4gHhN/+W3hrb36HxMPsmHkTR77wrnkqDbRTFyC7Xy2wuYvonAyhflWauBVj7hwH4 Z73fSyH7SFitsvknISwSLtchyQXbWP0cmDCsgnmMF6SwnxcEwzUjTmthG8LPZzoU3b/M/Q9Od4N Ca3tMrL6tqR7btgVBS/pFY33dC1yySjI+KmJ8jtg1chLAXLfdgOQCTPTCDa+tsXOflSPQDLL+v8 zBFaGAt+7Ha4y6MCoAx2Ydkl0v+BjKEs5lmNST+8ce7OP7dBaaoDL/JY11iwk0GgQRb561lffow NfZh9sSqLu88oT4yCP8C1X2EITX X-Received: by 2002:a05:600c:c10b:b0:488:b043:5efd with SMTP id 5b1f17b1804b1-488b0436356mr92752655e9.13.1775578577658; Tue, 07 Apr 2026 09:16:17 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:16 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 04/19] README.OE-Core: update contributor links and add kirkstone prefix Date: Tue, 7 Apr 2026 18:15:41 +0200 Message-ID: <2e04debcb02caa9121a8f933c59fd69666a44fd8.1775578386.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234757 From: Fabien Thomas The current README points to an old Wiki page. Update this to the Yocto documentation. Additionally, add a helper command for git-send-email that includes the 'kirkstone' subject prefix to ensure patches are correctly identified by the maintainers and CI. Suggested-by: Yoann Congal Signed-off-by: Fabien Thomas Signed-off-by: Yoann Congal --- README.OE-Core.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/README.OE-Core.md b/README.OE-Core.md index 2f2127fb03a..8a724dd6d0a 100644 --- a/README.OE-Core.md +++ b/README.OE-Core.md @@ -16,9 +16,13 @@ which can be found at: Contributing ------------ -Please refer to -https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded -for guidelines on how to submit patches. +Please refer to our contributor guide here: https://docs.yoctoproject.org/dev/contributor-guide/ +for full details on how to submit changes. + +As a quick guide, patches should be sent to openembedded-core@lists.openembedded.org +The git command to do that would be: + + git send-email -M -1 --to openembedded-core@lists.openembedded.org --subject-prefix='kirkstone][PATCH' Mailing list: From patchwork Tue Apr 7 16:15:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85445 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 08D74FF5121 for ; Tue, 7 Apr 2026 16:16:25 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.85273.1775578580721876143 for ; Tue, 07 Apr 2026 09:16:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=azzcMerp; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-4888375f735so48312015e9.3 for ; Tue, 07 Apr 2026 09:16:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578579; x=1776183379; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CT90VZFAvpsWISE0hnXnwKX8/4gqB+DBOKG5HEgjKQY=; b=azzcMerp7D3+xZGpPoFT0jVOd1lYGEG5FykRi6gy4C5neVo5t7Og20n8oton1WD2iO 9fG75/EKCTno8etGC1eSkoYULOts9Za9QWGs1tAatfP7DEwe6sid2y0QMb6y9GcjKZCS 8KEeZVFo6s0+0R+u4OAYfMxun3WXfTlBcupNU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578579; x=1776183379; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=CT90VZFAvpsWISE0hnXnwKX8/4gqB+DBOKG5HEgjKQY=; b=H9kGk5wrZx7sKNmfx4fU0n6DIStm1hF4120V4ntokKRQFGF5ynvDdp1e/Jkbxo8/Oy uO5tFmdojzURATetG82SlqiAxAsivjpRngYYW64irXuT26XbjZw8eOzlkZ37oXX8SbuN s0EwpPl8scfEig7VdBCveeiCYePSGXMU7NbFE+YgGY4fWNPql4Nvd4YrDWPeA9INJ2ZA QL8aPNDO0QdaHUF0+UOyDCipj1FY2GLulMbkSLc2tvXXyEhwcVtp/r4oI28vyhr9IEik QlYcnUERpUYwZmaCSJK/wChk9izYVHQfjfQKLE7B1WCuB/GyyL6lqoISIM8N8T8P5sLr YQMA== X-Gm-Message-State: AOJu0YyBOyaHVtgxCR0amBH9xEEQZXhoMLv9anwScre4HB01N9DN7p0z Jib/0Ug566RxCgREE9d+kNKPU7RbTUz3kSZiv2x74cDr35XTxnM5zHYlKZV72iGwbzRDzqQbXOn 5GNe3gS0= X-Gm-Gg: AeBDies4+rlMqoHY3JI9sqTUWSOHaIqL6b2b2MZz/h6muffd8XnRJ9NK02rlITw0vSM 3HErJNQd4nAktQjsOU5zgomzwV8WJYKFoChfFmJPgRs/+YWBPu6958YLFTSJn3WiYAiH8rtWrym rB5PSvLsyaS2KvXLYxq/RqVtS1m7RWHvqDBsUdy/8bvEyf2tjjqbiiiq20rqnkHqQKV432XmZI4 amm8xnqAapJJ1aIt4iTGtch8otno0+i+oIdQPZxsT+HwHPI5Wv+tWzMS2+MOxm2ZBxYqi++s6Yz C1f6QJ5qce5ajMKbiOvJ/ek99JMrPrBaBkT9+PJK7t4JYL9JUdrg3z77TGqBwuaFaspJ+JKFrWl +LIrfSiWnRSz3WyqtBeTf6ZQYYYAc8zOjVACua/mp2x9P0R0LTK/v5zgZoBdJlQUs6fbiYG7kWJ TF76SO+v/wB5a8CaKN4yKHEbEGL8C6JrAQXY6MWgMRHIL+DiG5nSy5sN2s6J1Qqq2R0G98AgT0B h+bJtrpJ6dFDlJwe8BUTrd/NLRl X-Received: by 2002:a05:600c:a413:b0:485:6bcc:87dc with SMTP id 5b1f17b1804b1-488997b3a9amr186320345e9.14.1775578578635; Tue, 07 Apr 2026 09:16:18 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:17 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 05/19] libtheora: mark CVE-2024-56431 as not vulnerable yet Date: Tue, 7 Apr 2026 18:15:42 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234758 From: Peter Marko CVE patch [1] aplies only on main branch which is base for 1.2.x. Branch 1.1 has a different initial commit and does not contain vulnerable code where the CVE patch applies. Also Debian [2] marked 1.1 as not vulnerable. [1] https://gitlab.xiph.org/xiph/theora/-/commit/5665f86b8fd8345bb09469990e79221562ac204b [2] https://security-tracker.debian.org/tracker/CVE-2024-56431 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal Signed-off-by: Paul Barker Picked from scarthgap commit 07f35d022b88ab4d297d0252f9909e252b7e4cfe Reworked from CVE_STATUS to CVE_CHECK_IGNORE Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb b/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb index ad0be85559b..4066bb1513b 100644 --- a/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb +++ b/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb @@ -22,3 +22,6 @@ CVE_PRODUCT = "theora" inherit autotools pkgconfig EXTRA_OECONF = "--disable-examples" + +# fixed-version:branch 1.1 is not affected, vulnerable code is not present yet +CVE_CHECK_IGNORE += "CVE-2024-56431" From patchwork Tue Apr 7 16:15:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85442 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 77927FF511B for ; Tue, 7 Apr 2026 16:16:24 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.85467.1775578581328818371 for ; Tue, 07 Apr 2026 09:16:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=y5Q5bEzA; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-488a8ca4aadso32177605e9.3 for ; Tue, 07 Apr 2026 09:16:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578579; x=1776183379; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WBTX+qTNavn6kWq18ryoO1tzu8j0c9iwV7PD4ZfpRZY=; b=y5Q5bEzAR9AyU4l0ivgp1B/NWrkuruC+aTMP+PtE8fj1wkrZcaYr+FgJz1TrqDRlMG +oZuipL94Pq4XZuXA1LhrnuQYOdtd0OrNGJmmkvM9uZmVqB3+8v48cG474L6rGfGPczb /vwzjnJTUnAviyy5gohcCrA1e9gjQc5PUfcnc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578579; x=1776183379; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=WBTX+qTNavn6kWq18ryoO1tzu8j0c9iwV7PD4ZfpRZY=; b=IkkxoyGUow4jwHFaxrNdafPry3drIaP+HOzZaVf1vB7lEJMVxz+Knk1InyKS4GjUV0 Y8janOTNf6c6uiGGjHslF8ZqrL3JQ0zKxnlxNKXgWJhOSbKelfKDYl7NRSz9C/wz+WeM atjoNgmddlLwRI/yZPaMPWoq+WnlU/27Js9xUw3/kZvfYPm0Nc7vmo8XYZ9jlpV+sUvR qMqS4O09mVvW0JQvFDoAaBYOCaxc5BN0O4oUmoLhtAPVGkXe3Csd3erSskzX1kX8Rb+4 dbJb8bkyWfQuFYcmpiKO7qudDU3pHdCFiowvqYDWZ4hGLn3+/rrLUD3FwZcic+tHLRt7 aRAw== X-Gm-Message-State: AOJu0Yxbqpv4ayvMV9O/VOEYGLiZ6KSdqiB48A4KHn+VuqmJMsF+A7mi ae5sSEOHZ0uob8upLu7RLEP81dF2yiiOV72dJuUSUIvlf475vmLx2sjUjbA6AFP+S1/d1IUS3W8 ZBwuy9WQ= X-Gm-Gg: AeBDiev7V1AXLlSP2zKEKpnhI7pZvJeenpgHLgjQq/Ub78TJ5qoCdBOmsVdBvvDvrOQ ZGKQDP/pCM0Cq0Hmgxnl7AB89krz5RXx/RvHYpVvKp6aaLI1bc+5pp0/RUaL7Q0iafZaGPDnUiv w8TvvfabEyzD5DIFgHYZFyGvkNXiuHrYby2D9xz7I4D5WGK2qbQ9nyrwp7xVcNHr+XygdyTZgGK sHPRgJ2Rx7mnfaBqLmHUZ8KzGQCYWix6QuWqJOXdzng15pRwvUJGlUNP8KBXNioqb4rP2CF86IB RO4Rl4mzSGdiHz7h1aNGnWuslNTWhrTSpMFgBn7GJIO/EijVeGOnB/vjMrwCu8kosDAc6kBN5Ex 6TDvbvJ1en7aYIoNgjUHBqqmofzgtTqW5EAEmY3dV4vQjtc2pn41/CF864qAQJm/Q4jiYFKNIq1 aQFx7TOvekmoPINF97Eauh3oVyPGq3ernTFqfpEXeB8PYSLBk7VIO+rUxjbX/Cu5gpeANEiCr2V c7EjRc4oINxJXblIkBCY8IrKiTpLUV/gOFpFJ0= X-Received: by 2002:a05:600c:1381:b0:487:1108:48af with SMTP id 5b1f17b1804b1-488996a351bmr251687875e9.4.1775578579405; Tue, 07 Apr 2026 09:16:19 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:18 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 06/19] tzdata,tzcode-native: Upgrade 2025b -> 2025c Date: Tue, 7 Apr 2026 18:15:43 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234759 From: Vijay Anusuri This release mostly changes code and commentary. The only changed data are leap second table expiration and pre-1976 time in Baja California. Full release notes: https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/TAGXKYLMAQRZRFTERQ33CEKOW7KRJVAK/ Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 452334219309793ad74abd6ff390dcb06cab929b) Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- meta/recipes-extended/timezone/timezone.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index bb81d77ccc5..1c08d4b1023 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2025b" +PV = "2025c" SRC_URI =" https://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ https://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${WORKDIR}/tz" UPSTREAM_CHECK_URI = "https://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "05f8fedb3525ee70d49c87d3fae78a8a0dbae4fe87aa565c65cda9948ae135ec" -SRC_URI[tzdata.sha256sum] = "11810413345fc7805017e27ea9fa4885fd74cd61b2911711ad038f5d28d71474" +SRC_URI[tzcode.sha256sum] = "697ebe6625444aef5080f58e49d03424bbb52e08bf483d3ddb5acf10cbd15740" +SRC_URI[tzdata.sha256sum] = "4aa79e4effee53fc4029ffe5f6ebe97937282ebcdf386d5d2da91ce84142f957" From patchwork Tue Apr 7 16:15:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85439 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5861AFF5119 for ; Tue, 7 Apr 2026 16:16:24 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.85274.1775578582644029757 for ; Tue, 07 Apr 2026 09:16:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=OkdvgFCV; spf=pass (domain: smile.fr, ip: 209.85.128.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-4838c15e3cbso40561525e9.3 for ; Tue, 07 Apr 2026 09:16:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578580; x=1776183380; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NCGN8BUF5urP1YIACI5hJZJcaPbWT21zdmBon9wV9V4=; b=OkdvgFCVtvEJH1BagNSaTzXSL2q1rrktYr+IJ760FjFBiJLYzARazZe0/BWJmtTIYK ljq+eD8VRJ2SVmFNNKDYHHgC3by9MCfUBorLbT+/8XcHyKTLoAZSX/63p19/01ZsXGt7 V6KI0WqW661oWeTR9+eJP8PmQLtmhIxdS3g8s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578580; x=1776183380; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=NCGN8BUF5urP1YIACI5hJZJcaPbWT21zdmBon9wV9V4=; b=oM12DvmXLwkIsdLLy0DJudFWxH/K+lAGUKuF0DBLvWDypUVyO8Z4nmG6CY9aN//vas L+Y5kMZWZCdWB3FPa0ClaKSgUvBJ1EjmzePi/pUQBFBzu1iuN45bK5YlYYz0sxBVCxdd FAGrKx9ro4DmWrLDbPODSbpp+vmjKj6CMxDqsQjdUUnLIBfS1/vr0l65dUrIQQU2mlf+ 4lf7djZo/NzfdD58L23njEU8D3veKbix6XAyu74vBslrsBYfQeq3SYtJYkIM6oUxuw1I g1VbQZpGd5BmpSRNqoCZVjUtzOImK02YY8BYec7zAofbf2FjQYwzOCQ+rug3XOZc4z1H G3+w== X-Gm-Message-State: AOJu0YxCM5DeObBdxBB3LN2TFMMsIOQY/IE4BHlTAeJdfbpRuc0ooL3V jYg5MYYm8fIUrRz3njYLjwTfh+vj+9oYchXIWfd2y+sdG5BPKi672I90JeWFdOfWLTe1TgQ2Q7M rjNC7oCw= X-Gm-Gg: AeBDiet3JFCP7OtdhpOksC9IJg6PYnRDcBVHKvRII20E8lXmAQCw+wMlrCMlrl95jcl k5f7XosQzGiGPOb9vACpStYR71iVlbKll+AUkejPU4KBIcc0Bex8t5uqHobdQ7t7n/oYwRPrsNB dE6H9hpOYAkCc74cZPr8We1fxX2ge9ypYobPQDlTxC2GonHV01iic7w+oeUTqJ8K3OvCGGaq0Gh YwpQwYBgfzs4v2w77F+0kRlTotQlgPnrhr0wM6yr/uGA1O98/snHiLmvssEasbwf/A3AeYHWOm1 HbsJDvp2oVCOpMERueC26PTMMnl+j9Kf2/MgSzyJcWOHZ7qT82prAq491Ax1f4ALILMMi3iPDz7 VDw+BJfNNsyoBz9LI6niVmhEi1GhH43iznY3rox8PV/tF8EqZ4++JnJ7KTuHUWTRz9ctEgrF2T9 71dsXJyZss4yBC02YRKJf6+gSbVCDie7lvFYJK1E01909wItUY+QsvycosWpipss7Flb1m9FiHZ jbqTPf64W80siTo/Zfzr6wnd7sP X-Received: by 2002:a05:600c:4e86:b0:480:4a8f:2d5c with SMTP id 5b1f17b1804b1-488997c9b69mr237349715e9.29.1775578580417; Tue, 07 Apr 2026 09:16:20 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:19 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 07/19] tzdata/tzcode-native: upgrade 2025c -> 2026a Date: Tue, 7 Apr 2026 18:15:44 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234760 From: Jinfeng Wang Signed-off-by: Jinfeng Wang Signed-off-by: Richard Purdie (cherry picked from commit 217ede26d64901d9a38fc119efa684487714c08a) Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- meta/recipes-extended/timezone/timezone.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index 1c08d4b1023..c498c0c9ffa 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2025c" +PV = "2026a" SRC_URI =" https://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ https://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${WORKDIR}/tz" UPSTREAM_CHECK_URI = "https://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "697ebe6625444aef5080f58e49d03424bbb52e08bf483d3ddb5acf10cbd15740" -SRC_URI[tzdata.sha256sum] = "4aa79e4effee53fc4029ffe5f6ebe97937282ebcdf386d5d2da91ce84142f957" +SRC_URI[tzcode.sha256sum] = "f80a17a2eddd2b54041f9c98d75b0aa8038b016d7c5de72892a146d9938740e1" +SRC_URI[tzdata.sha256sum] = "77b541725937bb53bd92bd484c0b43bec8545e2d3431ee01f04ef8f2203ba2b7" From patchwork Tue Apr 7 16:15:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85440 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3CF5BFF5115 for ; Tue, 7 Apr 2026 16:16:24 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.85275.1775578583397583310 for ; Tue, 07 Apr 2026 09:16:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=LZ27Jbpz; spf=pass (domain: smile.fr, ip: 209.85.128.54, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-488b150559bso17465985e9.1 for ; Tue, 07 Apr 2026 09:16:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578581; x=1776183381; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=cX520mzOuiO3Yx7LzznJ5dTFaH7s3NIr4oNCz19cNII=; b=LZ27JbpzdJksg7S41K24/PAeinVaQvtQjfGW/twPSiJmkbnKvaGhWLNO2lG+ahVsCC OJPdxNTduW5bhEvC3ovy/eDkWxhTmd8I9ALAHs8v2jNd08jiqBzRsUj1B2TbpLNekaEF 52Idw8p06mN9FCnt/TNW6d5UcNSGQs7xQUfZ8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578581; x=1776183381; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=cX520mzOuiO3Yx7LzznJ5dTFaH7s3NIr4oNCz19cNII=; b=Q4FL4YA5K8t3IXW+YV8j0ZRcSYSU/kwUPt6H2HSBexzLr7ZjXlLzKofe6g+MbvCg1H bztTWcFNnJd5+JFleJ1bGqJf+GVSEkEPHEGZIRqXUmXoDiLxbQ2gRjbwnTORf1sdvN98 IpjjoZrFvirEgKITUws4XcTZhsIU2IFJv3tWz6xDQgCNfKLuWLQ/Ms7G9uJHDF1T5y7v 50Ozz2MllYVcJegZ4L0yfCxKkBPrthY0iaj3KjOIXMSysUUex9b3zZzbKsd1SBFXcEnx o070NnsflxgSH4FHRv+Yb5XCurKTR4oJ3VeZy7dkMx51n4ufViNbi3xdoiVrI1BkTkcr bM4Q== X-Gm-Message-State: AOJu0YxFJ1VTTnsjr+JJDlhDLk9zj8T8g5EM/CK/m6v44BGPPTwQeu7l DCiHp8Kyb0ACPoC/7dKxKg7klNOUX5Oc84m0lVzhnJ2XGqG0q8F6kyQG6ivSkEWdlzhcOM5SSJD miaoZt7k= X-Gm-Gg: AeBDieuA5AZIR47LBRqTZNyxhXBm/3hx1hVMZmqynsVrJHLY22Jc9lv3lS5zrkjCc3V 1fv5unl6Jgk9DemAfnV9Gr82RiBMKQ9NpQ8q7nZ4GXuRkWTSKY30KUZJxqXM3ONxkbnG3yQsQHF bHSY3HuIetAY3jL9pEy46RhkOYBkD0mrf/8IRuCS0OzfjZ/lbCVBAK4y4M+yJBTfl6LmIgxA1EZ le5moHhbcM0DyWY83Yfbgep6DRhNuElJsmyF+maAy+10FIvc0gvkxLgJFxtKmWX3DjLPOJTi/tj CZBa2okWet+ZDdWIRd99DzD69S2yhP2XxQT+qTr4nWW+nWugNedl2n8S2n2U1x6hhLQrO9rf2zn 4D8sN5XSv2Blh3VofTmFB8c0MAi5zWannOej+B0+gCTpurA567Oi/+76FIoH1gAdvcfivgWmdSV IEUPo1FBDoDhCX/0dXZVN3TrXk0BVOoD4i50g5z7EVAkav7FGE0U5iSCbrseDHiDUDyJynRgDRl vwFdqdwaVClkz/E6+O2zK9dUDeu X-Received: by 2002:a05:600c:5292:b0:488:8d44:bf98 with SMTP id 5b1f17b1804b1-488996e8254mr270880525e9.7.1775578581266; Tue, 07 Apr 2026 09:16:21 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:20 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 08/19] python3: upgrade 3.10.19 -> 3.10.20 Date: Tue, 7 Apr 2026 18:15:45 +0200 Message-ID: <51e1581d337b674272c1a71dfc366387577bc5df.1775578386.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234761 From: Vijay Anusuri Drop upstreamed patches. Release information: * https://www.python.org/downloads/release/python-31020/ * The release you're looking at is Python 3.10.20, a security bugfix release for the legacy 3.10 series. Handles CVE-2024-6923 CVE-2025-6075 CVE-2025-12084 CVE-2025-13836 CVE-2025-13837 CVE-2025-15282 CVE-2025-59375 CVE-2026-0865 CVE-2026-24515 CVE-2026-25210 Signed-off-by: Vijay Anusuri [YC: rebased on top of kirkstone] Signed-off-by: Yoann Congal --- .../python/python3/CVE-2025-12084.patch | 171 -------- .../python/python3/CVE-2025-13836.patch | 163 -------- .../python/python3/CVE-2025-13837.patch | 162 -------- .../python/python3/CVE-2025-6075.patch | 364 ------------------ ...{python3_3.10.19.bb => python3_3.10.20.bb} | 6 +- 5 files changed, 1 insertion(+), 865 deletions(-) delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-12084.patch delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13836.patch delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13837.patch delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-6075.patch rename meta/recipes-devtools/python/{python3_3.10.19.bb => python3_3.10.20.bb} (98%) diff --git a/meta/recipes-devtools/python/python3/CVE-2025-12084.patch b/meta/recipes-devtools/python/python3/CVE-2025-12084.patch deleted file mode 100644 index 0c9bb435edf..00000000000 --- a/meta/recipes-devtools/python/python3/CVE-2025-12084.patch +++ /dev/null @@ -1,171 +0,0 @@ -From c97e87593063d84a2bd9fe7068b30eb44de23dc0 Mon Sep 17 00:00:00 2001 -From: "Miss Islington (bot)" - <31488909+miss-islington@users.noreply.github.com> -Date: Sun, 25 Jan 2026 18:10:49 +0100 -Subject: [PATCH] [3.10] gh-142145: Remove quadratic behavior in node ID cache - clearing (GH-142146) (#142213) - -* gh-142145: Remove quadratic behavior in node ID cache clearing (GH-142146) - -* Remove quadratic behavior in node ID cache clearing - -Co-authored-by: Jacob Walls <38668450+jacobtylerwalls@users.noreply.github.com> - -* Add news fragment - -CVE: CVE-2025-12084 -Upstream-Status: Backport [https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0] -Signed-off-by: Peter Marko ---------- -(cherry picked from commit 08d8e18ad81cd45bc4a27d6da478b51ea49486e4) - -Co-authored-by: Seth Michael Larson -Co-authored-by: Jacob Walls <38668450+jacobtylerwalls@users.noreply.github.com> - -* [3.14] gh-142754: Ensure that Element & Attr instances have the ownerDocument attribute (GH-142794) (#142818) - -gh-142754: Ensure that Element & Attr instances have the ownerDocument attribute (GH-142794) -(cherry picked from commit 1cc7551b3f9f71efbc88d96dce90f82de98b2454) - -Co-authored-by: Petr Viktorin -Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> - -* gh-142145: relax the no-longer-quadratic test timing (GH-143030) - -* gh-142145: relax the no-longer-quadratic test timing - -* require cpu resource -(cherry picked from commit 8d2d7bb2e754f8649a68ce4116271a4932f76907) - -Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> - -* merge NEWS entries into one - ---------- - -Co-authored-by: Seth Michael Larson -Co-authored-by: Jacob Walls <38668450+jacobtylerwalls@users.noreply.github.com> -Co-authored-by: Petr Viktorin -Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> -Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> -Co-authored-by: Gregory P. Smith ---- - Lib/test/test_minidom.py | 33 ++++++++++++++++++- - Lib/xml/dom/minidom.py | 11 ++----- - ...-12-01-09-36-45.gh-issue-142145.tcAUhg.rst | 6 ++++ - 3 files changed, 41 insertions(+), 9 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst - -diff --git a/Lib/test/test_minidom.py b/Lib/test/test_minidom.py -index ef38c36210..c68bd990f7 100644 ---- a/Lib/test/test_minidom.py -+++ b/Lib/test/test_minidom.py -@@ -2,6 +2,7 @@ - - import copy - import pickle -+import time - import io - from test import support - import unittest -@@ -9,7 +10,7 @@ import unittest - import pyexpat - import xml.dom.minidom - --from xml.dom.minidom import parse, Attr, Node, Document, parseString -+from xml.dom.minidom import parse, Attr, Node, Document, Element, parseString - from xml.dom.minidom import getDOMImplementation - from xml.parsers.expat import ExpatError - -@@ -177,6 +178,36 @@ class MinidomTest(unittest.TestCase): - self.confirm(dom.documentElement.childNodes[-1].data == "Hello") - dom.unlink() - -+ @support.requires_resource('cpu') -+ def testAppendChildNoQuadraticComplexity(self): -+ impl = getDOMImplementation() -+ -+ newdoc = impl.createDocument(None, "some_tag", None) -+ top_element = newdoc.documentElement -+ children = [newdoc.createElement(f"child-{i}") for i in range(1, 2 ** 15 + 1)] -+ element = top_element -+ -+ start = time.monotonic() -+ for child in children: -+ element.appendChild(child) -+ element = child -+ end = time.monotonic() -+ -+ # This example used to take at least 30 seconds. -+ # Conservative assertion due to the wide variety of systems and -+ # build configs timing based tests wind up run under. -+ # A --with-address-sanitizer --with-pydebug build on a rpi5 still -+ # completes this loop in <0.5 seconds. -+ self.assertLess(end - start, 4) -+ -+ def testSetAttributeNodeWithoutOwnerDocument(self): -+ # regression test for gh-142754 -+ elem = Element("test") -+ attr = Attr("id") -+ attr.value = "test-id" -+ elem.setAttributeNode(attr) -+ self.assertEqual(elem.getAttribute("id"), "test-id") -+ - def testAppendChildFragment(self): - dom, orig, c1, c2, c3, frag = self._create_fragment_test_nodes() - dom.documentElement.appendChild(frag) -diff --git a/Lib/xml/dom/minidom.py b/Lib/xml/dom/minidom.py -index ef8a159833..cada981f39 100644 ---- a/Lib/xml/dom/minidom.py -+++ b/Lib/xml/dom/minidom.py -@@ -292,13 +292,6 @@ def _append_child(self, node): - childNodes.append(node) - node.parentNode = self - --def _in_document(node): -- # return True iff node is part of a document tree -- while node is not None: -- if node.nodeType == Node.DOCUMENT_NODE: -- return True -- node = node.parentNode -- return False - - def _write_data(writer, data): - "Writes datachars to writer." -@@ -355,6 +348,7 @@ class Attr(Node): - def __init__(self, qName, namespaceURI=EMPTY_NAMESPACE, localName=None, - prefix=None): - self.ownerElement = None -+ self.ownerDocument = None - self._name = qName - self.namespaceURI = namespaceURI - self._prefix = prefix -@@ -680,6 +674,7 @@ class Element(Node): - - def __init__(self, tagName, namespaceURI=EMPTY_NAMESPACE, prefix=None, - localName=None): -+ self.ownerDocument = None - self.parentNode = None - self.tagName = self.nodeName = tagName - self.prefix = prefix -@@ -1539,7 +1534,7 @@ def _clear_id_cache(node): - if node.nodeType == Node.DOCUMENT_NODE: - node._id_cache.clear() - node._id_search_stack = None -- elif _in_document(node): -+ elif node.ownerDocument: - node.ownerDocument._id_cache.clear() - node.ownerDocument._id_search_stack= None - -diff --git a/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst b/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst -new file mode 100644 -index 0000000000..05c7df35d1 ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst -@@ -0,0 +1,6 @@ -+Remove quadratic behavior in ``xml.minidom`` node ID cache clearing. In order -+to do this without breaking existing users, we also add the *ownerDocument* -+attribute to :mod:`xml.dom.minidom` elements and attributes created by directly -+instantiating the ``Element`` or ``Attr`` class. Note that this way of creating -+nodes is not supported; creator functions like -+:py:meth:`xml.dom.Document.documentElement` should be used instead. diff --git a/meta/recipes-devtools/python/python3/CVE-2025-13836.patch b/meta/recipes-devtools/python/python3/CVE-2025-13836.patch deleted file mode 100644 index c4387b60194..00000000000 --- a/meta/recipes-devtools/python/python3/CVE-2025-13836.patch +++ /dev/null @@ -1,163 +0,0 @@ -From 289f29b0fe38baf2d7cb5854f4bb573cc34a6a15 Mon Sep 17 00:00:00 2001 -From: "Miss Islington (bot)" - <31488909+miss-islington@users.noreply.github.com> -Date: Fri, 5 Dec 2025 16:21:57 +0100 -Subject: [PATCH] [3.13] gh-119451: Fix a potential denial of service in - http.client (GH-119454) (#142139) - -gh-119451: Fix a potential denial of service in http.client (GH-119454) - -Reading the whole body of the HTTP response could cause OOM if -the Content-Length value is too large even if the server does not send -a large amount of data. Now the HTTP client reads large data by chunks, -therefore the amount of consumed memory is proportional to the amount -of sent data. -(cherry picked from commit 5a4c4a033a4a54481be6870aa1896fad732555b5) - -CVE: CVE-2025-13836 -Upstream-Status: Backport [https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15] -Signed-off-by: Hitendra Prajapati ---- - Lib/http/client.py | 28 ++++++-- - Lib/test/test_httplib.py | 66 +++++++++++++++++++ - ...-05-23-11-47-48.gh-issue-119451.qkJe9-.rst | 5 ++ - 3 files changed, 95 insertions(+), 4 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst - -diff --git a/Lib/http/client.py b/Lib/http/client.py -index d1b7b10..c8ab5b7 100644 ---- a/Lib/http/client.py -+++ b/Lib/http/client.py -@@ -111,6 +111,11 @@ responses = {v: v.phrase for v in http.HTTPStatus.__members__.values()} - _MAXLINE = 65536 - _MAXHEADERS = 100 - -+# Data larger than this will be read in chunks, to prevent extreme -+# overallocation. -+_MIN_READ_BUF_SIZE = 1 << 20 -+ -+ - # Header name/value ABNF (http://tools.ietf.org/html/rfc7230#section-3.2) - # - # VCHAR = %x21-7E -@@ -628,10 +633,25 @@ class HTTPResponse(io.BufferedIOBase): - reading. If the bytes are truly not available (due to EOF), then the - IncompleteRead exception can be used to detect the problem. - """ -- data = self.fp.read(amt) -- if len(data) < amt: -- raise IncompleteRead(data, amt-len(data)) -- return data -+ cursize = min(amt, _MIN_READ_BUF_SIZE) -+ data = self.fp.read(cursize) -+ if len(data) >= amt: -+ return data -+ if len(data) < cursize: -+ raise IncompleteRead(data, amt - len(data)) -+ -+ data = io.BytesIO(data) -+ data.seek(0, 2) -+ while True: -+ # This is a geometric increase in read size (never more than -+ # doubling out the current length of data per loop iteration). -+ delta = min(cursize, amt - cursize) -+ data.write(self.fp.read(delta)) -+ if data.tell() >= amt: -+ return data.getvalue() -+ cursize += delta -+ if data.tell() < cursize: -+ raise IncompleteRead(data.getvalue(), amt - data.tell()) - - def _safe_readinto(self, b): - """Same as _safe_read, but for reading into a buffer.""" -diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py -index 77152cf..89ec5f6 100644 ---- a/Lib/test/test_httplib.py -+++ b/Lib/test/test_httplib.py -@@ -1226,6 +1226,72 @@ class BasicTest(TestCase): - thread.join() - self.assertEqual(result, b"proxied data\n") - -+ def test_large_content_length(self): -+ serv = socket.create_server((HOST, 0)) -+ self.addCleanup(serv.close) -+ -+ def run_server(): -+ [conn, address] = serv.accept() -+ with conn: -+ while conn.recv(1024): -+ conn.sendall( -+ b"HTTP/1.1 200 Ok\r\n" -+ b"Content-Length: %d\r\n" -+ b"\r\n" % size) -+ conn.sendall(b'A' * (size//3)) -+ conn.sendall(b'B' * (size - size//3)) -+ -+ thread = threading.Thread(target=run_server) -+ thread.start() -+ self.addCleanup(thread.join, 1.0) -+ -+ conn = client.HTTPConnection(*serv.getsockname()) -+ try: -+ for w in range(15, 27): -+ size = 1 << w -+ conn.request("GET", "/") -+ with conn.getresponse() as response: -+ self.assertEqual(len(response.read()), size) -+ finally: -+ conn.close() -+ thread.join(1.0) -+ -+ def test_large_content_length_truncated(self): -+ serv = socket.create_server((HOST, 0)) -+ self.addCleanup(serv.close) -+ -+ def run_server(): -+ while True: -+ [conn, address] = serv.accept() -+ with conn: -+ conn.recv(1024) -+ if not size: -+ break -+ conn.sendall( -+ b"HTTP/1.1 200 Ok\r\n" -+ b"Content-Length: %d\r\n" -+ b"\r\n" -+ b"Text" % size) -+ -+ thread = threading.Thread(target=run_server) -+ thread.start() -+ self.addCleanup(thread.join, 1.0) -+ -+ conn = client.HTTPConnection(*serv.getsockname()) -+ try: -+ for w in range(18, 65): -+ size = 1 << w -+ conn.request("GET", "/") -+ with conn.getresponse() as response: -+ self.assertRaises(client.IncompleteRead, response.read) -+ conn.close() -+ finally: -+ conn.close() -+ size = 0 -+ conn.request("GET", "/") -+ conn.close() -+ thread.join(1.0) -+ - def test_putrequest_override_domain_validation(self): - """ - It should be possible to override the default validation -diff --git a/Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst b/Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst -new file mode 100644 -index 0000000..6d6f25c ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst -@@ -0,0 +1,5 @@ -+Fix a potential memory denial of service in the :mod:`http.client` module. -+When connecting to a malicious server, it could cause -+an arbitrary amount of memory to be allocated. -+This could have led to symptoms including a :exc:`MemoryError`, swapping, out -+of memory (OOM) killed processes or containers, or even system crashes. --- -2.50.1 - diff --git a/meta/recipes-devtools/python/python3/CVE-2025-13837.patch b/meta/recipes-devtools/python/python3/CVE-2025-13837.patch deleted file mode 100644 index 36bf75792bb..00000000000 --- a/meta/recipes-devtools/python/python3/CVE-2025-13837.patch +++ /dev/null @@ -1,162 +0,0 @@ -From 5a8b19677d818fb41ee55f310233772e15aa1a2b Mon Sep 17 00:00:00 2001 -From: Serhiy Storchaka -Date: Mon, 22 Dec 2025 15:49:44 +0200 -Subject: [PATCH] [3.12] gh-119342: Fix a potential denial of service in - plistlib (GH-119343) (#142149) - -Reading a specially prepared small Plist file could cause OOM because file's -read(n) preallocates a bytes object for reading the specified amount of -data. Now plistlib reads large data by chunks, therefore the upper limit of -consumed memory is proportional to the size of the input file. -(cherry picked from commit 694922cf40aa3a28f898b5f5ee08b71b4922df70) - -CVE: CVE-2025-13837 -Upstream-Status: Backport [https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b] -Signed-off-by: Peter Marko ---- - Lib/plistlib.py | 31 ++++++++++------ - Lib/test/test_plistlib.py | 37 +++++++++++++++++-- - ...-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst | 5 +++ - 3 files changed, 59 insertions(+), 14 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst - -diff --git a/Lib/plistlib.py b/Lib/plistlib.py -index 3292c30d5f..c5554ea1f7 100644 ---- a/Lib/plistlib.py -+++ b/Lib/plistlib.py -@@ -73,6 +73,9 @@ from xml.parsers.expat import ParserCreate - PlistFormat = enum.Enum('PlistFormat', 'FMT_XML FMT_BINARY', module=__name__) - globals().update(PlistFormat.__members__) - -+# Data larger than this will be read in chunks, to prevent extreme -+# overallocation. -+_MIN_READ_BUF_SIZE = 1 << 20 - - class UID: - def __init__(self, data): -@@ -499,12 +502,24 @@ class _BinaryPlistParser: - - return tokenL - -+ def _read(self, size): -+ cursize = min(size, _MIN_READ_BUF_SIZE) -+ data = self._fp.read(cursize) -+ while True: -+ if len(data) != cursize: -+ raise InvalidFileException -+ if cursize == size: -+ return data -+ delta = min(cursize, size - cursize) -+ data += self._fp.read(delta) -+ cursize += delta -+ - def _read_ints(self, n, size): -- data = self._fp.read(size * n) -+ data = self._read(size * n) - if size in _BINARY_FORMAT: - return struct.unpack(f'>{n}{_BINARY_FORMAT[size]}', data) - else: -- if not size or len(data) != size * n: -+ if not size: - raise InvalidFileException() - return tuple(int.from_bytes(data[i: i + size], 'big') - for i in range(0, size * n, size)) -@@ -561,22 +576,16 @@ class _BinaryPlistParser: - - elif tokenH == 0x40: # data - s = self._get_size(tokenL) -- result = self._fp.read(s) -- if len(result) != s: -- raise InvalidFileException() -+ result = self._read(s) - - elif tokenH == 0x50: # ascii string - s = self._get_size(tokenL) -- data = self._fp.read(s) -- if len(data) != s: -- raise InvalidFileException() -+ data = self._read(s) - result = data.decode('ascii') - - elif tokenH == 0x60: # unicode string - s = self._get_size(tokenL) * 2 -- data = self._fp.read(s) -- if len(data) != s: -- raise InvalidFileException() -+ data = self._read(s) - result = data.decode('utf-16be') - - elif tokenH == 0x80: # UID -diff --git a/Lib/test/test_plistlib.py b/Lib/test/test_plistlib.py -index fa46050658..229a5a242e 100644 ---- a/Lib/test/test_plistlib.py -+++ b/Lib/test/test_plistlib.py -@@ -838,8 +838,7 @@ class TestPlistlib(unittest.TestCase): - - class TestBinaryPlistlib(unittest.TestCase): - -- @staticmethod -- def decode(*objects, offset_size=1, ref_size=1): -+ def build(self, *objects, offset_size=1, ref_size=1): - data = [b'bplist00'] - offset = 8 - offsets = [] -@@ -851,7 +850,11 @@ class TestBinaryPlistlib(unittest.TestCase): - len(objects), 0, offset) - data.extend(offsets) - data.append(tail) -- return plistlib.loads(b''.join(data), fmt=plistlib.FMT_BINARY) -+ return b''.join(data) -+ -+ def decode(self, *objects, offset_size=1, ref_size=1): -+ data = self.build(*objects, offset_size=offset_size, ref_size=ref_size) -+ return plistlib.loads(data, fmt=plistlib.FMT_BINARY) - - def test_nonstandard_refs_size(self): - # Issue #21538: Refs and offsets are 24-bit integers -@@ -959,6 +962,34 @@ class TestBinaryPlistlib(unittest.TestCase): - with self.assertRaises(plistlib.InvalidFileException): - plistlib.loads(b'bplist00' + data, fmt=plistlib.FMT_BINARY) - -+ def test_truncated_large_data(self): -+ self.addCleanup(os_helper.unlink, os_helper.TESTFN) -+ def check(data): -+ with open(os_helper.TESTFN, 'wb') as f: -+ f.write(data) -+ # buffered file -+ with open(os_helper.TESTFN, 'rb') as f: -+ with self.assertRaises(plistlib.InvalidFileException): -+ plistlib.load(f, fmt=plistlib.FMT_BINARY) -+ # unbuffered file -+ with open(os_helper.TESTFN, 'rb', buffering=0) as f: -+ with self.assertRaises(plistlib.InvalidFileException): -+ plistlib.load(f, fmt=plistlib.FMT_BINARY) -+ for w in range(20, 64): -+ s = 1 << w -+ # data -+ check(self.build(b'\x4f\x13' + s.to_bytes(8, 'big'))) -+ # ascii string -+ check(self.build(b'\x5f\x13' + s.to_bytes(8, 'big'))) -+ # unicode string -+ check(self.build(b'\x6f\x13' + s.to_bytes(8, 'big'))) -+ # array -+ check(self.build(b'\xaf\x13' + s.to_bytes(8, 'big'))) -+ # dict -+ check(self.build(b'\xdf\x13' + s.to_bytes(8, 'big'))) -+ # number of objects -+ check(b'bplist00' + struct.pack('>6xBBQQQ', 1, 1, s, 0, 8)) -+ - - class TestKeyedArchive(unittest.TestCase): - def test_keyed_archive_data(self): -diff --git a/Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst b/Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst -new file mode 100644 -index 0000000000..04fd8faca4 ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst -@@ -0,0 +1,5 @@ -+Fix a potential memory denial of service in the :mod:`plistlib` module. -+When reading a Plist file received from untrusted source, it could cause -+an arbitrary amount of memory to be allocated. -+This could have led to symptoms including a :exc:`MemoryError`, swapping, out -+of memory (OOM) killed processes or containers, or even system crashes. diff --git a/meta/recipes-devtools/python/python3/CVE-2025-6075.patch b/meta/recipes-devtools/python/python3/CVE-2025-6075.patch deleted file mode 100644 index eab5a882a0d..00000000000 --- a/meta/recipes-devtools/python/python3/CVE-2025-6075.patch +++ /dev/null @@ -1,364 +0,0 @@ -From 892747b4cf0f95ba8beb51c0d0658bfaa381ebca Mon Sep 17 00:00:00 2001 -From: Łukasz Langa -Date: Fri, 31 Oct 2025 17:51:32 +0100 -Subject: [PATCH] gh-136065: Fix quadratic complexity in os.path.expandvars() - (GH-134952) (GH-140851) - -(cherry picked from commit f029e8db626ddc6e3a3beea4eff511a71aaceb5c) - -Co-authored-by: Serhiy Storchaka - -CVE: CVE-2025-6075 - -Upstream-Status: Backport [https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca] - -Signed-off-by: Praveen Kumar ---- - Lib/ntpath.py | 126 ++++++------------ - Lib/posixpath.py | 43 +++--- - Lib/test/test_genericpath.py | 14 ++ - Lib/test/test_ntpath.py | 20 ++- - ...-05-30-22-33-27.gh-issue-136065.bu337o.rst | 1 + - 5 files changed, 93 insertions(+), 111 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst - -diff --git a/Lib/ntpath.py b/Lib/ntpath.py -index 9b0cca4..bd2b4e2 100644 ---- a/Lib/ntpath.py -+++ b/Lib/ntpath.py -@@ -374,17 +374,23 @@ def expanduser(path): - # XXX With COMMAND.COM you can use any characters in a variable name, - # XXX except '^|<>='. - -+_varpattern = r"'[^']*'?|%(%|[^%]*%?)|\$(\$|[-\w]+|\{[^}]*\}?)" -+_varsub = None -+_varsubb = None -+ - def expandvars(path): - """Expand shell variables of the forms $var, ${var} and %var%. - - Unknown variables are left unchanged.""" - path = os.fspath(path) -+ global _varsub, _varsubb - if isinstance(path, bytes): - if b'$' not in path and b'%' not in path: - return path -- import string -- varchars = bytes(string.ascii_letters + string.digits + '_-', 'ascii') -- quote = b'\'' -+ if not _varsubb: -+ import re -+ _varsubb = re.compile(_varpattern.encode(), re.ASCII).sub -+ sub = _varsubb - percent = b'%' - brace = b'{' - rbrace = b'}' -@@ -393,94 +399,44 @@ def expandvars(path): - else: - if '$' not in path and '%' not in path: - return path -- import string -- varchars = string.ascii_letters + string.digits + '_-' -- quote = '\'' -+ if not _varsub: -+ import re -+ _varsub = re.compile(_varpattern, re.ASCII).sub -+ sub = _varsub - percent = '%' - brace = '{' - rbrace = '}' - dollar = '$' - environ = os.environ -- res = path[:0] -- index = 0 -- pathlen = len(path) -- while index < pathlen: -- c = path[index:index+1] -- if c == quote: # no expansion within single quotes -- path = path[index + 1:] -- pathlen = len(path) -- try: -- index = path.index(c) -- res += c + path[:index + 1] -- except ValueError: -- res += c + path -- index = pathlen - 1 -- elif c == percent: # variable or '%' -- if path[index + 1:index + 2] == percent: -- res += c -- index += 1 -- else: -- path = path[index+1:] -- pathlen = len(path) -- try: -- index = path.index(percent) -- except ValueError: -- res += percent + path -- index = pathlen - 1 -- else: -- var = path[:index] -- try: -- if environ is None: -- value = os.fsencode(os.environ[os.fsdecode(var)]) -- else: -- value = environ[var] -- except KeyError: -- value = percent + var + percent -- res += value -- elif c == dollar: # variable or '$$' -- if path[index + 1:index + 2] == dollar: -- res += c -- index += 1 -- elif path[index + 1:index + 2] == brace: -- path = path[index+2:] -- pathlen = len(path) -- try: -- index = path.index(rbrace) -- except ValueError: -- res += dollar + brace + path -- index = pathlen - 1 -- else: -- var = path[:index] -- try: -- if environ is None: -- value = os.fsencode(os.environ[os.fsdecode(var)]) -- else: -- value = environ[var] -- except KeyError: -- value = dollar + brace + var + rbrace -- res += value -- else: -- var = path[:0] -- index += 1 -- c = path[index:index + 1] -- while c and c in varchars: -- var += c -- index += 1 -- c = path[index:index + 1] -- try: -- if environ is None: -- value = os.fsencode(os.environ[os.fsdecode(var)]) -- else: -- value = environ[var] -- except KeyError: -- value = dollar + var -- res += value -- if c: -- index -= 1 -+ -+ def repl(m): -+ lastindex = m.lastindex -+ if lastindex is None: -+ return m[0] -+ name = m[lastindex] -+ if lastindex == 1: -+ if name == percent: -+ return name -+ if not name.endswith(percent): -+ return m[0] -+ name = name[:-1] - else: -- res += c -- index += 1 -- return res -+ if name == dollar: -+ return name -+ if name.startswith(brace): -+ if not name.endswith(rbrace): -+ return m[0] -+ name = name[1:-1] -+ -+ try: -+ if environ is None: -+ return os.fsencode(os.environ[os.fsdecode(name)]) -+ else: -+ return environ[name] -+ except KeyError: -+ return m[0] -+ -+ return sub(repl, path) - - - # Normalize a path, e.g. A//B, A/./B and A/foo/../B all become A\B. -diff --git a/Lib/posixpath.py b/Lib/posixpath.py -index b8dd563..75020ee 100644 ---- a/Lib/posixpath.py -+++ b/Lib/posixpath.py -@@ -279,42 +279,41 @@ def expanduser(path): - # This expands the forms $variable and ${variable} only. - # Non-existent variables are left unchanged. - --_varprog = None --_varprogb = None -+_varpattern = r'\$(\w+|\{[^}]*\}?)' -+_varsub = None -+_varsubb = None - - def expandvars(path): - """Expand shell variables of form $var and ${var}. Unknown variables - are left unchanged.""" - path = os.fspath(path) -- global _varprog, _varprogb -+ global _varsub, _varsubb - if isinstance(path, bytes): - if b'$' not in path: - return path -- if not _varprogb: -+ if not _varsubb: - import re -- _varprogb = re.compile(br'\$(\w+|\{[^}]*\})', re.ASCII) -- search = _varprogb.search -+ _varsubb = re.compile(_varpattern.encode(), re.ASCII).sub -+ sub = _varsubb - start = b'{' - end = b'}' - environ = getattr(os, 'environb', None) - else: - if '$' not in path: - return path -- if not _varprog: -+ if not _varsub: - import re -- _varprog = re.compile(r'\$(\w+|\{[^}]*\})', re.ASCII) -- search = _varprog.search -+ _varsub = re.compile(_varpattern, re.ASCII).sub -+ sub = _varsub - start = '{' - end = '}' - environ = os.environ -- i = 0 -- while True: -- m = search(path, i) -- if not m: -- break -- i, j = m.span(0) -- name = m.group(1) -- if name.startswith(start) and name.endswith(end): -+ -+ def repl(m): -+ name = m[1] -+ if name.startswith(start): -+ if not name.endswith(end): -+ return m[0] - name = name[1:-1] - try: - if environ is None: -@@ -322,13 +321,11 @@ def expandvars(path): - else: - value = environ[name] - except KeyError: -- i = j -+ return m[0] - else: -- tail = path[j:] -- path = path[:i] + value -- i = len(path) -- path += tail -- return path -+ return value -+ -+ return sub(repl, path) - - - # Normalize a path, e.g. A//B, A/./B and A/foo/../B all become A/B. -diff --git a/Lib/test/test_genericpath.py b/Lib/test/test_genericpath.py -index 1ff7f75..b0a1326 100644 ---- a/Lib/test/test_genericpath.py -+++ b/Lib/test/test_genericpath.py -@@ -7,6 +7,7 @@ import os - import sys - import unittest - import warnings -+from test import support - from test.support import os_helper - from test.support import warnings_helper - from test.support.script_helper import assert_python_ok -@@ -430,6 +431,19 @@ class CommonTest(GenericTest): - os.fsencode('$bar%s bar' % nonascii)) - check(b'$spam}bar', os.fsencode('%s}bar' % nonascii)) - -+ @support.requires_resource('cpu') -+ def test_expandvars_large(self): -+ expandvars = self.pathmodule.expandvars -+ with os_helper.EnvironmentVarGuard() as env: -+ env.clear() -+ env["A"] = "B" -+ n = 100_000 -+ self.assertEqual(expandvars('$A'*n), 'B'*n) -+ self.assertEqual(expandvars('${A}'*n), 'B'*n) -+ self.assertEqual(expandvars('$A!'*n), 'B!'*n) -+ self.assertEqual(expandvars('${A}A'*n), 'BA'*n) -+ self.assertEqual(expandvars('${'*10*n), '${'*10*n) -+ - def test_abspath(self): - self.assertIn("foo", self.pathmodule.abspath("foo")) - with warnings.catch_warnings(): -diff --git a/Lib/test/test_ntpath.py b/Lib/test/test_ntpath.py -index f790f77..161e57d 100644 ---- a/Lib/test/test_ntpath.py -+++ b/Lib/test/test_ntpath.py -@@ -5,8 +5,8 @@ import sys - import unittest - import warnings - from ntpath import ALLOW_MISSING -+from test import support - from test.support import os_helper --from test.support import TestFailed - from test.support.os_helper import FakePath - from test import test_genericpath - from tempfile import TemporaryFile -@@ -56,7 +56,7 @@ def tester(fn, wantResult): - fn = fn.replace("\\", "\\\\") - gotResult = eval(fn) - if wantResult != gotResult and _norm(wantResult) != _norm(gotResult): -- raise TestFailed("%s should return: %s but returned: %s" \ -+ raise support.TestFailed("%s should return: %s but returned: %s" \ - %(str(fn), str(wantResult), str(gotResult))) - - # then with bytes -@@ -72,7 +72,7 @@ def tester(fn, wantResult): - warnings.simplefilter("ignore", DeprecationWarning) - gotResult = eval(fn) - if _norm(wantResult) != _norm(gotResult): -- raise TestFailed("%s should return: %s but returned: %s" \ -+ raise support.TestFailed("%s should return: %s but returned: %s" \ - %(str(fn), str(wantResult), repr(gotResult))) - - -@@ -689,6 +689,19 @@ class TestNtpath(NtpathTestCase): - check('%spam%bar', '%sbar' % nonascii) - check('%{}%bar'.format(nonascii), 'ham%sbar' % nonascii) - -+ @support.requires_resource('cpu') -+ def test_expandvars_large(self): -+ expandvars = ntpath.expandvars -+ with os_helper.EnvironmentVarGuard() as env: -+ env.clear() -+ env["A"] = "B" -+ n = 100_000 -+ self.assertEqual(expandvars('%A%'*n), 'B'*n) -+ self.assertEqual(expandvars('%A%A'*n), 'BA'*n) -+ self.assertEqual(expandvars("''"*n + '%%'), "''"*n + '%') -+ self.assertEqual(expandvars("%%"*n), "%"*n) -+ self.assertEqual(expandvars("$$"*n), "$"*n) -+ - def test_expanduser(self): - tester('ntpath.expanduser("test")', 'test') - -@@ -923,6 +936,7 @@ class TestNtpath(NtpathTestCase): - self.assertIsInstance(b_final_path, bytes) - self.assertGreater(len(b_final_path), 0) - -+ - class NtCommonTest(test_genericpath.CommonTest, unittest.TestCase): - pathmodule = ntpath - attributes = ['relpath'] -diff --git a/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst b/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst -new file mode 100644 -index 0000000..1d152bb ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst -@@ -0,0 +1 @@ -+Fix quadratic complexity in :func:`os.path.expandvars`. --- -2.40.0 diff --git a/meta/recipes-devtools/python/python3_3.10.19.bb b/meta/recipes-devtools/python/python3_3.10.20.bb similarity index 98% rename from meta/recipes-devtools/python/python3_3.10.19.bb rename to meta/recipes-devtools/python/python3_3.10.20.bb index fbb2f80886b..88a57971b95 100644 --- a/meta/recipes-devtools/python/python3_3.10.19.bb +++ b/meta/recipes-devtools/python/python3_3.10.20.bb @@ -37,10 +37,6 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-Avoid-shebang-overflow-on-python-config.py.patch \ file://0001-test_storlines-skip-due-to-load-variability.patch \ file://0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch \ - file://CVE-2025-6075.patch \ - file://CVE-2025-13836.patch \ - file://CVE-2025-13837.patch \ - file://CVE-2025-12084.patch \ " SRC_URI:append:class-native = " \ @@ -49,7 +45,7 @@ SRC_URI:append:class-native = " \ file://12-distutils-prefix-is-inside-staging-area.patch \ file://0001-Don-t-search-system-for-headers-libraries.patch \ " -SRC_URI[sha256sum] = "c8f4a596572201d81dd7df91f70e177e19a70f1d489968b54b5fbbf29a97c076" +SRC_URI[sha256sum] = "de6517421601e39a9a3bc3e1bc4c7b2f239297423ee05e282598c83ec0647505" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar" From patchwork Tue Apr 7 16:15:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85446 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B603FF5125 for ; Tue, 7 Apr 2026 16:16:25 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.85276.1775578584172193917 for ; Tue, 07 Apr 2026 09:16:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=nmQ/dDuf; spf=pass (domain: smile.fr, ip: 209.85.128.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-488a9033b2cso30665275e9.2 for ; Tue, 07 Apr 2026 09:16:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578582; x=1776183382; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=PGwAQjzppj08vZE+eBqJn8AJRwFKcPlSu7fv234ON6o=; b=nmQ/dDufG2V3xGG4jWPAlQ18IknOnnTlSPejcsDFjZrm8MHJ2EkVPrqE6gnmUUNfXt KY+rnB/MypNHkJdkC1XnQFmC9l8TKTAgi1TgILSyMIBcegskNiyD9DqR9SEW66ktfUHg 8u9SpkVPkw/ctcymk4DUsUXApPGGhEC+7ROVc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578582; x=1776183382; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=PGwAQjzppj08vZE+eBqJn8AJRwFKcPlSu7fv234ON6o=; b=PjrpPqzWyI/9y19ysqyFhWDkskEzCsLxN6iTZJ1BZz+FTFFKuNCnQKRYkLMf6dRPGf OM4evfsKth3vuU2UjdWDTAfWUDzJbatre4buiRkdtJy7OtlbRXHaxvn0gFyQ/ruUgD0r yK7KNHueH5ccv7Rz7ejeNlNYYY3A8f94cyv1vZE3v8zeDNrGZi0GTxMwWKeuo5ngviRw 6joFXWFgtoK75eY2M94eTjWJl6ZoBdD0/jIimcTVIqleLhDgcd7RgKzQMf51eDhF9DrU MJFXkgUSldJqyoNGTyKUPMeesmcS0mi4wdhJdgBory+JbUv/YbF7OFECgoqOWWlY7gTk n8jQ== X-Gm-Message-State: AOJu0Yy5+jPWMQHlazYeoN3iFwfqYiWomR771Y5XjUjmXZLmShfSkdBZ AGncrwDqfs0mDJOXfzLZXBIdiKW/EpCGpcwptHdpQKt6TVdUDu+u+suV9tg+uV673C3VQn7KPJ3 JUy23PLw= X-Gm-Gg: AeBDieuIiUVz55MstDJGmYbbr5aUCjVM21hHnef/GDg2sggQCiQyXPLyI/Ao971m3Z/ zJcbZls0+qxx7dxisikAkN2++uZpl/4Y9LEEEay7GAbLJFkVDO0moq0xq3EYpYFXxEpp2GJ4CYF TU+lt8vLul3L48tKQblA9U6l2zJfavt/LhkcKNLwdOFA4m4nYQbKh2CSR58OQrgmD8HD7yDahlH zIV8y52Xpj7ucc9+iG1uY0AncudfsY+7Y+yp0XG5JZ/loOGALbRNsQq/AqXFu5UYSjbYufNmCTM GabCXdAMmMwMS9HIopEBGyLY/8LwGcUEHpZGwcbgxoZDQ/ZKZybuvNW5bFrZhcT909CcoApHz0m RKrJiDDxAsycIiqtv+XDLpv+RpGXmnTY1Su3dKnvTgIANzcOKpJQ+U87pbzJvufTKSTr5GOaPVF nm4DZm7IgXzHvSvgLh5shgxDJemk52sIuONGDUOn0Kce/PyzeAJZHGPaTp0fFXz5skpJXzldU9M zow8Cx//TJZP9NJG8Xev+gh8w8m X-Received: by 2002:a05:600c:1c0f:b0:488:b99b:4177 with SMTP id 5b1f17b1804b1-488b99b7636mr71576605e9.25.1775578582087; Tue, 07 Apr 2026 09:16:22 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:21 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 09/19] python3-pyopenssl: Fix CVE-2026-27448 Date: Tue, 7 Apr 2026 18:15:46 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234762 From: Vijay Anusuri Pick patch mentioned in NVD [1] https://nvd.nist.gov/vuln/detail/CVE-2026-27448 [2] https://ubuntu.com/security/CVE-2026-27448 Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../python3-pyopenssl/CVE-2026-27448.patch | 125 ++++++++++++++++++ .../python/python3-pyopenssl_22.0.0.bb | 4 + 2 files changed, 129 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch diff --git a/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch new file mode 100644 index 00000000000..4a06e2c0201 --- /dev/null +++ b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch @@ -0,0 +1,125 @@ +From d41a814759a9fb49584ca8ab3f7295de49a85aa0 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor +Date: Mon, 16 Feb 2026 21:04:37 -0500 +Subject: [PATCH] Handle exceptions in set_tlsext_servername_callback callbacks + (#1478) + +When the servername callback raises an exception, call sys.excepthook +with the exception info and return SSL_TLSEXT_ERR_ALERT_FATAL to abort +the handshake. Previously, exceptions would propagate uncaught through +the CFFI callback boundary. + +https://claude.ai/code/session_01P7y1XmWkdtC5UcmZwGDvGi + +Co-authored-by: Claude + +Upstream-Status: Backport [https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0] +CVE: CVE-2026-27448 +Signed-off-by: Vijay Anusuri +--- + CHANGELOG.rst | 2 ++ + src/OpenSSL/SSL.py | 7 ++++++- + tests/test_ssl.py | 50 ++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 58 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG.rst b/CHANGELOG.rst +index c84b30a..5b6d523 100644 +--- a/CHANGELOG.rst ++++ b/CHANGELOG.rst +@@ -20,6 +20,8 @@ Deprecations: + Changes: + ^^^^^^^^ + ++- ``Context.set_tlsext_servername_callback`` now handles exceptions raised in the callback by calling ``sys.excepthook`` and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. ++ + - Expose wrappers for some `DTLS + `_ + primitives. `#1026 `_ +diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py +index 12374b7..6ef44d4 100644 +--- a/src/OpenSSL/SSL.py ++++ b/src/OpenSSL/SSL.py +@@ -1,5 +1,6 @@ + import os + import socket ++import sys + from sys import platform + from functools import wraps, partial + from itertools import count, chain +@@ -1431,7 +1432,11 @@ class Context(object): + + @wraps(callback) + def wrapper(ssl, alert, arg): +- callback(Connection._reverse_mapping[ssl]) ++ try: ++ callback(Connection._reverse_mapping[ssl]) ++ except Exception: ++ sys.excepthook(*sys.exc_info()) ++ return _lib.SSL_TLSEXT_ERR_ALERT_FATAL + return 0 + + self._tlsext_servername_callback = _ffi.callback( +diff --git a/tests/test_ssl.py b/tests/test_ssl.py +index ccc8a38..77e1876 100644 +--- a/tests/test_ssl.py ++++ b/tests/test_ssl.py +@@ -1884,6 +1884,56 @@ class TestServerNameCallback(object): + + assert args == [(server, b"foo1.example.com")] + ++ def test_servername_callback_exception( ++ self, monkeypatch: pytest.MonkeyPatch ++ ) -> None: ++ """ ++ When the callback passed to `Context.set_tlsext_servername_callback` ++ raises an exception, ``sys.excepthook`` is called with the exception ++ and the handshake fails with an ``Error``. ++ """ ++ exc = TypeError("server name callback failed") ++ ++ def servername(conn: Connection) -> None: ++ raise exc ++ ++ excepthook_calls: list[ ++ tuple[type[BaseException], BaseException, object] ++ ] = [] ++ ++ def custom_excepthook( ++ exc_type: type[BaseException], ++ exc_value: BaseException, ++ exc_tb: object, ++ ) -> None: ++ excepthook_calls.append((exc_type, exc_value, exc_tb)) ++ ++ context = Context(SSLv23_METHOD) ++ context.set_tlsext_servername_callback(servername) ++ ++ # Necessary to actually accept the connection ++ context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem)) ++ context.use_certificate( ++ load_certificate(FILETYPE_PEM, server_cert_pem) ++ ) ++ ++ # Do a little connection to trigger the logic ++ server = Connection(context, None) ++ server.set_accept_state() ++ ++ client = Connection(Context(SSLv23_METHOD), None) ++ client.set_connect_state() ++ client.set_tlsext_host_name(b"foo1.example.com") ++ ++ monkeypatch.setattr(sys, "excepthook", custom_excepthook) ++ with pytest.raises(Error): ++ interact_in_memory(server, client) ++ ++ assert len(excepthook_calls) == 1 ++ assert excepthook_calls[0][0] is TypeError ++ assert excepthook_calls[0][1] is exc ++ assert excepthook_calls[0][2] is not None ++ + + class TestApplicationLayerProtoNegotiation(object): + """ +-- +2.25.1 + diff --git a/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb b/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb index db0e809ef54..13d87939b62 100644 --- a/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb +++ b/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb @@ -10,6 +10,10 @@ SRC_URI[sha256sum] = "660b1b1425aac4a1bea1d94168a85d99f0b3144c869dd4390d27629d00 PYPI_PACKAGE = "pyOpenSSL" inherit pypi setuptools3 +SRC_URI += " \ + file://CVE-2026-27448.patch \ +" + PACKAGES =+ "${PN}-tests" FILES:${PN}-tests = "${libdir}/${PYTHON_DIR}/site-packages/OpenSSL/test" From patchwork Tue Apr 7 16:15:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85449 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 24706FF511B for ; Tue, 7 Apr 2026 16:16:35 +0000 (UTC) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.85472.1775578585359401859 for ; Tue, 07 Apr 2026 09:16:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=ITBG1VXB; spf=pass (domain: smile.fr, ip: 209.85.128.50, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-4852b81c73aso43978035e9.3 for ; Tue, 07 Apr 2026 09:16:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578583; x=1776183383; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DS4DHbc7Jf3zRsV2JHtkpVskXSIoVHL+z+JE3NrXy+4=; b=ITBG1VXBBhGASmu5Rpzev1RTp/cCCH1GaSX4nar2Ik7jul2hVoDkjyfkLXJunITLVU aV9swLdSAcMI+NUu49phXCZkBMBTSiAa3dVXW108n3HjMwTaH4W6eAQgi17cFrxMhXKF Xb8EBbaeEwC1BCyEvnEYZOl3krrZMqKaT+R1E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578583; x=1776183383; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=DS4DHbc7Jf3zRsV2JHtkpVskXSIoVHL+z+JE3NrXy+4=; b=Y22Y0f5ZuR2kgfVJtv/tfzB8s/R1SxFycNeDaI7cEyA09sJPfyB9ezgw8j+F8x/57L ZfULwXXh0S1if7FEt6zTkwMQnFzH4o4yUmSc5zfw8E00H4DWw0iOq6kQ9zaKW75sQGUh ZpSsgLBN9p4sPdgct72KUP0Cb+hXN4i0M3hPTbanthqDeBHFUPH7q6BAMWxvyCM0ggA9 mKZG8dmALP2HTc+suyENypgYOMtXkG2q2iKGB4M5TSJfP6f4wUoPHI4fYvRxv2UwfyhB XP+9UTlDtqxwwK7+BqYhrgMYzVMFVlGZjXG4IvCKD0gpttLLYomirlg17weoB8QbZOzL D8Sw== X-Gm-Message-State: AOJu0YxqnU1qp6D5Mq+T8PNfHNA8OAVVAguTDNz67KMW01a317xzdSH0 n+wyOaUn0O1ImzvO3X7OiKXKVssH4BKxNAaWlm6mdbtCabYE5bze8FWT3eDD68/kf9grEQ9Hr1A pF4gsIlE= X-Gm-Gg: AeBDieswwhPDUJ8MilrIFrfVFdTCjnEm0CJ6PotYEo7a0IiOOluFRPDYzmT9TBAZNwH VQWkqQxL+F5WqxzptqVBw0YRdAsDLlFaLKf7rIkoJjaSQ77h+nt21rso6mdpTiNMOh0eSf+JvGb ocUhWH4kXxiNHzvJ+AfEf0O2qSmIiTbOzDnC/DlKE8kMepPZeR9eGFAoM22SjWHHsPv/Ivbsa2O XIle7SEU8AoVtkpl9CU8cOOjKZf8bQplWJBSl2dJP+ANHhVEB7B2Uc4ciEC3E68XoPjMYKa7WpV MezwAv5+op6duPT6KzqTEms4lYIZMFgk7Eiti13Tt63iUHb072yV/d0hDF6EMIpJvJfVQZFlhAL idAxu9+5THWrtxPhQCy6e8P6VlUjK4jrSq7O0qtC7zNzaIAy3PDHkqzg8hhBWNyAB57S695g66r HXl1GGB+vnOhfLakwxqGZeC3Byxryt/H4iQsfshmPtIfPFHsni8PtKXGKGvP9cMOsQ6DOFxBBDF sfPCxo4oarGKd2vDvyJ9latzTK2 X-Received: by 2002:a05:600c:a4a:b0:488:904b:f31 with SMTP id 5b1f17b1804b1-488997a44e2mr256501525e9.22.1775578582763; Tue, 07 Apr 2026 09:16:22 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:22 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 10/19] python3-pyopenssl: Fix CVE-2026-27459 Date: Tue, 7 Apr 2026 18:15:47 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234763 From: Vijay Anusuri Pick patch mentioned in NVD [1] https://nvd.nist.gov/vuln/detail/CVE-2026-27459 [2] https://ubuntu.com/security/CVE-2026-27459 Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../python3-pyopenssl/CVE-2026-27459.patch | 106 ++++++++++++++++++ .../python/python3-pyopenssl_22.0.0.bb | 1 + 2 files changed, 107 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch diff --git a/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch new file mode 100644 index 00000000000..b5e37a6900d --- /dev/null +++ b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch @@ -0,0 +1,106 @@ +From 57f09bb4bb051d3bc2a1abd36e9525313d5cd408 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor +Date: Wed, 18 Feb 2026 07:46:15 -0500 +Subject: [PATCH] Fix buffer overflow in DTLS cookie generation callback + (#1479) + +The cookie generate callback copied user-returned bytes into a +fixed-size native buffer without enforcing a maximum length. A +callback returning more than DTLS1_COOKIE_LENGTH bytes would overflow +the OpenSSL-provided buffer, corrupting adjacent memory. + +Co-authored-by: Claude Opus 4.6 + +Upstream-Status: Backport [https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408] +CVE: CVE-2026-27459 +Signed-off-by: Vijay Anusuri +--- + CHANGELOG.rst | 1 + + src/OpenSSL/SSL.py | 7 +++++++ + tests/test_ssl.py | 38 ++++++++++++++++++++++++++++++++++++++ + 3 files changed, 46 insertions(+) + +diff --git a/CHANGELOG.rst b/CHANGELOG.rst +index 5b6d523..13d8abd 100644 +--- a/CHANGELOG.rst ++++ b/CHANGELOG.rst +@@ -20,6 +20,7 @@ Deprecations: + Changes: + ^^^^^^^^ + ++- Properly raise an error if a DTLS cookie callback returned a cookie longer than ``DTLS1_COOKIE_LENGTH`` bytes. Previously this would result in a buffer-overflow. + - ``Context.set_tlsext_servername_callback`` now handles exceptions raised in the callback by calling ``sys.excepthook`` and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. + + - Expose wrappers for some `DTLS +diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py +index 6ef44d4..fa1b556 100644 +--- a/src/OpenSSL/SSL.py ++++ b/src/OpenSSL/SSL.py +@@ -556,11 +556,18 @@ class _CookieGenerateCallbackHelper(_CallbackExceptionHelper): + def __init__(self, callback): + _CallbackExceptionHelper.__init__(self) + ++ max_cookie_len = getattr(_lib, "DTLS1_COOKIE_LENGTH", 255) ++ + @wraps(callback) + def wrapper(ssl, out, outlen): + try: + conn = Connection._reverse_mapping[ssl] + cookie = callback(conn) ++ if len(cookie) > max_cookie_len: ++ raise ValueError( ++ f"Cookie too long (got {len(cookie)} bytes, " ++ f"max {max_cookie_len})" ++ ) + out[0 : len(cookie)] = cookie + outlen[0] = len(cookie) + return 1 +diff --git a/tests/test_ssl.py b/tests/test_ssl.py +index 77e1876..fb77b75 100644 +--- a/tests/test_ssl.py ++++ b/tests/test_ssl.py +@@ -4455,3 +4455,41 @@ class TestDTLS(object): + assert 0 < c.get_cleartext_mtu() < 500 + except NotImplementedError: # OpenSSL 1.1.0 and earlier + pass ++ ++ def test_cookie_generate_too_long(self) -> None: ++ s_ctx = Context(DTLS_METHOD) ++ ++ def generate_cookie(ssl: Connection) -> bytes: ++ return b"\x00" * 256 ++ ++ def verify_cookie(ssl: Connection, cookie: bytes) -> bool: ++ return True ++ ++ s_ctx.set_cookie_generate_callback(generate_cookie) ++ s_ctx.set_cookie_verify_callback(verify_cookie) ++ s_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem)) ++ s_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem)) ++ s_ctx.set_options(OP_NO_QUERY_MTU) ++ s = Connection(s_ctx) ++ s.set_accept_state() ++ ++ c_ctx = Context(DTLS_METHOD) ++ c_ctx.set_options(OP_NO_QUERY_MTU) ++ c = Connection(c_ctx) ++ c.set_connect_state() ++ ++ c.set_ciphertext_mtu(1500) ++ s.set_ciphertext_mtu(1500) ++ ++ # Client sends ClientHello ++ try: ++ c.do_handshake() ++ except SSL.WantReadError: ++ pass ++ chunk = c.bio_read(self.LARGE_BUFFER) ++ s.bio_write(chunk) ++ ++ # Server tries DTLSv1_listen, which triggers cookie generation. ++ # The oversized cookie should raise ValueError. ++ with pytest.raises(ValueError, match="Cookie too long"): ++ s.DTLSv1_listen() +-- +2.25.1 + diff --git a/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb b/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb index 13d87939b62..42de3207b46 100644 --- a/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb +++ b/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb @@ -12,6 +12,7 @@ inherit pypi setuptools3 SRC_URI += " \ file://CVE-2026-27448.patch \ + file://CVE-2026-27459.patch \ " PACKAGES =+ "${PN}-tests" From patchwork Tue Apr 7 16:15:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85454 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D853FF5123 for ; Tue, 7 Apr 2026 16:16:35 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.85278.1775578587037078078 for ; Tue, 07 Apr 2026 09:16:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=q7RuoTPg; spf=pass (domain: smile.fr, ip: 209.85.128.53, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-4887ca8e529so481555e9.0 for ; Tue, 07 Apr 2026 09:16:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578585; x=1776183385; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ugHqcjdN6zoBas+QQwnv65Xz4W7IIwZMWDc6pFdOi90=; b=q7RuoTPg9gdRRcpRjFWr6zwMsg8+Z9FtX25iSwGb2p7TzBdEDryon2lNzROizCK/Sq M7cMA9d8AewqVDblfyrVvb4DzmbZlcZZpHqS0NS6xP4Zf+Yl/S0T3dun/355m5t2b1AV sQGma5SVloawlhJXnxUtOrOY+ebDgaSk7Bolg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578585; x=1776183385; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ugHqcjdN6zoBas+QQwnv65Xz4W7IIwZMWDc6pFdOi90=; b=o/0NhV4yRd/wHcIM3/YzF1goC+wzjEGg4b+N2KdwSNEU6YERgp3oPRJNwG3200FjlN 6ee/fWODDAOw0PTD/2PyNEo1Vjv8bu7I+eJEmc7atvpfv3qRn+Mj3xrdv2fsP76Kc+/Y TQcOgKuWOlD/UI7wfpiaqnBPsXMj6/1OzmCHr9nw1BGLhBdgWgBJWZ9YC/UMRno4JQK/ Io74NW+uV3FLaqXSCpmlFB/sZIkH9tvWCkepFXhqd5UIFXlcb8drQ8oKYGyRvugBFMmX XAxRv1GcycnuxW2bQm6murcNzy4jPD5GagaycxXLCDe3SR5zvI7ZehLP2DB+bDKAPeKE NZKQ== X-Gm-Message-State: AOJu0Yylz2m3xFTgQkeZhdFlJBH/Gjh8F3kkSeXnnR7mnmX9qwfFrHDw 7doDyFEdqPNUjogjbiOuokw5xLExEL9onxxgGNjqA69ve423VC8Joz7GguHvNbnKRNdKygffcfK gi6gdmR8= X-Gm-Gg: AeBDietP6w8qd+MOFIDrSCJcpxN45CYbfwv3wEtO0HDqs1kNLRRs4JRbvV17KfZrQ16 W+Dnm5ELh4XOYKZe/ul+XUzsmBlSNoVci+Nb+ocLNWB98KCt2r8W08D0wRP+d3t9EPOUzEBiik9 iJCfAw//uya6IsPziOlVtt+SbC2kDoh06RV+HWU5LlC+qyPvl1huAmcAQ2zt+qvxGpUzzHymF4s bvMfsgIkbSnUrSAwK79aAxxSbYotxNV1EnRP+T76fU3Fnt2R8HERjwywOHcIWkeBYFRE6tc87+L TbfjHhAYsI+3ors+Tf8mTTYgWzg6bpIt4GU19XwToAnRxGw0X1ztalPhDuAxcPwSvkMaxqeMGjQ s5H8/LHtbHu0q/ytKF2h4etJWl+x5LrZfL+99NddqP91B4sAT/qwO6XLLck/AKDqGtmvuiBhgkA vD7QH3vDM+k2Ma6GD14NZzMlk3kpsk6NBtvzRAuZLdFTnnU4K/37R0s1SMx5c6/pH7AenDHNS95 cPF1JdC/6ijWXOq2Mloi7bj/2kS X-Received: by 2002:a05:600c:4f87:b0:486:faa8:9e4 with SMTP id 5b1f17b1804b1-488994a77b1mr227811705e9.12.1775578583413; Tue, 07 Apr 2026 09:16:23 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:22 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 11/19] libarchive: Fix CVE-2026-4111 Date: Tue, 7 Apr 2026 18:15:48 +0200 Message-ID: <9af05e2d56ed355c02722a24ee66b2b0d4097cb9.1775578386.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234765 From: Vijay Anusuri Pick patch according to [1] [1] https://security-tracker.debian.org/tracker/CVE-2026-4111 [2] https://github.com/libarchive/libarchive/pull/2877 [3] https://access.redhat.com/errata/RHSA-2026:5080 Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../libarchive/CVE-2026-4111-1.patch | 32 ++ .../libarchive/CVE-2026-4111-2.patch | 308 ++++++++++++++++++ .../libarchive/libarchive_3.6.2.bb | 2 + 3 files changed, 342 insertions(+) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch new file mode 100644 index 00000000000..1f065b13648 --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch @@ -0,0 +1,32 @@ +From 7273d04803a1e5a482f26d8d0fbaf2b204a72168 Mon Sep 17 00:00:00 2001 +From: Tim Kientzle +Date: Sun, 1 Mar 2026 20:24:56 -0800 +Subject: [PATCH] Reject filters when the block length is nonsensical + +Credit: Grzegorz Antoniak @antekone + +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/7273d04803a1e5a482f26d8d0fbaf2b204a72168] +CVE: CVE-2026-4111 +Signed-off-by: Vijay Anusuri +--- + libarchive/archive_read_support_format_rar5.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c +index 38979cb..867f0a8 100644 +--- a/libarchive/archive_read_support_format_rar5.c ++++ b/libarchive/archive_read_support_format_rar5.c +@@ -2914,7 +2914,9 @@ static int parse_filter(struct archive_read* ar, const uint8_t* p) { + if(block_length < 4 || + block_length > 0x400000 || + filter_type > FILTER_ARM || +- !is_valid_filter_block_start(rar, block_start)) ++ !is_valid_filter_block_start(rar, block_start) || ++ (rar->cstate.window_size > 0 && ++ (ssize_t)block_length > rar->cstate.window_size >> 1)) + { + archive_set_error(&ar->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Invalid filter encountered"); +-- +2.25.1 + diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch new file mode 100644 index 00000000000..243a03a8e5d --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch @@ -0,0 +1,308 @@ +From ef53e2023d75a205cf7cbddb5d01c4cc592e9ce4 Mon Sep 17 00:00:00 2001 +From: Tim Kientzle +Date: Sun, 1 Mar 2026 10:04:01 -0800 +Subject: [PATCH] Infinite loop in Rar5 decompression + +Found by: Elhanan Haenel + +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/ef53e2023d75a205cf7cbddb5d01c4cc592e9ce4] +CVE: CVE-2026-4111 +Signed-off-by: Vijay Anusuri +--- + Makefile.am | 2 + + libarchive/test/CMakeLists.txt | 1 + + .../test/test_read_format_rar5_loop_bug.c | 53 +++++ + .../test_read_format_rar5_loop_bug.rar.uu | 189 ++++++++++++++++++ + 4 files changed, 245 insertions(+) + create mode 100644 libarchive/test/test_read_format_rar5_loop_bug.c + create mode 100644 libarchive/test/test_read_format_rar5_loop_bug.rar.uu + +diff --git a/Makefile.am b/Makefile.am +index dd1620d..14edb2a 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -507,6 +507,7 @@ libarchive_test_SOURCES= \ + libarchive/test/test_read_format_rar_invalid1.c \ + libarchive/test/test_read_format_rar_overflow.c \ + libarchive/test/test_read_format_rar5.c \ ++ libarchive/test/test_read_format_rar5_loop_bug.c \ + libarchive/test/test_read_format_raw.c \ + libarchive/test/test_read_format_tar.c \ + libarchive/test/test_read_format_tar_concatenated.c \ +@@ -869,6 +870,7 @@ libarchive_test_EXTRA_DIST=\ + libarchive/test/test_read_format_rar5_invalid_dict_reference.rar.uu \ + libarchive/test/test_read_format_rar5_leftshift1.rar.uu \ + libarchive/test/test_read_format_rar5_leftshift2.rar.uu \ ++ libarchive/test/test_read_format_rar5_loop_bug.rar.uu \ + libarchive/test/test_read_format_rar5_multiarchive.part01.rar.uu \ + libarchive/test/test_read_format_rar5_multiarchive.part02.rar.uu \ + libarchive/test/test_read_format_rar5_multiarchive.part03.rar.uu \ +diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt +index 05c6fd7..c8f2e90 100644 +--- a/libarchive/test/CMakeLists.txt ++++ b/libarchive/test/CMakeLists.txt +@@ -156,6 +156,7 @@ IF(ENABLE_TEST) + test_read_format_rar_filter.c + test_read_format_rar_overflow.c + test_read_format_rar5.c ++ test_read_format_rar5_loop_bug.c + test_read_format_raw.c + test_read_format_tar.c + test_read_format_tar_concatenated.c +diff --git a/libarchive/test/test_read_format_rar5_loop_bug.c b/libarchive/test/test_read_format_rar5_loop_bug.c +new file mode 100644 +index 0000000..77dd78c +--- /dev/null ++++ b/libarchive/test/test_read_format_rar5_loop_bug.c +@@ -0,0 +1,53 @@ ++/*- ++ * Copyright (c) 2026 Tim Kientzle ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#include "test.h" ++ ++DEFINE_TEST(test_read_format_rar5_loop_bug) ++{ ++ const char *reffile = "test_read_format_rar5_loop_bug.rar"; ++ struct archive_entry *ae; ++ struct archive *a; ++ const void *buf; ++ size_t size; ++ la_int64_t offset; ++ ++ extract_reference_file(reffile); ++ assert((a = archive_read_new()) != NULL); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a)); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a)); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_open_filename(a, reffile, 10240)); ++ ++ // This has just one entry ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae)); ++ ++ // Read blocks until the end of the entry ++ while (ARCHIVE_OK == archive_read_data_block(a, &buf, &size, &offset)) { ++ } ++ ++ assertEqualIntA(a, ARCHIVE_EOF, archive_read_next_header(a, &ae)); ++ ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); ++ assertEqualInt(ARCHIVE_OK, archive_free(a)); ++} +diff --git a/libarchive/test/test_read_format_rar5_loop_bug.rar.uu b/libarchive/test/test_read_format_rar5_loop_bug.rar.uu +new file mode 100644 +index 0000000..3e47004 +--- /dev/null ++++ b/libarchive/test/test_read_format_rar5_loop_bug.rar.uu +@@ -0,0 +1,189 @@ ++begin 644 test_read_format_rar5_loop_bug.rar ++M4F%R(1H'`0#%&C,R`P$``)T-9%L.`@+P0`"`@`P`@`,``6'(WFP@`?\7_U/^ ++M8@!.`B`H```````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++5```````````````````Y^;*!`@4` ++` ++end +-- +2.25.1 + diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index e74326b40fd..85fe6e5baa2 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -50,6 +50,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ file://0001-Merge-pull-request-2768-from-Commandoss-master.patch \ file://CVE-2025-60753-01.patch \ file://CVE-2025-60753-02.patch \ + file://CVE-2026-4111-1.patch \ + file://CVE-2026-4111-2.patch \ " UPSTREAM_CHECK_URI = "http://libarchive.org/" From patchwork Tue Apr 7 16:15:49 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85457 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EFCE0FF512F for ; Tue, 7 Apr 2026 16:16:35 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.85277.1775578586511826903 for ; Tue, 07 Apr 2026 09:16:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=FMWXchdg; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-4852a9c6309so48574575e9.0 for ; Tue, 07 Apr 2026 09:16:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578585; x=1776183385; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BP2dmZ8/tCvcPVYoWBz+GfrxwcZDBTHysfpT3H3eCm0=; b=FMWXchdgsQdPGaqfOtl1t6KnpEZMn7qHpzXLC1L0NE+vsSFmieQ/aXFAK4bqUTtKpW BKLFoYBW2n+WtV7ZCa8Ax4VZaJEjmM0WAce8RJ4ovrRQmdltaS+0GNkb6hTcibLbjcQ4 IgSpvjLXpXwEEnt79dSzNfw1NZUR5JR8JQlmo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578585; x=1776183385; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=BP2dmZ8/tCvcPVYoWBz+GfrxwcZDBTHysfpT3H3eCm0=; b=R83pyzraSTZckS8G24zCI25UHr8ffAEj9WjCUSs7AOw8Dmv3uQ7mDERDN9D97wNPvp OjHFedJB1ny+d5ehmc4PPvTZp8QsqX4tcXjp2NxrNPNvjIqOORvyWKl0Mfwa1axe2Q0A 41vjGPOIlwanam2YaUeWvXh99v8SufDtAd03YA59Al/AWi7RP9Aj1tXXQ1uDB/xFH22Z QYOh/SNVdEiz68tcdv8saDNttcP0laDXIEB8X69b48aqDFrnYugHCTnxTpGqPVJdKVEr wKS5Q6eHPRLzAcs5N+OhK3fZo1P1Zf6asn03xvJzK3wkKcbgyFvIuJxT2UXREuBB9vgq U/4Q== X-Gm-Message-State: AOJu0Yy7E6aRqzvZqRiRT/wp74JS7WxlqfnrxSWXlJlIYgx45doaXGnL IdpvE9l+LYPTNVVkcXqwlNZf3CtyVwWnFAoZvj15FugPQZTIkhcG0bkX9qNOFd5tH73BUVMkiqC ooBguwLA= X-Gm-Gg: AeBDietJXnoBc+8vuG8AxNeDbNFVb4nKPKeAKHeciocfaGAipm8dK9UgpUaNMlr5zMW BmCKIYlGNH8WZ4oi6rKRpBxltn6A6k9d5InTg3tq4SeZIIevS9B03zSFXfI2N4QGrkQyV9zcXDL /wT3TXeQh1UGpdiQSbvQP1jN32rXn6L1TjqQqcpJu4XhyhGB9XZtGkcSWxAAnqSYcblAmwE1cBA C/YZwW/zp1qLqFNN7JwNBSq3xZSw5AJNOo5hd24HTVk4emQB7JjeRhbQmgENQPKv9THQDkOvbVz W0qLwPwMkp4hZkWgoatPWTIXasGerzk7MhkuM9JDANMBDONT5VIB9el0rF6ZHqIXFtpQTekrljA XOsysY6INxDIaHW/vrdjAmWDnhGfmIUG11++PZoy+4iiptqOypK6qaoJY3mgXlhlhOMQiKb89gU Sg9zr798vXcm+RosZBCMWqpPxiiQbVMvirckvQIv3Igz4FNMoxytROa01zrCpJWqVAvmnytsc5u NgMsHaCbCosmFBx//WwJ0zsh1T8 X-Received: by 2002:a05:600c:3495:b0:488:ab5b:d711 with SMTP id 5b1f17b1804b1-488ab5bd9camr149839685e9.23.1775578584486; Tue, 07 Apr 2026 09:16:24 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:23 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 12/19] vim: Fix CVE-2026-33412 Date: Tue, 7 Apr 2026 18:15:49 +0200 Message-ID: <910667342b78fefa22214f6375b657e8b130a24a.1775578386.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234764 From: Hitendra Prajapati Pick patch from [1] also mentioned in NVD report with [2] [1] https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a [2] https://nvd.nist.gov/vuln/detail/CVE-2026-33412 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../vim/files/CVE-2026-33412.patch | 61 +++++++++++++++++++ meta/recipes-support/vim/vim.inc | 1 + 2 files changed, 62 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2026-33412.patch diff --git a/meta/recipes-support/vim/files/CVE-2026-33412.patch b/meta/recipes-support/vim/files/CVE-2026-33412.patch new file mode 100644 index 00000000000..62daa308b58 --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-33412.patch @@ -0,0 +1,61 @@ +From 645ed6597d1ea896c712cd7ddbb6edee79577e9a Mon Sep 17 00:00:00 2001 +From: pyllyukko +Date: Thu, 19 Mar 2026 19:58:05 +0000 +Subject: [PATCH] patch 9.2.0202: [security]: command injection via newline in + glob() + +Problem: The glob() function on Unix-like systems does not escape + newline characters when expanding wildcards. A maliciously + crafted string containing '\n' can be used as a command + separator to execute arbitrary shell commands via + mch_expand_wildcards(). This depends on the user's 'shell' + setting. +Solution: Add the newline character ('\n') to the SHELL_SPECIAL + definition to ensure it is properly escaped before being + passed to the shell (pyllyukko). + +closes: #19746 + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c + +Signed-off-by: pyllyukko +Signed-off-by: Christian Brabandt + +CVE: CVE-2026-33412 +Upstream-Status: Backport [https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a] +Signed-off-by: Hitendra Prajapati +--- + src/os_unix.c | 2 +- + src/version.c | 2 ++ + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/os_unix.c b/src/os_unix.c +index cf195e62e1..d767956b1a 100644 +--- a/src/os_unix.c ++++ b/src/os_unix.c +@@ -7106,7 +7106,7 @@ mch_expandpath( + # define SEEK_END 2 + #endif + +-#define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|" ++# define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|\n" + + int + mch_expand_wildcards( +diff --git a/src/version.c b/src/version.c +index 4f3912aedd..712a3e637c 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -724,6 +724,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 1684, + /**/ + 1683, + /**/ +-- +2.50.1 + diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 289f31be707..fc9b4db055a 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://disable_acl_header_check.patch \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ + file://CVE-2026-33412.patch \ " PV .= ".1683" From patchwork Tue Apr 7 16:15:50 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85456 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9F4ABFF512B for ; Tue, 7 Apr 2026 16:16:35 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.85280.1775578587240948098 for ; Tue, 07 Apr 2026 09:16:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=rp90z9Fl; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-4887f49ec5aso70855545e9.1 for ; Tue, 07 Apr 2026 09:16:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578585; x=1776183385; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=sMEM8VvFmNdDO0qa35jZnfImu6P/RN8dlTc/DuIxpfs=; b=rp90z9FleQHkgl0bKcV25s8yQNhshU71CT3vcDW/suzrjifKfCqtJD4F5Q8dA4JHQI WpueHxFO6lOF/QjNyFO073SU1kZceGypTyW37gebKpyqPkHK3aGmaz3UJ7h1jAdx0NwK A58P5Uiq4IahHSNHomwF5C64joFkvKtjwkzAo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578585; x=1776183385; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=sMEM8VvFmNdDO0qa35jZnfImu6P/RN8dlTc/DuIxpfs=; b=ZfGdupGDQ1Tzoc0Vv6Zq4yEJrAix/rQpLkrdTGAcTmiAGx1trC+iZoGNRXmZvfDjW2 CjH6zPy+Yn3wJfpzxLERy9xmTEMu6A+2x3fOCi1/hHVuYZlqfe6RG0fcpU7aN6aMfjVR 7BECtO1ZdUrZF/gf0HpKLm1NRgCeWFB0Q7i9TYcnOa5flyA8Q53fpZuv6O6nd5DmsnYH 88u2GiTD8STrerQNOyMIB0MKQZqWfmBj4bE+qUvTurjW0ONGDGGgwvpXvunFya5R9lXM ipJ6irM0bR89/eCNEVDOH/5ccxIIZJ2MmZwh43kBGezTLK6J290YQjFqc582H+LIyRqW FWrg== X-Gm-Message-State: AOJu0YxW69PNlyzcnivnltcg1n9+n3qdC4/jPkQSry6rk0nLazzKP7lz hBgWdLiOjmIqq1nbfR5OkPsDVXtIl/LACPWICC3MR2E/7wZga1SgkdZniRclDlAA2bFmHZqQVi9 lw+4l+iA= X-Gm-Gg: AeBDiesDz3LRSpKXEczH3ik1nTFQLUSIVVOASQPlSDmeC0tOI6QdA1Ml5+307KeuBO4 eMOYnUw50bsXcU1H7sewFk6PGbZ4bVYOszCrRGpT6VSCpWzI837UxAwI1aH0JmGA2YCdKA4k0xY EwhOFNs7PZksCg73aTJRtQvOxVZqeDeWu43GMbY9DSiD3zDrT7Zf4cPYwjYjkIh5T6UbQ2mewPv ZoONG0ExZDxY57xs5roy3ILYGDzClq5OEecvVltBQPpElEY48BPAJ3EnZlQ/cNcRAYUEGGBY43t siKNYxHXWM1+ikzHGtwkqHy9lDP2MAWhdZCeJtFTe77UawzNzSt+Rr5OQF1GWWy8M51bStG/yEQ /nDUYIQ678lYzhIoMIy5CMdKKvRe9STk9nBkrZy89zi43RI3xyGibTmBQdd6dlhP2u8L7RF+f83 aHHDUav7658r8LtnU+j1AwJ43D+mbyqqoMhifDM8R9HTAw3e5BOF6OfQoxPeuSGxNkddo5ag42b mNSdAMkBUV2vTY+vZmusLzEuEGL X-Received: by 2002:a05:600c:1553:b0:488:acbc:b2e with SMTP id 5b1f17b1804b1-488acbc0ca8mr127511915e9.17.1775578585151; Tue, 07 Apr 2026 09:16:25 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:24 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 13/19] sqlite3: Fix CVE-2025-70873 Date: Tue, 7 Apr 2026 18:15:50 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234766 From: Vijay Anusuri Pick patch as per [1] [1] https://sqlite.org/src/info/3d459f1fb1bd1b5e [2] https://sqlite.org/forum/forumpost/761eac3c82 [3] https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054 Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../sqlite/files/CVE-2025-70873.patch | 33 +++++++++++++++++++ meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-70873.patch diff --git a/meta/recipes-support/sqlite/files/CVE-2025-70873.patch b/meta/recipes-support/sqlite/files/CVE-2025-70873.patch new file mode 100644 index 00000000000..86004c0b741 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2025-70873.patch @@ -0,0 +1,33 @@ +From 5a05c59d4d75c03f23d5fb70feac9f789954bf8a Mon Sep 17 00:00:00 2001 +From: drh <> +Date: Sat, 6 Dec 2025 20:41:24 +0000 +Subject: [PATCH] In the zipfile extension, only return as many bytes as + Inflate actually generated. [forum:/forumpost/761eac3c82|Forum post + 761eac3c82]. Adjust ./configure so that it builds zipfile into testfixture if + ZLIB is available, so that tests get run on unix platforms. + +FossilOrigin-Name: 3d459f1fb1bd1b5e723629c463ab392af7b206ece3388bda216c6a4c26160909 + +Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/5a05c59d4d75c03f23d5fb70feac9f789954bf8a] +CVE: CVE-2025-70873 +Signed-off-by: Vijay Anusuri +--- + shell.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/shell.c b/shell.c +index fa45d40..3c4902c 100644 +--- a/shell.c ++++ b/shell.c +@@ -7668,7 +7668,7 @@ static void zipfileInflate( + if( err!=Z_STREAM_END ){ + zipfileCtxErrorMsg(pCtx, "inflate() failed (%d)", err); + }else{ +- sqlite3_result_blob(pCtx, aRes, nOut, zipfileFree); ++ sqlite3_result_blob(pCtx, aRes, (int)str.total_out, zipfileFree); + aRes = 0; + } + } +-- +2.25.1 + diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb index acdd80022e1..9e10caa399a 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb @@ -10,6 +10,7 @@ SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://CVE-2023-7104.patch \ file://CVE-2025-29088.patch \ file://CVE-2025-6965.patch \ + file://CVE-2025-70873.patch \ " SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c" From patchwork Tue Apr 7 16:15:51 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85451 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8ABEBFF5129 for ; Tue, 7 Apr 2026 16:16:35 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.85473.1775578587755406708 for ; Tue, 07 Apr 2026 09:16:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=TtTR3IVW; spf=pass (domain: smile.fr, ip: 209.85.128.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-4887ca8e529so481665e9.0 for ; Tue, 07 Apr 2026 09:16:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578586; x=1776183386; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DnPfSxuNmlH81fbdPnvc6ltVJQ+styhsyLQRmmXMXrU=; b=TtTR3IVWF27AJTd/qZ0KUbfPI6HIDL4cAmtUdtZBZyFBElyAWlgKm596Fpt8Ml2iuA zSxAPvqXA1eku1C1312LP4NoJ+6QAcuBF+5Lt0c/ZeQkVe8/N7G4iQVS7A/JTfl8YADZ bovewBLtGafs/E08UNBD1UWQjkhPcZYOE+2NI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578586; x=1776183386; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=DnPfSxuNmlH81fbdPnvc6ltVJQ+styhsyLQRmmXMXrU=; b=sOyKe7MJZkvaFyZDLNRz43HdwRD9Z+lRvRv5f44oM76LksMweDwdSbW/VxmGcUT7qo 1aXNZVUh0Ora8U9czqNyZlPoqjHqb2mfR5nTkwPG5sGgSD//+UzC0m7ayjAJG9vg6wOe 9Gv/OuDCZinBpmFTItGYYptEfijyn4yuJYuYpLEAuoqrx/DjPmfZp4QU1f/66vhCoyXe UD+vcA7lO3CnkAYr7FhJKwvRMFv9/W3MbBqK2+DcGtDJkzQchb+uIDxGFFIGvES5an5U Krt84lPyOdfoxYXgTWC8ge9tiRqE0G8rWDnI00Fmt+debxQQiRPOFoNmdE/GdDrem7Ch DJvw== X-Gm-Message-State: AOJu0YzF18Dqj/kR/Q/Ps9IxrBBSL1dX+kGCiYK9JU9WqmeVeXY78Sd9 HKK4qwn7l9zG12UBi4IRjXXrnTg8vGoVqxt+AmPGx1nZyxguI9Pb1Me7Sj2Gr3CTTIqRlbkFles gkahr1tI= X-Gm-Gg: AeBDietYH5LwH4Tv5T57OWqRo8yY5L0AsXDwAv0IVyDOO0yVC1mHmDlxCGpbapRlY7x 7LJyrdQorGsA3WzHosJI/hyRi5LawoXV9jojAqKN597GY1wrqOk6/7+82OcBDuQthO4odSApcnf 1EE0KwQoPCEvfxISfis7T/K2ynrZ1K3Rss835azQJukEmsRVxFxyLal3ZCKdh2fJU5/emWptrNx A2jVzCc9L7rWBmwTI0kRNd7ACexABFY9oqMcN4q3W6CgXE4EbPEZmzF5Yp9E92RAWDKpI04L0gA mmr+jxYcgk7SO/dyfKSFzubno2rhgdl8adlah6uL4SdO56JbUsAwb4JNvKEpGnfxrQQNv8WJpND XgD4xZGYGORZLUK/Hku1IW+mfDd2EqNO3NXxaGeMfQzkCocL6Szb9vcJw9eb3K7fAFRgtCjRC67 LNl9Cv4lMM/5Ctn50fJUw5FiKOQ7SgPOVG7qw8IvhctDXEBnxfbsjMP24fijh4FfRexzmOpRgZ/ gn2sQbFc2+oPVFIUjnHcctUnfeh X-Received: by 2002:a05:600c:c0cf:b0:485:3c2e:60d5 with SMTP id 5b1f17b1804b1-4889945f8e8mr155108815e9.2.1775578585767; Tue, 07 Apr 2026 09:16:25 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:25 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 14/19] curl: patch CVE-2025-14524 Date: Tue, 7 Apr 2026 18:15:51 +0200 Message-ID: <69b98b1f2bd0717b0ab7adcb5d8aa9b84ae2f48b.1775578386.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234767 From: Vijay Anusuri Pick commit per [1]. [1] https://curl.se/docs/CVE-2025-14524.html [2] https://security-tracker.debian.org/tracker/CVE-2025-14524 Signed-off-by: Amaury Couderc Signed-off-by: Paul Barker Signed-off-by: Vijay Anusuri [YC: cherry-picked from scarthgap commit 951113a6e8185969444b5e28292f23434dba1f6c] Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2025-14524.patch | 42 +++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14524.patch diff --git a/meta/recipes-support/curl/curl/CVE-2025-14524.patch b/meta/recipes-support/curl/curl/CVE-2025-14524.patch new file mode 100644 index 00000000000..0ab77ade9d5 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2025-14524.patch @@ -0,0 +1,42 @@ +From b3e2318ff3cbe4a9babe5b6875916a429bd584be Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 10 Dec 2025 11:40:47 +0100 +Subject: [PATCH] curl_sasl: if redirected, require permission to use bearer + +Closes #19933 + +CVE: CVE-2025-14524 +Upstream-Status: Backport [https://github.com/curl/curl/commit/1a822275d333dc6da6043497160fd04c8fa48640] + +Signed-off-by: Amaury Couderc + +--- + lib/curl_sasl.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c +index 7e28c92..f0b0341 100644 +--- a/lib/curl_sasl.c ++++ b/lib/curl_sasl.c +@@ -345,7 +345,9 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, + data->set.str[STRING_SERVICE_NAME] : + sasl->params->service; + #endif +- const char *oauth_bearer = data->set.str[STRING_BEARER]; ++ const char *oauth_bearer = ++ (!data->state.this_is_a_follow || data->set.allow_auth_to_other_hosts) ? ++ data->set.str[STRING_BEARER] : NULL; + struct bufref nullmsg; + + Curl_bufref_init(&nullmsg); +@@ -531,7 +533,9 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, + data->set.str[STRING_SERVICE_NAME] : + sasl->params->service; + #endif +- const char *oauth_bearer = data->set.str[STRING_BEARER]; ++ const char *oauth_bearer = ++ (!data->state.this_is_a_follow || data->set.allow_auth_to_other_hosts) ? ++ data->set.str[STRING_BEARER] : NULL; + struct bufref serverdata; + + Curl_bufref_init(&serverdata); diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index 72bd1a20881..b8fa8b5266a 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -70,6 +70,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2025-14017.patch \ file://CVE-2025-15079.patch \ file://CVE-2025-15224.patch \ + file://CVE-2025-14524.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Tue Apr 7 16:15:52 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85455 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE842FF512E for ; Tue, 7 Apr 2026 16:16:35 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.85281.1775578588854089239 for ; Tue, 07 Apr 2026 09:16:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=xVAxGoQy; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-48897fd88ebso39099195e9.2 for ; Tue, 07 Apr 2026 09:16:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578587; x=1776183387; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OCrRpjcSzw3cpfrKy1N2tyj/zldtSrQhQmfan6FM4XI=; b=xVAxGoQy54gX5IkZfnPeVxR7KjC0v/kK7l2Ej9hBJwC4LeLpyNZVbuV6+tGtFosMH3 wbj3xrXnP3tZ4qHbSGrh9OK712P8Y8+z/sp8vz23sehOe5ASVTRiowSJmEo0oDQY7skC QHhnmLPFkqnUU5ZFYM9Vwi8xX4AKM66f8rgHw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578587; x=1776183387; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=OCrRpjcSzw3cpfrKy1N2tyj/zldtSrQhQmfan6FM4XI=; b=Ei/Dpca+fjpiatJBnTEIIJ1oPgwF0UwOtsFoEYQhOYFTqdupZ6oHanLYJt5IDiZzKJ UUospmn/1uvC9rnOSjBYAM+/R00WwfIvOHKW24sltjWvStNo7gOITu9MeS3VhJ7/3RHS eVA7erQb5hTL/FEj6j4TRCGBHih5r7HrUpaCu8CzuXAYlF8PPrUFN6IC3fytdDDUSM/O OrlTrkjTmkVX2aAue/OheE7V8Ruc5bmDVm2faGh9kBJnaoRWPmghFOLWaUSs5YSN5LYT HqpbCtIHtCwGNw0YVFjDbJE601XN9DaXpkk9rWLdZP02WAWmk6EEGNy+/aAc8FL+2SLp 5NSQ== X-Gm-Message-State: AOJu0Yx28Q3xbtm2MMVZso377Uotj2PGxEWw6vYHslw/JxMT5thYhgdF p6Qk73H/u9xKgU5sbfACVd05zPAYmYFOdlM/JOA9m57xhEDvG94SrgXg4JMqsQSkv46t47o5qFr v8Iw1SQQ= X-Gm-Gg: AeBDies+w7sggDRr60hXwO0TqMDnUcyiKRuFox/SF5owIac1libK1mvQRvk5ycNEmq4 CbWNkq15PfaiJsZDvAH6Y3I7I0jMpUPNW/O3ayrU/fZcEllTjvqN418ouBAEX9J6WldS+eVI0Va aaa1zLR0XInI7ngRdLzCjHEcb7NhA4Rsy2yMqMirTl9p76nSa3qkqjuIs7I5ImE9drjN2ymnTf+ hGgWvIdxih0CRUzBfs3clMXGO1kriOUHePVc6v18t/rGyooVaWxEfY+h9VRMsZWhsL0FFHIaFP0 FdXMYLizgfYAlGjLg+bukD2CvggjLab/U2zH5chVXZXFBlNrPrx2GQ4vKzjaYTS4G0Lx4iJrHNu sCrEJ61NARnKe4JGH9dQwhWOubUfkzemLpCklysHIPzFDvNcw8AuoH/g8fKRK5homsSAtGh9lNL ZT9MIjrChqXe1+2LHHmzVaCr59PqW4A/HfQ6+Ewe6M9h0Tv/Wi995KBq97xtnrnQ8J+YhvkRDJM IseIPvyEFo3Os6XhKUiw50QQGn+ X-Received: by 2002:a05:600c:c8d:b0:486:fb69:4960 with SMTP id 5b1f17b1804b1-48899794fe6mr236297115e9.19.1775578586818; Tue, 07 Apr 2026 09:16:26 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:26 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 15/19] curl: patch CVE-2026-1965 Date: Tue, 7 Apr 2026 18:15:52 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234768 From: Vijay Anusuri pick patches from ubuntu per [1] [1] https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz [2] https://ubuntu.com/security/CVE-2026-1965 [3] https://curl.se/docs/CVE-2026-1965.html Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2026-1965-1.patch | 98 +++++++++++++++++++ .../curl/curl/CVE-2026-1965-2.patch | 29 ++++++ meta/recipes-support/curl/curl_7.82.0.bb | 2 + 3 files changed, 129 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-1.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-2.patch diff --git a/meta/recipes-support/curl/curl/CVE-2026-1965-1.patch b/meta/recipes-support/curl/curl/CVE-2026-1965-1.patch new file mode 100644 index 00000000000..1d0f5c59e8d --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-1965-1.patch @@ -0,0 +1,98 @@ +From 34fa034d9a390c4bd65e2d05262755ec8646ac12 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 5 Feb 2026 08:34:21 +0100 +Subject: [PATCH] url: fix reuse of connections using HTTP Negotiate + +Assume Negotiate means connection-based + +Reported-by: Zhicheng Chen +Closes #20534 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/34fa034d9a390c4bd6] +Backported by Ubuntu team https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz + +CVE: CVE-2026-1965 +Signed-off-by: Vijay Anusuri +--- + lib/url.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 82 insertions(+), 5 deletions(-) + +--- a/lib/url.c ++++ b/lib/url.c +@@ -1145,6 +1145,18 @@ ConnectionExists(struct Curl_easy *data, + #endif + #endif + ++#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) ++ bool wantNegohttp = ++ (data->state.authhost.want & CURLAUTH_NEGOTIATE) && ++ (needle->handler->protocol & PROTO_FAMILY_HTTP); ++#ifndef CURL_DISABLE_PROXY ++ bool wantProxyNegohttp = ++ needle->bits.proxy_user_passwd && ++ (data->state.authproxy.want & CURLAUTH_NEGOTIATE) && ++ (needle->handler->protocol & PROTO_FAMILY_HTTP); ++#endif ++#endif ++ + *force_reuse = FALSE; + *waitpipe = FALSE; + +@@ -1496,6 +1508,57 @@ ConnectionExists(struct Curl_easy *data, + continue; + } + #endif ++ ++#ifdef USE_SPNEGO ++ /* If we are looking for an HTTP+Negotiate connection, check if this is ++ already authenticating with the right credentials. If not, keep looking ++ so that we can reuse Negotiate connections if possible. */ ++ if(wantNegohttp) { ++ if(Curl_timestrcmp(needle->user, check->user) || ++ Curl_timestrcmp(needle->passwd, check->passwd)) ++ continue; ++ } ++ else if(check->http_negotiate_state != GSS_AUTHNONE) { ++ /* Connection is using Negotiate auth but we do not want Negotiate */ ++ continue; ++ } ++ ++#ifndef CURL_DISABLE_PROXY ++ /* Same for Proxy Negotiate authentication */ ++ if(wantProxyNegohttp) { ++ /* Both check->http_proxy.user and check->http_proxy.passwd can be ++ * NULL */ ++ if(!check->http_proxy.user || !check->http_proxy.passwd) ++ continue; ++ ++ if(Curl_timestrcmp(needle->http_proxy.user, ++ check->http_proxy.user) || ++ Curl_timestrcmp(needle->http_proxy.passwd, ++ check->http_proxy.passwd)) ++ continue; ++ } ++ else if(check->proxy_negotiate_state != GSS_AUTHNONE) { ++ /* Proxy connection is using Negotiate auth but we do not want Negotiate */ ++ continue; ++ } ++#endif ++ if(wantNTLMhttp || wantProxyNTLMhttp) { ++ /* Credentials are already checked, we may use this connection. We MUST ++ * use a connection where it has already been fully negotiated. If it has ++ * not, we keep on looking for a better one. */ ++ chosen = check; ++ if((wantNegohttp && ++ (check->http_negotiate_state != GSS_AUTHNONE)) || ++ (wantProxyNegohttp && ++ (check->proxy_negotiate_state != GSS_AUTHNONE))) { ++ /* We must use this connection, no other */ ++ *force_reuse = TRUE; ++ break; ++ } ++ continue; /* get another */ ++ } ++#endif ++ + if(canmultiplex) { + /* We can multiplex if we want to. Let's continue looking for + the optimal connection to use. */ diff --git a/meta/recipes-support/curl/curl/CVE-2026-1965-2.patch b/meta/recipes-support/curl/curl/CVE-2026-1965-2.patch new file mode 100644 index 00000000000..fa5fefd2517 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-1965-2.patch @@ -0,0 +1,29 @@ +From f1a39f221d57354990e3eeeddc3404aede2aff70 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Sat, 21 Feb 2026 18:11:41 +0100 +Subject: [PATCH] url: fix copy and paste url_match_auth_nego mistake + +Follow-up to 34fa034 +Reported-by: dahmono on github +Closes #20662 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/f1a39f221d57354990] +Backported by Ubuntu team https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz + +CVE: CVE-2026-1965 +Signed-off-by: Vijay Anusuri +--- + lib/url.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/lib/url.c ++++ b/lib/url.c +@@ -1542,7 +1542,7 @@ ConnectionExists(struct Curl_easy *data, + continue; + } + #endif +- if(wantNTLMhttp || wantProxyNTLMhttp) { ++ if(wantNegohttp || wantProxyNegohttp) { + /* Credentials are already checked, we may use this connection. We MUST + * use a connection where it has already been fully negotiated. If it has + * not, we keep on looking for a better one. */ diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index b8fa8b5266a..0e107f1e753 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -71,6 +71,8 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2025-15079.patch \ file://CVE-2025-15224.patch \ file://CVE-2025-14524.patch \ + file://CVE-2026-1965-1.patch \ + file://CVE-2026-1965-2.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Tue Apr 7 16:15:53 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85453 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64F39FF5126 for ; Tue, 7 Apr 2026 16:16:35 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.85283.1775578589386580380 for ; Tue, 07 Apr 2026 09:16:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=a4pDfmdb; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-48896199cbaso47056055e9.1 for ; Tue, 07 Apr 2026 09:16:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578587; x=1776183387; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=mHQ/4LWJhGkDYCDuIEIGCpAaK6+07wKzkT6vBVw3cXE=; b=a4pDfmdbb79C0hQSXEj/3VCsjEzRqMLZJ6S0qJOJuVU36ymAeeugFI0DgDH8n7xfU9 hDR019GqwzRNDBckrEzDS6BMl78FQPBDZMq/BY84TXPJuTBx4nqPR+Um4ze5dcD4VFdc LelU3cl2xnndsddpzRT8LTfdDAGpqi8jFwTjE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578587; x=1776183387; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=mHQ/4LWJhGkDYCDuIEIGCpAaK6+07wKzkT6vBVw3cXE=; b=efvUxYS4yVegyqgLD9gD6iku5ukofJFnDr37wzvztroyI+lKt7LaJayrSV6cpzNIw9 Pv0FHiD2J4T+/IKKcVcErn89apGo70RzG07UWowfges+0UOqTX3RKuPGSsde70FzD44m xEaHwxbPeoBES/dz1e3tQfbMhKZ94CTYfCJ7+oiFfc3EGzK7/71HjhpRcHNq3TRLzIbd 23/bJXAcJUgCI8qkarHrMwMTuEwluyJ3AL3l6m6EviDDI/qi4rtZVjAVd2lPbE0tZ+mL +S0WMk4eya7PuYh/NuoftmAeKaPOq6/E8oUYV1g1twZ3k1irAuwRnMnUbkTU145BtTBB eBEw== X-Gm-Message-State: AOJu0YzcNoHwFJaeJDmzcWlCU54ubWLF4DPgfytldT+LQ/Hqp13Xl7fz vNEN4RFWZM5+CTfVPxEgcQ96V7//OKylpC79qPBnXgSY2ojjklNiF2cHyyxxe6UDSD90DVy8pQ3 /qZUlASo= X-Gm-Gg: AeBDiesvYOSzraJgQQWHIt3JxV0ev0SrV0z8w0ww90OZi2wZnBCP43D2BK21ArZTDZq bedhcKBmJfLBtaVckkDxKrXkk38Y8cEmjyselyLob9GgGc4QRk4aTpVPL4q2SeWL32WJjA9lAmH NPQZMC/Qmt2apDzlI+PizvTMupMCWnMm6O1AAYi2XguKfDc3W+c7OcmR088TsXbWWgM0tO2L5/w CRICtkFijUORf0HeRCTu6lBgoKQWQOxxv3th2+dRW7cTm3Y7KqgBdjnnYcQYXvg+T/AsU+z5yFW p5K42SwUpgRD81HRJAnrlZU+Axf6uWtxg9x2cbLSSV5wPH37NmmwXM+gHJUVihMjU7nsLegEtxW CR+9J6NTREYDISLc0UbzlIS7++gicQ5T317r3ClEgJjTxvzbhYnn4dSDbA6JGn2vowek0NR0njI iDRI2GDGj72C77IEHYnnEkH5FlCzxLP3DKdFYKTc3eZDFgOxW5j/XLRaRABrMtRxYfooSg+LZNm VAJZi51TROSUEOF3r4gJUMADR6B7NjhsjNh08A= X-Received: by 2002:a05:600c:8b33:b0:485:3fa9:358c with SMTP id 5b1f17b1804b1-488997b2291mr275686795e9.17.1775578587453; Tue, 07 Apr 2026 09:16:27 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:27 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 16/19] curl: patch CVE-2026-3783 Date: Tue, 7 Apr 2026 18:15:53 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234769 From: Vijay Anusuri CVE-2026-3783-pre1.patch is dependency patch for CVE-2026-3783.patch cherry picked from upstream commit: https://github.com/curl/curl/commit/d7b970e46ba29a7e558e21d19f485977ffed6266 https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877 Reference: https://curl.se/docs/CVE-2026-3783.html Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2026-3783-pre1.patch | 66 ++++++++ .../curl/curl/CVE-2026-3783.patch | 157 ++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 2 + 3 files changed, 225 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783.patch diff --git a/meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch b/meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch new file mode 100644 index 00000000000..746e5d9ab6c --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch @@ -0,0 +1,66 @@ +From d7b970e46ba29a7e558e21d19f485977ffed6266 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 29 Apr 2022 22:56:47 +0200 +Subject: [PATCH] http: move Curl_allow_auth_to_host() + +It was mistakenly put within the CURL_DISABLE_HTTP_AUTH #ifdef + +Reported-by: Michael Olbrich +Fixes #8772 +Closes #8775 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/d7b970e46ba29a7e558e21d19f485977ffed6266] +CVE: CVE-2026-3783 #Dependency Patch +Signed-off-by: Vijay Anusuri +--- + lib/http.c | 30 +++++++++++++++--------------- + 1 file changed, 15 insertions(+), 15 deletions(-) + +diff --git a/lib/http.c b/lib/http.c +index 0d5c449bc72a..b215307dcaaa 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -651,6 +651,21 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data) + return result; + } + ++/* ++ * Curl_allow_auth_to_host() tells if authentication, cookies or other ++ * "sensitive data" can (still) be sent to this host. ++ */ ++bool Curl_allow_auth_to_host(struct Curl_easy *data) ++{ ++ struct connectdata *conn = data->conn; ++ return (!data->state.this_is_a_follow || ++ data->set.allow_auth_to_other_hosts || ++ (data->state.first_host && ++ strcasecompare(data->state.first_host, conn->host.name) && ++ (data->state.first_remote_port == conn->remote_port) && ++ (data->state.first_remote_protocol == conn->handler->protocol))); ++} ++ + #ifndef CURL_DISABLE_HTTP_AUTH + /* + * Output the correct authentication header depending on the auth type +@@ -775,21 +790,6 @@ output_auth_headers(struct Curl_easy *data, + return CURLE_OK; + } + +-/* +- * Curl_allow_auth_to_host() tells if authentication, cookies or other +- * "sensitive data" can (still) be sent to this host. +- */ +-bool Curl_allow_auth_to_host(struct Curl_easy *data) +-{ +- struct connectdata *conn = data->conn; +- return (!data->state.this_is_a_follow || +- data->set.allow_auth_to_other_hosts || +- (data->state.first_host && +- strcasecompare(data->state.first_host, conn->host.name) && +- (data->state.first_remote_port == conn->remote_port) && +- (data->state.first_remote_protocol == conn->handler->protocol))); +-} +- + /** + * Curl_http_output_auth() setups the authentication headers for the + * host/proxy and the correct authentication diff --git a/meta/recipes-support/curl/curl/CVE-2026-3783.patch b/meta/recipes-support/curl/curl/CVE-2026-3783.patch new file mode 100644 index 00000000000..769198d6883 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-3783.patch @@ -0,0 +1,157 @@ +From e3d7401a32a46516c9e5ee877e613e62ed35bddc Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 6 Mar 2026 23:13:07 +0100 +Subject: [PATCH] http: only send bearer if auth is allowed + +Verify with test 2006 + +Closes #20843 + +Curl_auth_allowed_to_host() function got renamed from +Curl_allow_auth_to_host() by the commit +https://github.com/curl/curl/commit/72652c0613d37ce18e99cca17a42887f12ad43da + +Current curl version 7.82.0 has function Curl_allow_auth_to_host() + +Upstream-Status: Backport [https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877] +CVE: CVE-2026-3783 +Signed-off-by: Vijay Anusuri +--- + lib/http.c | 1 + + tests/data/Makefile.inc | 2 +- + tests/data/test2006 | 98 +++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 100 insertions(+), 1 deletion(-) + create mode 100644 tests/data/test2006 + +diff --git a/lib/http.c b/lib/http.c +index 691091b..6acd537 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -757,6 +757,7 @@ output_auth_headers(struct Curl_easy *data, + if(authstatus->picked == CURLAUTH_BEARER) { + /* Bearer */ + if((!proxy && data->set.str[STRING_BEARER] && ++ Curl_allow_auth_to_host(data) && + !Curl_checkheaders(data, STRCONST("Authorization")))) { + auth = "Bearer"; + result = http_output_bearer(data); +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index ad41a5e..e641cb8 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -221,7 +221,7 @@ test1916 test1917 test1918 \ + \ + test1933 test1934 test1935 test1936 test1937 test1938 test1939 \ + \ +-test2000 test2001 test2002 test2003 test2004 \ ++test2000 test2001 test2002 test2003 test2004 test2006 \ + \ + test2023 \ + test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \ +diff --git a/tests/data/test2006 b/tests/data/test2006 +new file mode 100644 +index 0000000..200d30a +--- /dev/null ++++ b/tests/data/test2006 +@@ -0,0 +1,98 @@ ++ ++ ++ ++ ++netrc ++HTTP ++ ++ ++# Server-side ++ ++ ++HTTP/1.1 301 Follow this you fool ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 6 ++Connection: close ++Location: http://b.com/%TESTNUMBER0002 ++ ++-foo- ++ ++ ++ ++HTTP/1.1 200 OK ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 7 ++Connection: close ++ ++target ++ ++ ++ ++HTTP/1.1 301 Follow this you fool ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 6 ++Connection: close ++Location: http://b.com/%TESTNUMBER0002 ++ ++HTTP/1.1 200 OK ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 7 ++Connection: close ++ ++target ++ ++ ++ ++# Client-side ++ ++ ++http ++ ++ ++proxy ++ ++ ++.netrc default with redirect plus oauth2-bearer ++ ++ ++--netrc --netrc-file %LOGDIR/netrc%TESTNUMBER --oauth2-bearer SECRET_TOKEN -L -x http://%HOSTIP:%HTTPPORT/ http://a.com/ ++ ++ ++default login testuser password testpass ++ ++ ++ ++ ++ ++GET http://a.com/ HTTP/1.1 ++Host: a.com ++Authorization: Bearer SECRET_TOKEN ++User-Agent: curl/%VERSION ++Accept: */* ++Proxy-Connection: Keep-Alive ++ ++GET http://b.com/%TESTNUMBER0002 HTTP/1.1 ++Host: b.com ++User-Agent: curl/%VERSION ++Accept: */* ++Proxy-Connection: Keep-Alive ++ ++ ++ ++ +-- +2.25.1 + diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index 0e107f1e753..f50af1d4722 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -73,6 +73,8 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2025-14524.patch \ file://CVE-2026-1965-1.patch \ file://CVE-2026-1965-2.patch \ + file://CVE-2026-3783-pre1.patch \ + file://CVE-2026-3783.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Tue Apr 7 16:15:54 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85450 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48B7EFF5125 for ; Tue, 7 Apr 2026 16:16:35 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.85284.1775578589824163701 for ; Tue, 07 Apr 2026 09:16:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=FZ/YAYlS; spf=pass (domain: smile.fr, ip: 209.85.128.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-488a29e6110so33956275e9.3 for ; Tue, 07 Apr 2026 09:16:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578588; x=1776183388; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ImvltFtUT4cB6LZ4Yhh3fO4WvYNXpQvW2K3n+YAiVQk=; b=FZ/YAYlS8zHyoHzbbVtH/C7qNEyOlwP/tBJ692kmMRm4KcYaf8bfPoIRkUKoqSZAoU +k2QPnZ9fVbpqoPm3runbFI5NdC68cto5LH5e7BGvOCuuUqGo/ijcPj5n2hIIBqdS/3l GDBErz/yFvzhbpKDX4dMD2AquPBx00AQHc3/c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578588; x=1776183388; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ImvltFtUT4cB6LZ4Yhh3fO4WvYNXpQvW2K3n+YAiVQk=; b=Ld8DmOBEt4OtTyuLOXcS7IGLjWhPi//4Hjnw5pcjDQ3SQnwt8XZb751yCmWnklA2Rv f3zJ2g9mj+ivRnkSbt9bTYhxsiYeeAUSopGHoCOoKl9alMpuxZEESD+F72QgG2PS7DMN f7VZwx7XejnntdooIBeR32ZSzmMou0hA51Y4+m/1QQx++SyRG2+HrkgRnPCWqjyl2qZY L5Ki8o4Yt+5ZM4MP0a3vHuGPKQAZLwh1pGo/QMXMt0ROSKOwmkHIn59khCDxhYbnRZgK aXpAoHg5DutARC6okpPeBq0admSRAf4HnMJ/Su6bMccJm0hsJwhYYqSVc4nw8MOLx3sb E9Hg== X-Gm-Message-State: AOJu0YyHO9XT3IhuCBQ7zvJHR5zTWMwpEaNVpf4cVL+C1795Up/tjIV3 snfOZtbQn/5W/xuY5Eh8co3Ar8uTZc7zi67ID3MKDuW76gnue1ja+F3rK68j43e9F6KmCAC6Dgm 5yi4+iYU= X-Gm-Gg: AeBDieuV5ZKOutVFoagOej+CgbqUD3UdSMq9vmbsNbjCpRnzMq84kCS578hX9XbXKs9 8oOczb6lJtSs92ew91CjxYM49qhZhXACThR3luGjnfNjkrlVMmhVvniLhlAJei/2s6wbrT19fKX JMG3Uu9gVGrXJ09G/0HoB/uH4m/HTT3w/nyV2Z466Mwp2oYlYgfUfewSt8hUX83t018DBWaT8o0 2ruDXo9fc7wdvhG2STEWwgfRaBtUecz6AlQK+URQef50zORpW5zv2anVACex5MktKtsiB47IXNl Y8wX8TCPh4o5Y2gXVI7caG1wvqVGoKcH8htQZEAWUgBNLogOh+ZByH+mDfKg3v7p5iHs33Sin3H r5xZ8ulCSwr6FMUaGKfPHv5Q+Or/c7j8iEzh1tZNwbHOYfAmTuznkAi2ZVFvw0yItyKTi9WUg8P nGNX3pBYdNOvkn5J4Nj2H1TfbF4CW+gzyjCOZ5XH0OytozCehY3U8lxaLGM+mIT1SHuHLJCKM1c E7akdWIXsoqbrhSGbasoq1vCCsM X-Received: by 2002:a05:600c:6305:b0:480:690e:f14a with SMTP id 5b1f17b1804b1-4889978c561mr241491345e9.14.1775578587959; Tue, 07 Apr 2026 09:16:27 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:27 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 17/19] curl: patch CVE-2026-3784 Date: Tue, 7 Apr 2026 18:15:54 +0200 Message-ID: <659a32145680054823581ddcf6412410247df108.1775578386.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234770 From: Vijay Anusuri pick patch from ubuntu per [1] [1] https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz [2] https://ubuntu.com/security/CVE-2026-3784 [3] https://curl.se/docs/CVE-2026-3784.html Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2026-3784.patch | 73 +++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 74 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3784.patch diff --git a/meta/recipes-support/curl/curl/CVE-2026-3784.patch b/meta/recipes-support/curl/curl/CVE-2026-3784.patch new file mode 100644 index 00000000000..95784e47637 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-3784.patch @@ -0,0 +1,73 @@ +From 5f13a7645e565c5c1a06f3ef86e97afb856fb364 Mon Sep 17 00:00:00 2001 +From: Stefan Eissing +Date: Fri, 6 Mar 2026 14:54:09 +0100 +Subject: [PATCH] proxy-auth: additional tests + +Also eliminate the special handling for socks proxy match. + +Closes #20837 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/5f13a7645e565c5c1a06f3] +Backported by Ubuntu team https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz + +CVE: CVE-2026-3784 +Signed-off-by: Vijay Anusuri +--- + lib/url.c | 28 +++++++--------------------- + tests/http/test_13_proxy_auth.py | 20 ++++++++++++++++++++ + tests/http/testenv/curl.py | 18 +++++++++++++++--- + 3 files changed, 42 insertions(+), 24 deletions(-) + +--- a/lib/url.c ++++ b/lib/url.c +@@ -930,33 +930,15 @@ proxy_info_matches(const struct proxy_in + { + if((data->proxytype == needle->proxytype) && + (data->port == needle->port) && +- Curl_safe_strcasecompare(data->host.name, needle->host.name)) +- return TRUE; ++ curl_strequal(data->host.name, needle->host.name)) { + ++ if(Curl_timestrcmp(data->user, needle->user) || ++ Curl_timestrcmp(data->passwd, needle->passwd)) ++ return FALSE; ++ return TRUE; ++ } + return FALSE; + } +- +-static bool +-socks_proxy_info_matches(const struct proxy_info *data, +- const struct proxy_info *needle) +-{ +- if(!proxy_info_matches(data, needle)) +- return FALSE; +- +- /* the user information is case-sensitive +- or at least it is not defined as case-insensitive +- see https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.1 */ +- +- /* curl_strequal does a case insentive comparison, so do not use it here! */ +- if(Curl_timestrcmp(data->user, needle->user) || +- Curl_timestrcmp(data->passwd, needle->passwd)) +- return FALSE; +- return TRUE; +-} +-#else +-/* disabled, won't get called */ +-#define proxy_info_matches(x,y) FALSE +-#define socks_proxy_info_matches(x,y) FALSE + #endif + + /* A connection has to have been idle for a shorter time than 'maxage_conn' +@@ -1282,8 +1264,8 @@ ConnectionExists(struct Curl_easy *data, + continue; + + if(needle->bits.socksproxy && +- !socks_proxy_info_matches(&needle->socks_proxy, +- &check->socks_proxy)) ++ !proxy_info_matches(&needle->socks_proxy, ++ &check->socks_proxy)) + continue; + #endif + if(needle->bits.conn_to_host != check->bits.conn_to_host) diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index f50af1d4722..a2ee5736810 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -75,6 +75,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2026-1965-2.patch \ file://CVE-2026-3783-pre1.patch \ file://CVE-2026-3783.patch \ + file://CVE-2026-3784.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Tue Apr 7 16:15:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85452 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31270FF511F for ; Tue, 7 Apr 2026 16:16:35 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.85475.1775578590975995459 for ; Tue, 07 Apr 2026 09:16:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=CfKKTG5b; spf=pass (domain: smile.fr, ip: 209.85.128.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-488b0046078so23861955e9.1 for ; Tue, 07 Apr 2026 09:16:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578589; x=1776183389; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=dojgKuj1U3Ofmia7xnsKS6kU/Ct53OOxwo7dApi+roE=; b=CfKKTG5bdXC97+c9Adboj3w6av9cixrZeZdDKBNiNCeVYPuu0PJ7XDQt48DbdIVo8G jYSkIf7L+YanzVZi26S85R728OCf2dND2WHZfydpoXMXhwBIsjLbEYBUJ9lcRQjlVycb MFVdQcspFWgA4q9ZxT2vGqikpST053AzlY8AQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578589; x=1776183389; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=dojgKuj1U3Ofmia7xnsKS6kU/Ct53OOxwo7dApi+roE=; b=kirhb2NjIYUoFnI8S8lGeddNkvfBOKruSUrGmh3rvBdO3WNI60fxUvAslk9rwI+G4N lfJNniPHJbUyfI59KPsaW0JU9RLLcvwUeuzfQanY7a3wvH8D9UPLA8Hwqn2vHxcPuN17 cJ9n4yWOaKT4OuDFV1/vbpyUKiAajlKza2vt+HG1r6+c7HOw9apko7i+2YXR4hlsATDR /nfTnxF2oRDQ38TwBJvortt3MoScAnZE9x/PPh6Yq/ChIXq6lg6txVzo8N1CGWn95/B6 oWY3XUFxuSfsLr3QIw+Iae6raDN74VdU/LzTmDhMz5RA4J877sk8Aueee4NE4J5GEDyL xBJA== X-Gm-Message-State: AOJu0YxzXHY140wvjvkG+29bEoM+k2WYzEAHwrReMH6FnmKuXUI9s7ph pOylMEf9Rm4Maw8FflPEN243QrIRZ66jNiZG4SwMhrFAXWQOJTaQfgiP99RxccAB54nON2xPHMQ IddDMdoQ= X-Gm-Gg: AeBDiesGO7Ls+gHUN6XVCHeDAhCZCH2X4mQkkjT655s6C8wnXqVGegOvTU27teYamHg M6nCvKSiAR8iBtb6Vif1old6xsZOUVX2eVMje38lp4jlHLKe8RIHUbPFboggXmaig64Z4E1zq4C VGrD2oidaUw6Rp/3aiNPs/qTx7NY8qPG5cBLx5M6Tmg5+CmBYyS4wP3Rt9Q8Yxk1/yw03eeL7rh wxSyMzsJUQgedQwvrSprLkXOm1l4CN9XZB20Qx9THEU72q1umYpZQpY9mth2Ev9oVJhdVBsuYHz tDNxWMfkoYEzGkzi8i8bmYJzfU4bQ0ca2mWGfzE1ZC7N2LdPdSgmUyyM9o/0TBQnmgD3/n2Pl8e 3YvdzRXs2/X7qzWfxw1aXaCPUBkpiuClKRsUXaMz1lqqdX7mXYal5b6c87AE/G1ehqpinB153R6 yG0mbsUeBh+fzwA20MECdadsWtaeI4OOJ3CVQtPWwvl+133k4v9p2e96UtnB8F6LiDWbrVrQPLF 4hPUPTn1zjRAVvlUmmmVyoK37ifjnY87othVY4= X-Received: by 2002:a05:600c:3b23:b0:485:17a7:b9c7 with SMTP id 5b1f17b1804b1-488996ecd50mr231851245e9.10.1775578588914; Tue, 07 Apr 2026 09:16:28 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:28 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 18/19] ncurses: fix for CVE-2025-69720 Date: Tue, 7 Apr 2026 18:15:55 +0200 Message-ID: <4a046b39185314ceafbc7846b9c00fb8984c71ce.1775578386.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234771 From: Hitendra Prajapati Pick relevant part of snapshot commit 20251213, see [1]. That has: add a limit-check in infocmp -i option (report/example by Yixuan Cao). [1] https://invisible-island.net/ncurses/NEWS.html#index-t20251213 References: 1. https://github.com/Cao-Wuhui/CVE-2025-69720 2. https://nvd.nist.gov/vuln/detail/CVE-2025-69720 3. https://access.redhat.com/errata/RHSA-2026:5913 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../ncurses/files/CVE-2025-69720.patch | 42 +++++++++++++++++++ .../ncurses/ncurses_6.3+20220423.bb | 1 + 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-core/ncurses/files/CVE-2025-69720.patch diff --git a/meta/recipes-core/ncurses/files/CVE-2025-69720.patch b/meta/recipes-core/ncurses/files/CVE-2025-69720.patch new file mode 100644 index 00000000000..d570b2007a7 --- /dev/null +++ b/meta/recipes-core/ncurses/files/CVE-2025-69720.patch @@ -0,0 +1,42 @@ +From 6f6db0e8fd14e40096a0ee6f8bdf32dedbd3fc9e Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati +Date: Mon, 6 Apr 2026 18:08:09 +0530 +Subject: [PATCH] add limit-check in infocmp + +origin : https://invisible-island.net/archives/ncurses/6.5/ncurses-6.5-20251213.patch.gz +Refer: https://github.com/Cao-Wuhui/CVE-2025-69720 +patch by : Thomas E. Dickey + +CVE: CVE-2025-69720 +Upstream-Status: Backport [https://github.com/ThomasDickey/ncurses-snapshots/commit/6f6db0e8fd14e40096a0ee6f8bdf32dedbd3fc9e] +Signed-off-by: Hitendra Prajapati +--- + progs/infocmp.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/progs/infocmp.c b/progs/infocmp.c +index 0ee0b958..538aca5a 100644 +--- a/progs/infocmp.c ++++ b/progs/infocmp.c +@@ -816,7 +816,7 @@ lookup_params(const assoc * table, char *dst, char *src) + static void + analyze_string(const char *name, const char *cap, TERMTYPE2 *tp) + { +- char buf2[MAX_TERMINFO_LENGTH]; ++ char buf2[MAX_TERMINFO_LENGTH + 1]; + const char *sp; + const assoc *ap; + int tp_lines = tp->Numbers[2]; +@@ -846,7 +846,8 @@ analyze_string(const char *name, const char *cap, TERMTYPE2 *tp) + if (VALID_STRING(cp) && + cp[0] != '\0' && + cp != cap) { +- len = strlen(cp); ++ if ((len = strlen(cp)) > MAX_TERMINFO_LENGTH) ++ len = MAX_TERMINFO_LENGTH; + _nc_STRNCPY(buf2, sp, len); + buf2[len] = '\0'; + +-- +2.50.1 + diff --git a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb index 68a845f27c8..15ea2756cdb 100644 --- a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb +++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb @@ -7,6 +7,7 @@ SRC_URI += "file://0001-tic-hang.patch \ file://CVE-2023-50495.patch \ file://CVE-2023-45918.patch \ file://CVE-2025-6141.patch \ + file://CVE-2025-69720.patch \ " # commit id corresponds to the revision in package version SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260" From patchwork Tue Apr 7 16:15:56 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85448 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1678BFF5117 for ; Tue, 7 Apr 2026 16:16:35 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.85476.1775578591435330751 for ; Tue, 07 Apr 2026 09:16:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=PMW4uKhz; spf=pass (domain: smile.fr, ip: 209.85.128.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-488b3f8fa2bso417975e9.1 for ; Tue, 07 Apr 2026 09:16:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775578590; x=1776183390; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=E7WGJo+r4HFWOocOezDDbAgVUcH9E73x0W7UiWaboFc=; b=PMW4uKhzYL7xOwcRxYAkHU+VfOq2I+eAhKhK6ROdaGhkouMVfUDNRkOf0LXLFX+lZG +n1+67b5LtYNa6ysRVgNd1mxYYFJV5LGqMotY5l6YrN7DZ3m4+cZxLpAd4136UWxmGaK YyU69IDNuYvuwSAeprAhOnKRg8QM2Fy8nv12Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775578590; x=1776183390; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=E7WGJo+r4HFWOocOezDDbAgVUcH9E73x0W7UiWaboFc=; b=ddkRjde8x2+3XH47WV6vaEsIFAzf0oxY8TVYOgSPD6qKKNL/mzx592w5QAf5LJRLvb pnyCV2DYi8qs6jYXf4buYCce9QVdIrtX0UmLI6dV9KkPw6o7twWwGmDXIalhCTCS+mgi Z4Eno5S4VQpp+RPvtIfpOpDqXLFb3DOyIEtom1StSrq8V0qLElaPdaQwem3hyHqTm3Yp KvS0QojmA85ZcMqXkwbgTjNu0ZX+hl0TMhi3yYt+47FguqpPfV4dXuL5rYhSOdBOOJGu 8gpQGzRSvABEGouJ7T7HKd0LDYP0yCqkEdE3IHgYFUpj/kkxEZQaNOzj6fNKgP4S7UKE O+cQ== X-Gm-Message-State: AOJu0YwqU/CMoGFELimFthYEB0vBMbbsrvvw5rGPJhYYHeuaCizE4P/6 zgy6tW/4AQv2Cdi7Ls/RAhh0r7HZa+3ApBAdWcnjynnPs+q3q8+FyqkCT1r+REqALQKoROYhrwm oibrMbmc= X-Gm-Gg: AeBDies+gfV3C8LGGWy5oU8Up/5qQhhZztqiZI7bjOonYpLpq+ayjYadQLX9+dwughv m5l+Kng208UJQMRJl38fVILltSjxavz6YUE3wLds1xBPgYCEZKDnQC6NMkHSlbFrRGuhUOjKuZQ dk+4bKjYSYDRRstGAS4/KmiiqFH7uUzOqnm6R/1saT3cZHqUSRL4J/Ya+wjunAJ6UgyHgVHma6O HIlVMbhrXk3Sl33NnCgamxxrjFUeahkV5nTlH6Gv2k8ILeawoltScYqUKxqPzUxORdzl9wxhmLa c/laag3VhepeDB+MCZXRL7Yom9NFSwCkFCeaD1xWikcN1DArIiuAIZcp8wliiG8Eiob9w7c5OlH xDEGGPVr5nv52cIGwG8sh9vg0NR1ncei3aN6Q7wdzwwTqgzV9JWtGvB0+UJkO2ktwMqabN5g/eX uWSUIrmW37ZM12t5wETciL7M5vHjrzuzX2aNqcyqI/DfnydyKdXvNYx9gEB1xiS0M0H7jbAbb+z +EKxfLACKfdweMny5oTwqKrYeuN X-Received: by 2002:a05:600c:5289:b0:487:22ad:403e with SMTP id 5b1f17b1804b1-488994b34b4mr259901845e9.14.1775578589597; Tue, 07 Apr 2026 09:16:29 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa003bbe8013556e3516.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:3bbe:8013:556e:3516]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488c4b57febsm1195665e9.4.2026.04.07.09.16.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2026 09:16:29 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 19/19] scripts/install-buildtools: Update to 4.0.34 Date: Tue, 7 Apr 2026 18:15:56 +0200 Message-ID: <94df79c304f692b0108155e04905180cdf92b2cd.1775578386.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 07 Apr 2026 16:16:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234772 From: Yoann Congal Update to the 4.0.34 release of the 4.0 series for buildtools Signed-off-by: Yoann Congal --- scripts/install-buildtools | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install-buildtools b/scripts/install-buildtools index 6a1762c14b3..8754f2d773e 100755 --- a/scripts/install-buildtools +++ b/scripts/install-buildtools @@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout) DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools') DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto' -DEFAULT_RELEASE = 'yocto-4.0.33' -DEFAULT_INSTALLER_VERSION = '4.0.33' +DEFAULT_RELEASE = 'yocto-4.0.34' +DEFAULT_INSTALLER_VERSION = '4.0.34' DEFAULT_BUILDDATE = '202110XX' # Python version sanity check