From patchwork Thu Apr 9 23:10:01 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85738 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12AACF364D4 for ; Thu, 9 Apr 2026 23:11:17 +0000 (UTC) Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.145063.1775776273418201998 for ; Thu, 09 Apr 2026 16:11:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=L/WXuu2b; spf=pass (domain: smile.fr, ip: 209.85.128.66, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f66.google.com with SMTP id 5b1f17b1804b1-488aa77a06eso22440575e9.0 for ; Thu, 09 Apr 2026 16:11:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776272; x=1776381072; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1ym6+A4JCVPCh2T4oIKQtV7Mrbzbqe03UJK+amU/8q8=; b=L/WXuu2b4me/kdBlaPxb9ttwxL/LknjtE3Mq4jggN3yVGaxSIMO9RZve7tM0YgwnKV +WgQjXQbkonLzNwSHvgf/i2gp94euGYvJp/xuQwm0ab+Dx07cizDdYnjPTrs0quWkNis lYT+7x2UQzl6v9dtxkKmJZVgy+58ysb5/wlug= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776272; x=1776381072; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=1ym6+A4JCVPCh2T4oIKQtV7Mrbzbqe03UJK+amU/8q8=; b=cdGyzPFAAwLJdcK22aTWjy6BC5rckTiStDxVkNjFbTaPx9KAHoeTYp+KmlxJioG5Bo vezbE6ODfJxTSVevHTHS0bEOpX7yIjbl8/hiZFgu6S27fWC68j6pd8on8vNL1G99FM2v pNCWamHZB6FEQOQkadqhrKWmY/Y6Jxq4CvflHgOZ02xnJw3m+KmCkzA73Ixcg3LkgLR/ oFEuZj2TfRCLcMeuplVR6WEg1znzAi29APsWkElRyoAkoiBASKWrM+GO6AJ0hs3dwhZt EqtfbCM1LWmwTGZmWappZfiugnU4wLmNCaCrUHnEIpvhIU9DPpnC0Uoi5nfVCahhXFn5 fMCQ== X-Gm-Message-State: AOJu0Yz+agpoYA5sFi35G9gLpCP9OQyjmTcKu/2JOa07AeusosFIPMN1 OFbQe5zOSlqGX0rkfPLqJAVJ8a0MAcHMBrpbhacyN5oHt715UMdeie4DZnEfDXY3RnkTtyrhEJi /h2oqyceD27aR X-Gm-Gg: AeBDievxhoyrS7mIUni2gscfUWZIZcOpeuCKKQMgafEmR32EkyiAfx48pFg060zXGHX TxMPU2YeWVxzbSC8svy+BW+yM0lIJp6zzi1l1+4WHz591G/JzmduZzVRflvRBxZl9NqhXks+Ff9 ASh6AMLugKxvWojVR1pVK/Hh3FRpny4kDUgHLGa+d6Hv5Y+mV5sQbtFmIuDJM+fiMqQRk+43vFq ycO0/NaITALgAkmC0Ala9UwgpRmzIXeHoT+PG2n6oSKdwbd7AoxkFS9ZVtemcN8+D9Zccd5bwn4 0mDUBen0vIe3AyRW2528+tzcyZHmZMrkcrxkXXgOq9OraEWy4PVxD9NrwcnZixvDfg47tSXAsv4 9WUohHWMPCJMRhm5id3Fx/nHEAjhORvlD5ok8VhsFdl7SXqcK2WcvmYKg/KfVpnlFs1x8GhxTck tyAleAssTlgUAVuZ5/D52dGnvsJsJuRK9Tye8F1Cus+G2GL6PrvMBvRfmGWdkH3x1+/cJfFIwQz lOhgXm7J9VfP6GPsTuYKIByRVYJ X-Received: by 2002:a05:600c:a109:b0:477:76bf:e1fb with SMTP id 5b1f17b1804b1-488d6843245mr5385245e9.16.1775776271530; Thu, 09 Apr 2026 16:11:11 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:10 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 01/30] linux-yocto/5.15: update to v5.15.200 Date: Fri, 10 Apr 2026 01:10:01 +0200 Message-ID: <0ebdf9563aa64a1b9d8c6ae6fbd701de8178fa8b.1775775155.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234960 From: Bruce Ashfield Updating linux-yocto/5.15 to the latest korg -stable release that comprises the following commits: e45d5d41c1343 Linux 5.15.200 7ca5540ba6239 riscv: Replace function-like macro by static inline function cbae610ca9e27 nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page() 6a04dc650cef8 spi: tegra: Fix a memory leak in tegra_slink_probe() c7a02a814dc51 spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer 9fa4262a80f75 spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer 55dfe2687a496 spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one eebd79beb268c spi: tegra210-quad: Move curr_xfer read inside spinlock 4f9e7de7a6b8f spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer b34289505180a iommu: disable SVA when CONFIG_X86 is set 1ecf6dc2676ea Bluetooth: hci_event: call disconnect callback before deleting conn 214b85b9b7187 gve: Correct ethtool rx_dropped calculation 9d93332397405 gve: Fix stats report corruption on queue count change 8aa1b0bc65967 tracing: Fix ftrace event field alignments c3c5cfa3170c0 gfs2: Fix NULL pointer dereference in gfs2_log_flush 343fe375a8dd6 hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() be6d98766ac95 riscv: uprobes: Add missing fence.i after building the XOL buffer d7ead65126504 ASoC: amd: fix memory leak in acp3x pdm dma ops 42afe8ed8ad2d nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec 4c09184f08ce6 nvmet-tcp: don't map pages which can't come from HIGHMEM 15e329ce1a957 nvmet-tcp: fix regression in data_digest calculation 1a5c3c99efa11 nvmet-tcp: fix memory leak when performing a controller reset 367fd132df419 nvmet-tcp: add an helper to free the cmd buffers 8c760ba4e36c7 netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() 166f29d4af575 hwmon: (occ) Mark occ_init_attribute() as __printf 3f531122a5801 tipc: use kfree_sensitive() for session key material 5dae6b36a7cb7 macvlan: fix error recovery in macvlan_common_newlink() 77611cab5bdff dpaa2-switch: add bounds check for if_id in IRQ handler 01fbca1e93ec3 net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup d86c58eb005eb net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup c81a8515fb8c8 net: liquidio: Initialize netdev pointer before queue setup 2fcccca88456b dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero c01cc6fe06cf2 platform/x86: intel_telemetry: Fix PSS event register mask 5bce10f0f9435 platform/x86: toshiba_haps: Fix memory leaks in add/remove routines 193f087207ad8 wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice 8518f072fc929 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() fd8b090017330 scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() c85c9de39cd5d wifi: cfg80211: Fix bitrate calculation overflow for HE rates 15e9607df7925 ASoC: tlv320adcx140: Propagate error codes during probe 1525f1068295f ASoC: davinci-evm: Fix reference leak in davinci_evm_probe 536238ba39829 wifi: mac80211: collect station statistics earlier when disconnect 6e4cc9e399952 ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free 16c2ca35257ed HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) 04485e691d8ca HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list 67e06e8a77c1a netfilter: replace -EEXIST with -EBUSY e9aefab3b7eb4 ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk 2d8af4db1f209 HID: playstation: Center initial joystick axes to prevent spurious events d21497331b967 HID: intel-ish-hid: Reset enum_devices_done before enumeration d5cce2ec0e985 HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL a2c68e256fb7a smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() e5dd6a58a52d5 block,bfq: fix aux stat accumulation destination 64240689acff8 net: usb: sr9700: support devices with virtual driver CD cd89a4656c03f wifi: wlcore: ensure skb headroom before skb_push b04c75366a547 wifi: mac80211: ocb: skip rx_no_sta when interface is not joined 9a6cdfd7b6aaa binderfs: fix ida_alloc_max() upper bound ba43ac025c431 timers: Fix NULL function pointer race in timer_shutdown_sync() f24f9ea7d69ef Bluetooth: hci_qca: Fix the teardown problem for real e7f1ca8ea41ab timers: Update the documentation to reflect on the new timer_shutdown() API 36bdfa51a1ad7 timers: Provide timer_shutdown[_sync]() debbcf812d735 timers: Add shutdown mechanism to the internal functions 21ca3ee3f6faa timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode a7035e7d720f8 timers: Silently ignore timers with a NULL function e45a52685b335 Documentation: Replace del_timer/del_timer_sync() 29d5751350cdf timers: Rename del_timer() to timer_delete() a431c4c27ee05 timers: Replace BUG_ON()s d2736470196f2 timers: Get rid of del_singleshot_timer_sync() 9b78a3b948bb6 clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function a97b47fed39d9 clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function b03eb334c42ea ARM: spear: Do not use timer namespace for timer_shutdown() function 7bcf91585f3b1 Documentation: Remove bogus claim about del_timer_sync() 4abccfb61f422 netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX d6ae339f18099 mm/kfence: randomize the freelist on initialization 2284bc168b148 KVM: Don't clobber irqfd routing type when deassigning irqfd a550cc2564cab ARM: 9468/1: fix memset64() on big-endian 5928ca551e361 rbd: check for EOD after exclusive lock is ensured to be held 446d7283cffa5 platform/x86: intel_telemetry: Fix swapped arrays in PSS output 674ebe2d6fe59 x86/kfence: fix booting on 32bit non-PAE systems Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_5.15.bb | 6 ++--- .../linux/linux-yocto-tiny_5.15.bb | 6 ++--- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index e23c8bf88ab..526f3c64b7d 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "27c8048897d9d7ff1ed6d2643cbc024eb13ae342" -SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" +SRCREV_machine ?= "671f06e26c741b7d55d8afcc30e64f1480cec166" +SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.199" +LINUX_VERSION ?= "5.15.200" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 21233285b57..1eeda2e22ca 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.199" +LINUX_VERSION ?= "5.15.200" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "7b20eb2129d25bb2a1cb963d30c2f3adb1e144b3" -SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" +SRCREV_machine ?= "0d4112b87ce7dd038dc712ef616c0b6dd333c786" +SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 861af0041af..5f8bfba396e 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -14,24 +14,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "0ea8d4a7d24642475c1d1e0d8be44976600eb630" -SRCREV_machine:qemuarm64 ?= "33aae9ebda82736fc0246e4d2bd7967bb7ef492a" -SRCREV_machine:qemumips ?= "0d159686c17443503bc7b59f25b5129c8543193d" -SRCREV_machine:qemuppc ?= "c8e213f83bae4792c1042bdcedd46fa60963c69b" -SRCREV_machine:qemuriscv64 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" -SRCREV_machine:qemuriscv32 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" -SRCREV_machine:qemux86 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" -SRCREV_machine:qemux86-64 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" -SRCREV_machine:qemumips64 ?= "58c96e47bbd784e078e265426b9276bad2bb7e22" -SRCREV_machine ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" -SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" +SRCREV_machine:qemuarm ?= "44b7b6bdfaab20ab51f175aeb0df8c27791cc40d" +SRCREV_machine:qemuarm64 ?= "d67ad97cb5d6a51184bd61853e3af7e044c7f1d4" +SRCREV_machine:qemumips ?= "94fe5264de5b6ba6a5fab53b3f2283e36033e373" +SRCREV_machine:qemuppc ?= "a065262f1076ca606ea8229f84b23c10be2680e7" +SRCREV_machine:qemuriscv64 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_machine:qemuriscv32 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_machine:qemux86 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_machine:qemux86-64 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_machine:qemumips64 ?= "00831bab13b4320ee27e4ddc72b55542bfe75ec8" +SRCREV_machine ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "7b232985052fcf6a78bf0f965aa4241c0678c2ba" +SRCREV_machine:class-devupstream ?= "e45d5d41c1343aad8c7587a5b15d58e99aff4c8a" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.199" +LINUX_VERSION ?= "5.15.200" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Thu Apr 9 23:10:02 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85741 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71938F364D6 for ; Thu, 9 Apr 2026 23:11:17 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.145065.1775776274654475393 for ; Thu, 09 Apr 2026 16:11:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=fAAg2g6o; spf=pass (domain: smile.fr, ip: 209.85.128.67, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-488971db0fdso14167545e9.0 for ; Thu, 09 Apr 2026 16:11:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776273; x=1776381073; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=+yR9Dh3QlptEbmJEZasIQsqijuqDXfBH6Jm1XCMvk/I=; b=fAAg2g6o2RXzhju8e+GR9R6QIiQP3p4tEswla3Jjv19a+GyN7cVOeI5CvCsQLWPQai 5pouvj2bTY3pHSK+kauUlqABO01fjusuAepw+/i7DQDFYCrOQGuEeh4trS5hEtRXJHal wc0Rltl/R18yxWz9KgZ/IWRucZShRkAyg6P20= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776273; x=1776381073; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=+yR9Dh3QlptEbmJEZasIQsqijuqDXfBH6Jm1XCMvk/I=; b=gjW84xkBstT7g86Xewe1RFlEr+qTm08UEXsPD01Jf5FXSKXXZM0aBtNcOCF/HYQTm1 VtsDP3XyVdDmpN4dcZjnga/94oUeFqF5LDo1IuFVli/eDovS/rprQzQYposkkmknEVb1 /iOvEwXktQqAfo4xXYrnBwadbpKlW/5AbyP5lfQz3gtlza+zQ0LSKgh3LinmrjULEgWY ezv7JHCkHaL7n+TnVYPOzuI9fA7SghrKoZgC3pa7Tb8YxXKZCR7fzpKRRBPOdoJyZPPf LxtvlbckTfXsS0L2omgTWIwF3FFQnH76ZZ9+Qb/ZmRj3o5azN9I/6r9EOSfiMZ5WTr+g Fg2Q== X-Gm-Message-State: AOJu0YyYEy2rKW+73NNkxwj8pbAe43dNk9knuPo+mVqAMoDpa09zcFMa qloBiGBqrh+kcw+YljRhJB0Ue+tNVXaSg2XP/qmjx2TfsRkfQEQUW+brfhJZrGgn2a/lqS/K09U Q+MTI7XzyCxEB X-Gm-Gg: AeBDietizBQMo0vVk12ONhnGsKHejMj8cGVErNnr6tnqcifSEiAAM1kShxoCrMkJ7e2 9UE6p9AFa6rl1gskq5vh+lco1NSNRgMdQc3J+W/Fuh2CEt2p8qLqltTBQm+Y5H1vu8cgOkiMoBy Mg1kiIO6C/AcfKwYJu4g24qZ2j2FH05QR6+ZthGcS0fI6oGBJtQEcNlj+LL7LM0cBf/+dJEGjMV c9VdQpWjPw3k+HB93eMeN0szxCS2gk7MN1XK7RvLi6dqZ7ldrJ+nasckXo4lQ31kK2Wk+5SqdZv REuMZRwywiVbDOF/r+R/mhDJXOExlNpRJRMdHHOJ/hr/iV8iaCWMFTa+LtR2aS8nwmU3RZdqreg p6Cxh6ICO4MPrSHM8mZ2q2WUqV4EIY+gg7eoXnKM2EMohTtVYRznDhAeKask1DcKcE2T1DHJoHq vmXxMX3QKOu7zS6KFcVOFVNRqhjK25xh2s3GsHUIQFkXpaVCv8vt+I2fNpz4+FhPuTUmfumTTUm vaU6KX+Y4TjgUmsBX22+X+EzA/f X-Received: by 2002:a05:600c:5249:b0:485:7f02:afd5 with SMTP id 5b1f17b1804b1-488d680079bmr7223345e9.13.1775776272775; Thu, 09 Apr 2026 16:11:12 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:11 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 02/30] linux-yocto/5.15: update to v5.15.201 Date: Fri, 10 Apr 2026 01:10:02 +0200 Message-ID: <65c5b6d33aa81de3e85452a1c1e4395e49addcca.1775775155.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234961 From: Bruce Ashfield Updating linux-yocto/5.15 to the latest korg -stable release that comprises the following commits: 3330a8d33e08 Linux 5.15.201 cfd5eadd051a USB: serial: option: add Telit FN920C04 RNDIS compositions 438a405fbad6 f2fs: fix out-of-bounds access in sysfs attribute read/write 2f67ff1e15a8 f2fs: fix to avoid UAF in f2fs_write_end_io() 6167af934f95 fbdev: smscufx: properly copy ioctl memory to kernelspace 52916878db2b fbdev: rivafb: fix divide error in nv3_arb() fa9fb38f5fe9 PCI: endpoint: Avoid creating sub-groups asynchronously 7036aff5a5e8 PCI: endpoint: Remove unused field in struct pci_epf_group 8055827352b7 PCI: endpoint: Automatically create a function specific attributes group b74408de1f22 scsi: qla2xxx: Free sp in error path to fix system crash 794563147038 scsi: qla2xxx: Reduce fabric scan duplicate code 23507a811081 scsi: qla2xxx: Remove dead code (GNN ID) da9939b1ed8b scsi: qla2xxx: Use named initializers for port_[d]state_str f2bbb4db0e4a scsi: qla2xxx: Fix bsg_done() causing double free c71dfb7833db bus: fsl-mc: fix use-after-free in driver_override_show() 38770e103e4e bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions 6dd2645cf080 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() dc5f09466448 crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req 338d40bab283 mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() ec7b6a042414 selftests: mptcp: pm: ensure unknown flags are ignored 51df5513cca6 net: dsa: free routing table on probe failure 4a6e4c56721a smb: client: set correct id, uid and cruid for multiuser automounts b0bb67385480 btrfs: fix racy bitfield write in btrfs_clear_space_info_full() cfdb22762f90 Revert "wireguard: device: enable threaded NAPI" 20c83788eafe gpiolib: acpi: Fix gpio count with string references 612ffe1f4f04 ASoC: fsl_xcvr: fix missing lock in fsl_xcvr_mode_put() ff96318c22fa platform/x86: panasonic-laptop: Fix sysfs group leak in error path af673209d43b platform/x86: classmate-laptop: Add missing NULL pointer checks 72f97ee4950d drm/tegra: hdmi: sor: Fix error: variable ā€˜jā€™ set but not used f2521ab1f63a romfs: check sb_set_blocksize() return value f14e997a372a gpio: sprd: Change sprd_gpio lock to raw_spin_lock 1fe2603fb171 ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU 86588916e188 gpio: omap: do not register driver in probe() 7e0b2cdbe660 scsi: qla2xxx: Query FW again before proceeding with login 891f9969a29e scsi: qla2xxx: Delay module unload while fabric scan in progress a46f81c1e627 scsi: qla2xxx: Validate sp before freeing associated memory ba18e5f22f26 nilfs2: Fix potential block overflow that cause system hang 8ee8ccfd60bf crypto: virtio - Add spinlock protection with virtqueue notification 31aff96a41ae crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly a60b17cedb44 crypto: octeontx - Fix length check to avoid truncation in ucode_load_store Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_5.15.bb | 4 ++-- .../linux/linux-yocto-tiny_5.15.bb | 4 ++-- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 24 +++++++++---------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index 526f3c64b7d..ea763ce9aa1 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "671f06e26c741b7d55d8afcc30e64f1480cec166" +SRCREV_machine ?= "46e4e1200a4fa889438a2cc62151bb7f1057421a" SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.200" +LINUX_VERSION ?= "5.15.201" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 1eeda2e22ca..56853f481fa 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.200" +LINUX_VERSION ?= "5.15.201" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,7 +14,7 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "0d4112b87ce7dd038dc712ef616c0b6dd333c786" +SRCREV_machine ?= "5ae014d6b48449ae38584cc174ef362f6582a8fc" SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 5f8bfba396e..176d17e5736 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -14,16 +14,16 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "44b7b6bdfaab20ab51f175aeb0df8c27791cc40d" -SRCREV_machine:qemuarm64 ?= "d67ad97cb5d6a51184bd61853e3af7e044c7f1d4" -SRCREV_machine:qemumips ?= "94fe5264de5b6ba6a5fab53b3f2283e36033e373" -SRCREV_machine:qemuppc ?= "a065262f1076ca606ea8229f84b23c10be2680e7" -SRCREV_machine:qemuriscv64 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" -SRCREV_machine:qemuriscv32 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" -SRCREV_machine:qemux86 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" -SRCREV_machine:qemux86-64 ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" -SRCREV_machine:qemumips64 ?= "00831bab13b4320ee27e4ddc72b55542bfe75ec8" -SRCREV_machine ?= "af4baa923d4f04a259e3199e9e63d9415bdf3e3a" +SRCREV_machine:qemuarm ?= "9750e854c9e92d55a2cb042c5ce72e712b24217d" +SRCREV_machine:qemuarm64 ?= "8634ca1dd87be9b55bd383dc8636b73b82a28051" +SRCREV_machine:qemumips ?= "54eca1788efd507120c9dc08681a6a31038513a1" +SRCREV_machine:qemuppc ?= "3a3a4ecdcebb4d3deaa8b5c4ec3e167d5f31305c" +SRCREV_machine:qemuriscv64 ?= "b5ccd2e275c9b68e5dc564b6febeaae8dda42bc5" +SRCREV_machine:qemuriscv32 ?= "b5ccd2e275c9b68e5dc564b6febeaae8dda42bc5" +SRCREV_machine:qemux86 ?= "b5ccd2e275c9b68e5dc564b6febeaae8dda42bc5" +SRCREV_machine:qemux86-64 ?= "b5ccd2e275c9b68e5dc564b6febeaae8dda42bc5" +SRCREV_machine:qemumips64 ?= "e643e82fef4b4352b8f6ddf802181526edc806ca" +SRCREV_machine ?= "b5ccd2e275c9b68e5dc564b6febeaae8dda42bc5" SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll @@ -31,7 +31,7 @@ SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "e45d5d41c1343aad8c7587a5b15d58e99aff4c8a" +SRCREV_machine:class-devupstream ?= "3330a8d33e086f76608bb4e80a3dc569d04a8814" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.200" +LINUX_VERSION ?= "5.15.201" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Thu Apr 9 23:10:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85739 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6784F364D8 for ; Thu, 9 Apr 2026 23:11:17 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144826.1775776275669199423 for ; Thu, 09 Apr 2026 16:11:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=sjqtmIte; spf=pass (domain: smile.fr, ip: 209.85.128.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-488af96f6b2so18316375e9.0 for ; Thu, 09 Apr 2026 16:11:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776274; x=1776381074; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=xFSjZKpY+ZOBlTnU1ZhWa2/FzL7hm+4wH1p530QQaSk=; b=sjqtmIteOPvXYBZwF5HuPEvoxGXT5PEX8mSn6qbgRjUoYK7wWRw23+BgoiOCFefDo9 6beNtyUlZaRiKDy5HoQv2kLCC1jB+XngpJ10Vsc1Yc8FnyymCdmO38AHbgDhrx861YqP V5MmdvNmr+0L/vn0+QrjIsslAnr66klTFHsck= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776274; x=1776381074; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=xFSjZKpY+ZOBlTnU1ZhWa2/FzL7hm+4wH1p530QQaSk=; b=k6CtzF/W4PvQ+lOpElmqoo8rJmAK75ca3vmssEm3D6N8v/YNk2iHnZgn+/pnsul3ke c5UXMJ6qBB1Lpc8lcRb5xk04F5bUUYhv3fLe4zSech2cyA3pVPCchjt4wqnbb97ODah7 cInUtbIojtJmZLYFaK3twFZFyeDsVWdWvei6TMsnCW93+ZGwkt+urDLi5okHh4K4GpBH xT3joCYKXSs1DjLOpfEZCDXm/8+40QjNKfcI/Xc5GpHYmKVcqrOAn+6IEnHNR74vkDnH 7lxpQjnezzAuBeWUgRR/Q7TITTWUEJ/wjiyY/opq8a4fwNkofbcOYFB9JBxZcRdPY/PW QWfw== X-Gm-Message-State: AOJu0YxPMNtvFIAJ3bnD+OrRrpheByNYuxyqolGNrqBZOoarfhxepoMF ksALsHb8b/NFgKcnhs1Z5gTwSlqUUKNHJ9U1UDNFvYcfwUjYRi/27zuJ9RDzhIKtIeFTqfJ7jhC +zCzBfx3zeg== X-Gm-Gg: AeBDieuRO4asnlhYJZAsFo+b2UQasK3poAfplzJgOCrwr7tfHs0BUUkFZcaw3XAZNYL KOZ1Ci2vYZ6o50fElyBU2SDfPWHw7k0c3/tOirhBQNUtJZDXljlCaiJ6K5Kx477t/B6m3+em/nP 00bQb6OXshKNrA014OGbf7zgf91IhMRC6gm2AeLtSYefT4hKUrm6Bj2PMDDvPBVU1MsvFWNgn/3 aeMk1Is8PjJILBdvfOT5dLLjlpIUcDqJzpFNY5Tu2ZusfU2RZiG44e7EDxEo9prhaZO9IeTwnWg ehvytV8zepb3OomwZ31Xpff0o+2TO/cUd30/mjIY3Togh5mBul+sY3MqHy6kQh+5pV6JqeTCJCn rg0al2D259lVPsCKra1jVN9BdMd09bTu6F0ZfTNVYw4urQZ+AGkIawKp4/mnSWT5RtCAFD8DVbM u60bpvqJq/XW80pjPMnBit8E4TJW31AVALIzn40xDD+Yb3wIC5uksQimD/kY5yUVwcqp5EWJxON qHhhPK2ZTnZZbLQbaC92f9nTpBC X-Received: by 2002:a05:600c:c10f:b0:487:cd8:4c9 with SMTP id 5b1f17b1804b1-488d689ca8dmr5249005e9.27.1775776273827; Thu, 09 Apr 2026 16:11:13 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:13 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 03/30] create-pull-request: Keep commit hash to be pulled in cover email Date: Fri, 10 Apr 2026 01:10:03 +0200 Message-ID: <58138d386f1c221e87d2217bddc7e31d02cab58c.1775775155.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234962 From: Paul Barker The cover email mangling in create-pull-request was cutting off the actual commit hash to be pulled, making it difficult to verify that the changes a maintainer merges exactly match those intended by the pull request author. The extra lines we want to include are, for example from a recent whinlatter stable branch PR: for you to fetch changes up to 6c4c6d39ea3202d756acc13f8ce81b114a468541: cups: upgrade from 2.4.14 to 2.4.15 (2025-12-29 09:49:31 -0800) Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit c78f5ae4a5ba3675b78cc226feb7b9fbbfd8da19) Signed-off-by: Fabien Thomas Signed-off-by: Yoann Congal --- scripts/create-pull-request | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/create-pull-request b/scripts/create-pull-request index 885105fab3d..5c4414ecd5f 100755 --- a/scripts/create-pull-request +++ b/scripts/create-pull-request @@ -219,7 +219,7 @@ fi # The cover letter already has a diffstat, remove it from the pull-msg # before inserting it. -sed -n "0,\#$REMOTE_URL# p" "$PM" | sed -i "/BLURB HERE/ r /dev/stdin" "$CL" +sed -n "0,\#^----------------------------------------------------------------# p" "$PM" | sed -i "/BLURB HERE/ r /dev/stdin" "$CL" rm "$PM" # If this is an RFC, make that clear in the cover letter From patchwork Thu Apr 9 23:10:04 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85740 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 064ECF364DA for ; Thu, 9 Apr 2026 23:11:18 +0000 (UTC) Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.145066.1775776276781047440 for ; Thu, 09 Apr 2026 16:11:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=DKhxIVzH; spf=pass (domain: smile.fr, ip: 209.85.128.65, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f65.google.com with SMTP id 5b1f17b1804b1-488b0e1b870so20789945e9.2 for ; Thu, 09 Apr 2026 16:11:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776275; x=1776381075; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=aZXJksZ6cDyZy+zz8rFNmc7ug59d92x1hFHDvQgME1M=; b=DKhxIVzHEMwxZdyewh44Nu3oWX0ZWXX1hS41g9u5+AttWNMv2XBYyyAnyjkgSekL5R JiTo7rlpXbroffAtezWlKnVbfmxhpd+7Z7Fetc11yboGV48e9vjLWwIvWdzD3uw8uY0/ NaVPE1YzVJ1xYUR2A3iBeIW35fmjqZLMhkyXw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776275; x=1776381075; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=aZXJksZ6cDyZy+zz8rFNmc7ug59d92x1hFHDvQgME1M=; b=hw2vgylz4sici30nbLtpx7gZaBY2CFr1B/YDgiX5lm7+xQmeq13ePJDL4F4S7pWr2z F9/Aqmf5a/MDuz9RvZyMmN5kCUIos+WiB5dlnWwqsAosXJMq7XGdIB2NcyUhAZo2lTWb ivFQFWTNdyWab+H6qX+9m4jd9A+dBUXKuPB21FaesJGuZgxyaLOeISs1wqFwIonmgX5v n4CVOtHUazs35HpMq6mf9WBH2adjuU/Ii9anvT+ZPXRWGofae7olqRqFrZBgJHV26Ilq b5vkTubWtnIK/QFePv8kFvUiqkEJFA1JBh9yYmffDFS5aQ7tjdXcZp0Jdpv38TME8yRv Ugjg== X-Gm-Message-State: AOJu0Yw8poGYfMnQpcUGjxS+O31TWYhEGpve7Al71Qot+v1JfnjDbq1c 0P3qeMzM8oXCJgJsWv1/PGR7JmddmtPB1uqYA80+8szhfr6R1zShiiCsPNCO0WrjVpLqRhMj8sd 5mb4/3/m9I9UT X-Gm-Gg: AeBDiev60HVALzuTbFsQv80AiGf06taMudUuj6yuYSgjF9UPRxwi4v2NVFS0v2s94Jl j4EK2bCJWx5OcMsZXgRi8QaH5Qh4ff+eVOLJyvz9mO5F2o6/qWlJyaj9W732+BKzBo3lWiFBPMi LQSLeQuK808MvDFywUwnw3nSKcgaxURSY0aag26tAJEO+JDSjafUVRtahdlrbbQBOG6LoHMefOu K7darccDAZuEorkLE3mmhUad9+UETP5eGUVRVRk1OCDNrwjeqXrlE9uBaVYtMF/vc+J1HoNmMyd p3cI5UvaiiWK5f6jSJAl/Lsd7Kzqbp9NgBebQAEJudjt2GJpkH959ucX5xGPvZH9Vi7xuqpHoHw b4RbpFf9M3X5+CgLtG1Qf3JwhBnNgZBur75EK+jV91C9boeuofXcs0SbI0rRv4ObgBcynpugziI 0fzjNpTg+35rSYbkMQsxybwIQ9s0vooKm5l0JlkzRMZkKa322BxLXQwMxqoA+/JUJi+A4hJz2OY i/9HkIWFaD+S6Wbtc4i+MA4bRv6 X-Received: by 2002:a05:600c:c0da:b0:485:4eaf:eb53 with SMTP id 5b1f17b1804b1-488d685c12dmr6089925e9.19.1775776274966; Thu, 09 Apr 2026 16:11:14 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:14 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 04/30] README.OE-Core: update contributor links and add kirkstone prefix Date: Fri, 10 Apr 2026 01:10:04 +0200 Message-ID: <2e04debcb02caa9121a8f933c59fd69666a44fd8.1775775155.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234963 From: Fabien Thomas The current README points to an old Wiki page. Update this to the Yocto documentation. Additionally, add a helper command for git-send-email that includes the 'kirkstone' subject prefix to ensure patches are correctly identified by the maintainers and CI. Suggested-by: Yoann Congal Signed-off-by: Fabien Thomas Signed-off-by: Yoann Congal --- README.OE-Core.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/README.OE-Core.md b/README.OE-Core.md index 2f2127fb03a..8a724dd6d0a 100644 --- a/README.OE-Core.md +++ b/README.OE-Core.md @@ -16,9 +16,13 @@ which can be found at: Contributing ------------ -Please refer to -https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded -for guidelines on how to submit patches. +Please refer to our contributor guide here: https://docs.yoctoproject.org/dev/contributor-guide/ +for full details on how to submit changes. + +As a quick guide, patches should be sent to openembedded-core@lists.openembedded.org +The git command to do that would be: + + git send-email -M -1 --to openembedded-core@lists.openembedded.org --subject-prefix='kirkstone][PATCH' Mailing list: From patchwork Thu Apr 9 23:10:05 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85742 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C37DDF364D2 for ; Thu, 9 Apr 2026 23:11:27 +0000 (UTC) Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.145068.1775776278675129660 for ; Thu, 09 Apr 2026 16:11:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=MRyoDRDd; spf=pass (domain: smile.fr, ip: 209.85.128.66, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f66.google.com with SMTP id 5b1f17b1804b1-488b8efed61so11979115e9.1 for ; Thu, 09 Apr 2026 16:11:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776277; x=1776381077; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CT90VZFAvpsWISE0hnXnwKX8/4gqB+DBOKG5HEgjKQY=; b=MRyoDRDdyoYs64VDeK91c49mp6dEu+hadHNlmdL8dyE+xfr5y7UIG+YswA+HwQJu6d V5QuImDst2iCnEYRZ3HvxGPuXyPUkxEGdKCIhCouzDWTJtAyEC5fDmv7Rr2P/XD8g67U og9b/A+pdnPF8Z7qFaBSK50dFbWM+E1+z/raQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776277; x=1776381077; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=CT90VZFAvpsWISE0hnXnwKX8/4gqB+DBOKG5HEgjKQY=; b=XNhsN/WjLE71+U6eBYUFaF2YXwOxSvqONywRxEAG48UG7AaDgb98HoAbKMxvBBra3d hTgYFBdHDR2hRW7v24jKQ9L5jrB48SnM+gaE0M+Na0U7kwR6hYkw9maav6403h7sWWgd kn3Qj9bH2R5gJqxy87Z6ymOr76k8g4x6PzB5Jm6/UOcdQZg4uAoOvpqflPT4qtN3nRGV hHDe1hYMIsgaKimLhV1ZYeM6Euo5pGu7jauVizMlbQsjCQeD67PHwpq26lCXzfVISYN9 OFp3Abkv3zPNT4a33So4FgHPAe/7GALR+4vEGfb0JUzAW7K2oWRimC2mYJVjM42ce6tz DYWA== X-Gm-Message-State: AOJu0Yy+nbyoggE9iYETBEqkEYJvbq9d3PnA5NpgPp4RatFFPQqhfdc2 Ez5XrJvwvUUh1Fk2GgJ4j0IFKVp5g31T0Y6urSAynMGSNY00StWBlU5+ICS2KCOXPvSq3phBkUW 48mFejdX52Dum X-Gm-Gg: AeBDieteJmyQzP0oliWz7BQqLvuwdTuKUJeuSVI3PFmcgUH7bwSTWfIu38MMc/IvG/y X1n8KjrXV+JjwIqt7ABUK9EwmOrX2CszHRvC/MUNHUJ1p4b1kXTUHjHj+xlIuGul8UN0g5kAopy z0lVNySKBHd/Wss2hGAW4tDHQrWwpmolpQIR7yGX8SAntPlkdYhi3j8debZTwZUOgotBMh81HMt FUcaK3Gq7M8XbQcPGmyhDC4fHxFhY7FDu7kPRplrTUCPKW1SJCkWcjzUmfjp///YcZe5icrrelP MGIjLJDc8k+Ug/5o9HiTSrRf6y/xGn1xu7++RrCaNEYrcc9t3r2XN3E3AN+2G42j3PEBHwTgAKS h9KmOykdekqHQ2tetQo9DewVHLvOCzjfIhrfJ9x9RNM5axz8EoEaDGUHnqWGjP9YdrzK6+B2T1+ /oLGtH2H9pz/MKMjH5/ip6qS+OadZFLbkcorPP3KiVmgZryE7ER8afAAMx+MKQ0b23p3jtbCeQa xKHGGPCArno3itZe1b9Rg3klYpS X-Received: by 2002:a05:600c:8717:b0:477:9890:9ab8 with SMTP id 5b1f17b1804b1-488d6816f5amr8473785e9.3.1775776276800; Thu, 09 Apr 2026 16:11:16 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:15 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 05/30] libtheora: mark CVE-2024-56431 as not vulnerable yet Date: Fri, 10 Apr 2026 01:10:05 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234964 From: Peter Marko CVE patch [1] aplies only on main branch which is base for 1.2.x. Branch 1.1 has a different initial commit and does not contain vulnerable code where the CVE patch applies. Also Debian [2] marked 1.1 as not vulnerable. [1] https://gitlab.xiph.org/xiph/theora/-/commit/5665f86b8fd8345bb09469990e79221562ac204b [2] https://security-tracker.debian.org/tracker/CVE-2024-56431 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal Signed-off-by: Paul Barker Picked from scarthgap commit 07f35d022b88ab4d297d0252f9909e252b7e4cfe Reworked from CVE_STATUS to CVE_CHECK_IGNORE Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb b/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb index ad0be85559b..4066bb1513b 100644 --- a/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb +++ b/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb @@ -22,3 +22,6 @@ CVE_PRODUCT = "theora" inherit autotools pkgconfig EXTRA_OECONF = "--disable-examples" + +# fixed-version:branch 1.1 is not affected, vulnerable code is not present yet +CVE_CHECK_IGNORE += "CVE-2024-56431" From patchwork Thu Apr 9 23:10:06 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85747 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E80BF31E23 for ; Thu, 9 Apr 2026 23:11:29 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144828.1775776279870288534 for ; Thu, 09 Apr 2026 16:11:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Dyd2uUX1; spf=pass (domain: smile.fr, ip: 209.85.128.67, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-488c2690057so14344365e9.0 for ; Thu, 09 Apr 2026 16:11:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776278; x=1776381078; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WBTX+qTNavn6kWq18ryoO1tzu8j0c9iwV7PD4ZfpRZY=; b=Dyd2uUX13J/YcqnibByYcTlgQEmlR6JkFw+/lpuD96DbDTePQFHbU6yLhG63SIx+Wx dcHZ4YedODD1DZN6Ho2fCH85XfWu82E/XKPDx2OMVq26wKowCzTZITo1XU77jXJaQTON RYj0s9QZCT30zaUSsuyXH6zVCexqQFL+fKQhU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776278; x=1776381078; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=WBTX+qTNavn6kWq18ryoO1tzu8j0c9iwV7PD4ZfpRZY=; b=AHu0YRDSut63CYKD7raHcVe/qDn1isanqQsSS16+SmMY/ccM1TrxNwBrtByIhzu4vV co+Us30JAnkNoUim/xAZIBsyk6fufAd5ElAnsNC2AOUTmIMLWJkQeFkwKV9Aih7RqtLA XE3kmZB4yXSnADz2mbzwiD3a6HmhbKSABfo4TatTMZaBBNElHl+2H7YMzjRmw7Tv0N18 36H1aGLDHb9IryDtuM02ZozwS2caeAxnjNzms2+Jh0dIX+NkLmjZsta89HNMoZwi0a2w 5JzU9PLXZJUiBo4qIdQxUO3lDQ0KXGZ3OmkwT3dP0AM9jprMnl/JbvvkSepAI8wDjvHH FESQ== X-Gm-Message-State: AOJu0Yxldlw0vLoKuCTX6BellY6foZMapJUnM0q+IAQWgBT1vjAqA6+T hge61V9HWN1zcvaNKejjyNbq2Xnl727Nszn/WtbO5rOtZ5Lep2cNm9IfD4320tp969E8uVi6ihg mRNRdIpJIYMuh X-Gm-Gg: AeBDietLQ8/w0a6ROwKpk/rG8S06jhm5JkcmAmLwzX0MF6BTjUSke0P10eKeWED0Pjx fYlkzTgc9/19trr1hDGJzVBA5Xiqe+VSiRbIdUaQ+iGmD8tieyPmFDQuT1xS0Wm4CTMPTslvmjk bz6ovw86aa4UfU7FcJOgy25//cuaTucNbIZ3JOcoD42f7FZCifGcYESB1yjn3R+AhKhsGp1EMue zvp4P1mM72sjsAc5iDzXeF41fMv6kMkrCdle7Zru9HvZtDxtL+J926bFFVxmND8R1gA83MLJbrQ 4TudkwyEaPUNHlaBJ6XvtlSKb5LZtewSn79ADvTlUl60siyescKtPdlmaf0tlxRixK6sW11UXkU zLHlWwnvIWyStFV5aD8BEmhrCegeNeFg6+32/R361O1hs6Hp44d6JEr81Hl2OMuRQ6kBeTR3NZM /bQ/yGEUy1Z9cJN7yLJ8WpyVajNRa2c1MlKkEBbouQsfWbQd4zSNIpbm5MVxzSFiItUT0d+qlVZ F7Z08iK97u+7SxT3vrTaNb43Cl4 X-Received: by 2002:a05:600c:a105:b0:486:af22:4a2a with SMTP id 5b1f17b1804b1-488d681f281mr5423975e9.7.1775776278038; Thu, 09 Apr 2026 16:11:18 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:17 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 06/30] tzdata,tzcode-native: Upgrade 2025b -> 2025c Date: Fri, 10 Apr 2026 01:10:06 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234965 From: Vijay Anusuri This release mostly changes code and commentary. The only changed data are leap second table expiration and pre-1976 time in Baja California. Full release notes: https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/TAGXKYLMAQRZRFTERQ33CEKOW7KRJVAK/ Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 452334219309793ad74abd6ff390dcb06cab929b) Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- meta/recipes-extended/timezone/timezone.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index bb81d77ccc5..1c08d4b1023 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2025b" +PV = "2025c" SRC_URI =" https://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ https://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${WORKDIR}/tz" UPSTREAM_CHECK_URI = "https://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "05f8fedb3525ee70d49c87d3fae78a8a0dbae4fe87aa565c65cda9948ae135ec" -SRC_URI[tzdata.sha256sum] = "11810413345fc7805017e27ea9fa4885fd74cd61b2911711ad038f5d28d71474" +SRC_URI[tzcode.sha256sum] = "697ebe6625444aef5080f58e49d03424bbb52e08bf483d3ddb5acf10cbd15740" +SRC_URI[tzdata.sha256sum] = "4aa79e4effee53fc4029ffe5f6ebe97937282ebcdf386d5d2da91ce84142f957" From patchwork Thu Apr 9 23:10:07 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85749 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A695CFB518A for ; Thu, 9 Apr 2026 23:11:29 +0000 (UTC) Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144829.1775776280756596556 for ; Thu, 09 Apr 2026 16:11:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=kHzmT/N7; spf=pass (domain: smile.fr, ip: 209.85.128.66, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f66.google.com with SMTP id 5b1f17b1804b1-488b00ed86fso15334285e9.3 for ; Thu, 09 Apr 2026 16:11:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776279; x=1776381079; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NCGN8BUF5urP1YIACI5hJZJcaPbWT21zdmBon9wV9V4=; b=kHzmT/N70e9p1QBvbQ7lpTEx2xjbhOOCj0HMrmI/Nzc/g90MiIl56cx7ZBcM0bgdCa 4BuNKA/5GDYeXLvleNtK7mlgVpLXtjOEK0uPtbzyG9BnPXLE90KwO5WFf2NvjwvKaf/a cJddAxwTc4jRwK66GHmrVpb5ky/zcs63CVtdA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776279; x=1776381079; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=NCGN8BUF5urP1YIACI5hJZJcaPbWT21zdmBon9wV9V4=; b=VclA7qeCdSXdgm07ppPEW/k8F6uXlYtIJrXy/1FniYRvPEjnyT0RVRSlKFyvnswz0w azOOLb/LyvdiaM0czpYq7+9SvI93eW3wB9RM1OHHZ2gkdlNDtGXMMS0n41jbvqNbBzks D/KyyEzmuYEWMxLb3dQljb2DCzhoQRz9+K0FPSv2iZGovhFnHrKcIFhX82mrF8dkhYPo nuL1mlI3lCA+bdZSHpDVBVEXsvW9EIKYX6ApcLFub430Kf8+9NtjyXlT5/S1RO2ripEr JktdhQOX7s4Sv6Jl8syRlOiIi30rrZJ+PvmDe1dwtVmgzEe9dskFc0aT+N0yKugxSMLr BZrA== X-Gm-Message-State: AOJu0YwAqvjK2lCZX0kjINTqu/LYojMwQJBtxqaWFJmqQd0pYJlWGupN 7Jau//eYdYEbM4VFQx7m8NWENNc5ShNB2J+Lm063Q24u1ii5If2mATGlOVZaX1C28oU0Wxz8DdB md2e7FudWzVn0 X-Gm-Gg: AeBDiesYzDzpugR4eNBGvKhxVqabNLDJlKk0OUuiZJuEWQVMv5NRjFrfaxP1+azfnmA DrZicw4g1sVP5gDK+jsJccvZumseYUSZLthXhCVtPjwQE+TsjsxWyjMGWOuUJc+ewzj6DnISZUf f6BPInIIS5pnMXUlTsyqrc9HRuOcvtntxD9RyRSECtxD9wcdygnlstw0o70fKX0+5pZHQJma1S0 zQjoncmA9zh72McdtWZDdqf2P5jIZixh4kuXHV/2Na+kxb1bXTuvr8LfZSB80/MqpPW8kXxNQSs BJVH7/XbyBBjQplhIMnVswQ5fTGdpgsprnjpHHc+99BjTX8iH9Cm+b1N9R+jpzqZJB5Ok/4vHPc UHwvyxr1Q9k2pxyA20l3S2qEv9VMm5xCSQzAs0Vys6iWFJ0EO54T/lWznGFY3IkqgsKgGGST3Xd iFE+EvMJ2Yj0bX3meUhRrvOpgN3A8uR2Q/ebmUD9U+uZlut0VN6+gT94Vlsak8vUPkufo5BJAgC SilC3cqXLp8WDjCQU48aHbaksqS X-Received: by 2002:a05:600c:4715:b0:488:9e54:94c0 with SMTP id 5b1f17b1804b1-488d67e7dd4mr8968875e9.8.1775776278910; Thu, 09 Apr 2026 16:11:18 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:18 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 07/30] tzdata/tzcode-native: upgrade 2025c -> 2026a Date: Fri, 10 Apr 2026 01:10:07 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234966 From: Jinfeng Wang Signed-off-by: Jinfeng Wang Signed-off-by: Richard Purdie (cherry picked from commit 217ede26d64901d9a38fc119efa684487714c08a) Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- meta/recipes-extended/timezone/timezone.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index 1c08d4b1023..c498c0c9ffa 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2025c" +PV = "2026a" SRC_URI =" https://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ https://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${WORKDIR}/tz" UPSTREAM_CHECK_URI = "https://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "697ebe6625444aef5080f58e49d03424bbb52e08bf483d3ddb5acf10cbd15740" -SRC_URI[tzdata.sha256sum] = "4aa79e4effee53fc4029ffe5f6ebe97937282ebcdf386d5d2da91ce84142f957" +SRC_URI[tzcode.sha256sum] = "f80a17a2eddd2b54041f9c98d75b0aa8038b016d7c5de72892a146d9938740e1" +SRC_URI[tzdata.sha256sum] = "77b541725937bb53bd92bd484c0b43bec8545e2d3431ee01f04ef8f2203ba2b7" From patchwork Thu Apr 9 23:10:08 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85752 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43436F36B83 for ; Thu, 9 Apr 2026 23:11:30 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144830.1775776282005002386 for ; Thu, 09 Apr 2026 16:11:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=syUwIL5t; spf=pass (domain: smile.fr, ip: 209.85.128.67, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-488b3f8fa2bso18117295e9.1 for ; Thu, 09 Apr 2026 16:11:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776280; x=1776381080; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=cX520mzOuiO3Yx7LzznJ5dTFaH7s3NIr4oNCz19cNII=; b=syUwIL5t1jLMD4d8Rvd+98BZHav8ZyehhpfuIk4VP8/Hy6W+O4GkTfQRJ7fDoqcujd IiKZrm3lUouJ+UihMQdQ/mV8X5HYTc0bKLxTmh/B/QMKzMuBoM4kLu9rRRlooiAaswtY AMpVp1TDOzVLPmwx8YHY3R2iqT4my8MvJnLUE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776280; x=1776381080; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=cX520mzOuiO3Yx7LzznJ5dTFaH7s3NIr4oNCz19cNII=; b=nhC7AmRAMzwLTWapDRxnBDghdRUdqpdNdrKXJPoCgWJvrWV7Qcy2qxd5s0Qgv7rIrZ tT6ow6YTX23qLj7tSCOGt4boaJjweYDLv8FD8UOAYvHKtrijJ4PNrujtVJLeRfEYZ5/u kmEbPkQApGkU6XhNChEOURdrXJ2ZqnItgmpSR1/T+Um2J4AW8+/cQl5KxEBdDr1VOioS 3WNdDAigHVm9V4OsmqKn3mJ4poBs7MSVVHDrqGNmbyCmTIIM3Fvu/qwQnBEyj0ai0Zxi 0ODdgcwa3OAQM74CdVhSiIfnYSIGq0XRVxNFPHf1KYNXG1ig+/T3A7svq7uI6ab9zKO7 kr7g== X-Gm-Message-State: AOJu0YxHIkttGj2yD1t5jOJhS5SlZKV5MuWGIqrMwURYHDCkGcl1wXLJ ip9UNAapcmYiYxqFCIWhq/CaIkfHRVWZtc4WtFzSsHgYcVnu12nVD+A2PtJ7usDulAaV1ecAlHv ScM9OqI+5w83L X-Gm-Gg: AeBDieurKGR9N4STt34Kf7pevo9ofvrk1x6zQ7iZqnq2wjPDABcPncXPYs4WmbnEXIY 3o+IgJa0SzTkC2RG/i2H6sfQFprHwCi8wrN8n0UQV3dBr5ypx3o0SOUMgJjXdMspXxYCFzRUMPL t6eZ54p15zThmE8cVTcvVIuEV2OLsU3fN7N8t3ikiQDWsWsD35Ye+3pfYizxTflne4CAPQSzmg/ VqZuQDGlO6p8JEmrpNa8zf1uJqDUaLKERg2hCFi7nOoj98jEkBZcfZRjEYO/1Hc+wRahH8sFKsg 21PDZpfMQ7ZkEKkT+lebyF2Yk0Ac17ebi/mwS5Ybi8FP0j0tCNVzVYWBXbRV3WrfbNLgbzLSvsv ZqPoWqXDE/j5cZv9R09LMGoJpTjHLtEnXxVDOtr4JsWa0z6SaIVE7mx3/bkRC3+xQXj5bQOSff8 T0oQrafsum3g+S/TBGOkIOOlJCDjmbyIEymurewugyCwpVwFX8UNqD2thglPLewPSf7giWU/9xu 6dUqrJP0cv4fihLZUAdxNbqsOVM X-Received: by 2002:a05:600c:698d:b0:487:22ad:403e with SMTP id 5b1f17b1804b1-488d6ac9ce5mr7295765e9.14.1775776279942; Thu, 09 Apr 2026 16:11:19 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:19 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 08/30] python3: upgrade 3.10.19 -> 3.10.20 Date: Fri, 10 Apr 2026 01:10:08 +0200 Message-ID: <51e1581d337b674272c1a71dfc366387577bc5df.1775775155.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234967 From: Vijay Anusuri Drop upstreamed patches. Release information: * https://www.python.org/downloads/release/python-31020/ * The release you're looking at is Python 3.10.20, a security bugfix release for the legacy 3.10 series. Handles CVE-2024-6923 CVE-2025-6075 CVE-2025-12084 CVE-2025-13836 CVE-2025-13837 CVE-2025-15282 CVE-2025-59375 CVE-2026-0865 CVE-2026-24515 CVE-2026-25210 Signed-off-by: Vijay Anusuri [YC: rebased on top of kirkstone] Signed-off-by: Yoann Congal --- .../python/python3/CVE-2025-12084.patch | 171 -------- .../python/python3/CVE-2025-13836.patch | 163 -------- .../python/python3/CVE-2025-13837.patch | 162 -------- .../python/python3/CVE-2025-6075.patch | 364 ------------------ ...{python3_3.10.19.bb => python3_3.10.20.bb} | 6 +- 5 files changed, 1 insertion(+), 865 deletions(-) delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-12084.patch delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13836.patch delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13837.patch delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-6075.patch rename meta/recipes-devtools/python/{python3_3.10.19.bb => python3_3.10.20.bb} (98%) diff --git a/meta/recipes-devtools/python/python3/CVE-2025-12084.patch b/meta/recipes-devtools/python/python3/CVE-2025-12084.patch deleted file mode 100644 index 0c9bb435edf..00000000000 --- a/meta/recipes-devtools/python/python3/CVE-2025-12084.patch +++ /dev/null @@ -1,171 +0,0 @@ -From c97e87593063d84a2bd9fe7068b30eb44de23dc0 Mon Sep 17 00:00:00 2001 -From: "Miss Islington (bot)" - <31488909+miss-islington@users.noreply.github.com> -Date: Sun, 25 Jan 2026 18:10:49 +0100 -Subject: [PATCH] [3.10] gh-142145: Remove quadratic behavior in node ID cache - clearing (GH-142146) (#142213) - -* gh-142145: Remove quadratic behavior in node ID cache clearing (GH-142146) - -* Remove quadratic behavior in node ID cache clearing - -Co-authored-by: Jacob Walls <38668450+jacobtylerwalls@users.noreply.github.com> - -* Add news fragment - -CVE: CVE-2025-12084 -Upstream-Status: Backport [https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0] -Signed-off-by: Peter Marko ---------- -(cherry picked from commit 08d8e18ad81cd45bc4a27d6da478b51ea49486e4) - -Co-authored-by: Seth Michael Larson -Co-authored-by: Jacob Walls <38668450+jacobtylerwalls@users.noreply.github.com> - -* [3.14] gh-142754: Ensure that Element & Attr instances have the ownerDocument attribute (GH-142794) (#142818) - -gh-142754: Ensure that Element & Attr instances have the ownerDocument attribute (GH-142794) -(cherry picked from commit 1cc7551b3f9f71efbc88d96dce90f82de98b2454) - -Co-authored-by: Petr Viktorin -Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> - -* gh-142145: relax the no-longer-quadratic test timing (GH-143030) - -* gh-142145: relax the no-longer-quadratic test timing - -* require cpu resource -(cherry picked from commit 8d2d7bb2e754f8649a68ce4116271a4932f76907) - -Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> - -* merge NEWS entries into one - ---------- - -Co-authored-by: Seth Michael Larson -Co-authored-by: Jacob Walls <38668450+jacobtylerwalls@users.noreply.github.com> -Co-authored-by: Petr Viktorin -Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> -Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> -Co-authored-by: Gregory P. Smith ---- - Lib/test/test_minidom.py | 33 ++++++++++++++++++- - Lib/xml/dom/minidom.py | 11 ++----- - ...-12-01-09-36-45.gh-issue-142145.tcAUhg.rst | 6 ++++ - 3 files changed, 41 insertions(+), 9 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst - -diff --git a/Lib/test/test_minidom.py b/Lib/test/test_minidom.py -index ef38c36210..c68bd990f7 100644 ---- a/Lib/test/test_minidom.py -+++ b/Lib/test/test_minidom.py -@@ -2,6 +2,7 @@ - - import copy - import pickle -+import time - import io - from test import support - import unittest -@@ -9,7 +10,7 @@ import unittest - import pyexpat - import xml.dom.minidom - --from xml.dom.minidom import parse, Attr, Node, Document, parseString -+from xml.dom.minidom import parse, Attr, Node, Document, Element, parseString - from xml.dom.minidom import getDOMImplementation - from xml.parsers.expat import ExpatError - -@@ -177,6 +178,36 @@ class MinidomTest(unittest.TestCase): - self.confirm(dom.documentElement.childNodes[-1].data == "Hello") - dom.unlink() - -+ @support.requires_resource('cpu') -+ def testAppendChildNoQuadraticComplexity(self): -+ impl = getDOMImplementation() -+ -+ newdoc = impl.createDocument(None, "some_tag", None) -+ top_element = newdoc.documentElement -+ children = [newdoc.createElement(f"child-{i}") for i in range(1, 2 ** 15 + 1)] -+ element = top_element -+ -+ start = time.monotonic() -+ for child in children: -+ element.appendChild(child) -+ element = child -+ end = time.monotonic() -+ -+ # This example used to take at least 30 seconds. -+ # Conservative assertion due to the wide variety of systems and -+ # build configs timing based tests wind up run under. -+ # A --with-address-sanitizer --with-pydebug build on a rpi5 still -+ # completes this loop in <0.5 seconds. -+ self.assertLess(end - start, 4) -+ -+ def testSetAttributeNodeWithoutOwnerDocument(self): -+ # regression test for gh-142754 -+ elem = Element("test") -+ attr = Attr("id") -+ attr.value = "test-id" -+ elem.setAttributeNode(attr) -+ self.assertEqual(elem.getAttribute("id"), "test-id") -+ - def testAppendChildFragment(self): - dom, orig, c1, c2, c3, frag = self._create_fragment_test_nodes() - dom.documentElement.appendChild(frag) -diff --git a/Lib/xml/dom/minidom.py b/Lib/xml/dom/minidom.py -index ef8a159833..cada981f39 100644 ---- a/Lib/xml/dom/minidom.py -+++ b/Lib/xml/dom/minidom.py -@@ -292,13 +292,6 @@ def _append_child(self, node): - childNodes.append(node) - node.parentNode = self - --def _in_document(node): -- # return True iff node is part of a document tree -- while node is not None: -- if node.nodeType == Node.DOCUMENT_NODE: -- return True -- node = node.parentNode -- return False - - def _write_data(writer, data): - "Writes datachars to writer." -@@ -355,6 +348,7 @@ class Attr(Node): - def __init__(self, qName, namespaceURI=EMPTY_NAMESPACE, localName=None, - prefix=None): - self.ownerElement = None -+ self.ownerDocument = None - self._name = qName - self.namespaceURI = namespaceURI - self._prefix = prefix -@@ -680,6 +674,7 @@ class Element(Node): - - def __init__(self, tagName, namespaceURI=EMPTY_NAMESPACE, prefix=None, - localName=None): -+ self.ownerDocument = None - self.parentNode = None - self.tagName = self.nodeName = tagName - self.prefix = prefix -@@ -1539,7 +1534,7 @@ def _clear_id_cache(node): - if node.nodeType == Node.DOCUMENT_NODE: - node._id_cache.clear() - node._id_search_stack = None -- elif _in_document(node): -+ elif node.ownerDocument: - node.ownerDocument._id_cache.clear() - node.ownerDocument._id_search_stack= None - -diff --git a/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst b/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst -new file mode 100644 -index 0000000000..05c7df35d1 ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst -@@ -0,0 +1,6 @@ -+Remove quadratic behavior in ``xml.minidom`` node ID cache clearing. In order -+to do this without breaking existing users, we also add the *ownerDocument* -+attribute to :mod:`xml.dom.minidom` elements and attributes created by directly -+instantiating the ``Element`` or ``Attr`` class. Note that this way of creating -+nodes is not supported; creator functions like -+:py:meth:`xml.dom.Document.documentElement` should be used instead. diff --git a/meta/recipes-devtools/python/python3/CVE-2025-13836.patch b/meta/recipes-devtools/python/python3/CVE-2025-13836.patch deleted file mode 100644 index c4387b60194..00000000000 --- a/meta/recipes-devtools/python/python3/CVE-2025-13836.patch +++ /dev/null @@ -1,163 +0,0 @@ -From 289f29b0fe38baf2d7cb5854f4bb573cc34a6a15 Mon Sep 17 00:00:00 2001 -From: "Miss Islington (bot)" - <31488909+miss-islington@users.noreply.github.com> -Date: Fri, 5 Dec 2025 16:21:57 +0100 -Subject: [PATCH] [3.13] gh-119451: Fix a potential denial of service in - http.client (GH-119454) (#142139) - -gh-119451: Fix a potential denial of service in http.client (GH-119454) - -Reading the whole body of the HTTP response could cause OOM if -the Content-Length value is too large even if the server does not send -a large amount of data. Now the HTTP client reads large data by chunks, -therefore the amount of consumed memory is proportional to the amount -of sent data. -(cherry picked from commit 5a4c4a033a4a54481be6870aa1896fad732555b5) - -CVE: CVE-2025-13836 -Upstream-Status: Backport [https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15] -Signed-off-by: Hitendra Prajapati ---- - Lib/http/client.py | 28 ++++++-- - Lib/test/test_httplib.py | 66 +++++++++++++++++++ - ...-05-23-11-47-48.gh-issue-119451.qkJe9-.rst | 5 ++ - 3 files changed, 95 insertions(+), 4 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst - -diff --git a/Lib/http/client.py b/Lib/http/client.py -index d1b7b10..c8ab5b7 100644 ---- a/Lib/http/client.py -+++ b/Lib/http/client.py -@@ -111,6 +111,11 @@ responses = {v: v.phrase for v in http.HTTPStatus.__members__.values()} - _MAXLINE = 65536 - _MAXHEADERS = 100 - -+# Data larger than this will be read in chunks, to prevent extreme -+# overallocation. -+_MIN_READ_BUF_SIZE = 1 << 20 -+ -+ - # Header name/value ABNF (http://tools.ietf.org/html/rfc7230#section-3.2) - # - # VCHAR = %x21-7E -@@ -628,10 +633,25 @@ class HTTPResponse(io.BufferedIOBase): - reading. If the bytes are truly not available (due to EOF), then the - IncompleteRead exception can be used to detect the problem. - """ -- data = self.fp.read(amt) -- if len(data) < amt: -- raise IncompleteRead(data, amt-len(data)) -- return data -+ cursize = min(amt, _MIN_READ_BUF_SIZE) -+ data = self.fp.read(cursize) -+ if len(data) >= amt: -+ return data -+ if len(data) < cursize: -+ raise IncompleteRead(data, amt - len(data)) -+ -+ data = io.BytesIO(data) -+ data.seek(0, 2) -+ while True: -+ # This is a geometric increase in read size (never more than -+ # doubling out the current length of data per loop iteration). -+ delta = min(cursize, amt - cursize) -+ data.write(self.fp.read(delta)) -+ if data.tell() >= amt: -+ return data.getvalue() -+ cursize += delta -+ if data.tell() < cursize: -+ raise IncompleteRead(data.getvalue(), amt - data.tell()) - - def _safe_readinto(self, b): - """Same as _safe_read, but for reading into a buffer.""" -diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py -index 77152cf..89ec5f6 100644 ---- a/Lib/test/test_httplib.py -+++ b/Lib/test/test_httplib.py -@@ -1226,6 +1226,72 @@ class BasicTest(TestCase): - thread.join() - self.assertEqual(result, b"proxied data\n") - -+ def test_large_content_length(self): -+ serv = socket.create_server((HOST, 0)) -+ self.addCleanup(serv.close) -+ -+ def run_server(): -+ [conn, address] = serv.accept() -+ with conn: -+ while conn.recv(1024): -+ conn.sendall( -+ b"HTTP/1.1 200 Ok\r\n" -+ b"Content-Length: %d\r\n" -+ b"\r\n" % size) -+ conn.sendall(b'A' * (size//3)) -+ conn.sendall(b'B' * (size - size//3)) -+ -+ thread = threading.Thread(target=run_server) -+ thread.start() -+ self.addCleanup(thread.join, 1.0) -+ -+ conn = client.HTTPConnection(*serv.getsockname()) -+ try: -+ for w in range(15, 27): -+ size = 1 << w -+ conn.request("GET", "/") -+ with conn.getresponse() as response: -+ self.assertEqual(len(response.read()), size) -+ finally: -+ conn.close() -+ thread.join(1.0) -+ -+ def test_large_content_length_truncated(self): -+ serv = socket.create_server((HOST, 0)) -+ self.addCleanup(serv.close) -+ -+ def run_server(): -+ while True: -+ [conn, address] = serv.accept() -+ with conn: -+ conn.recv(1024) -+ if not size: -+ break -+ conn.sendall( -+ b"HTTP/1.1 200 Ok\r\n" -+ b"Content-Length: %d\r\n" -+ b"\r\n" -+ b"Text" % size) -+ -+ thread = threading.Thread(target=run_server) -+ thread.start() -+ self.addCleanup(thread.join, 1.0) -+ -+ conn = client.HTTPConnection(*serv.getsockname()) -+ try: -+ for w in range(18, 65): -+ size = 1 << w -+ conn.request("GET", "/") -+ with conn.getresponse() as response: -+ self.assertRaises(client.IncompleteRead, response.read) -+ conn.close() -+ finally: -+ conn.close() -+ size = 0 -+ conn.request("GET", "/") -+ conn.close() -+ thread.join(1.0) -+ - def test_putrequest_override_domain_validation(self): - """ - It should be possible to override the default validation -diff --git a/Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst b/Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst -new file mode 100644 -index 0000000..6d6f25c ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst -@@ -0,0 +1,5 @@ -+Fix a potential memory denial of service in the :mod:`http.client` module. -+When connecting to a malicious server, it could cause -+an arbitrary amount of memory to be allocated. -+This could have led to symptoms including a :exc:`MemoryError`, swapping, out -+of memory (OOM) killed processes or containers, or even system crashes. --- -2.50.1 - diff --git a/meta/recipes-devtools/python/python3/CVE-2025-13837.patch b/meta/recipes-devtools/python/python3/CVE-2025-13837.patch deleted file mode 100644 index 36bf75792bb..00000000000 --- a/meta/recipes-devtools/python/python3/CVE-2025-13837.patch +++ /dev/null @@ -1,162 +0,0 @@ -From 5a8b19677d818fb41ee55f310233772e15aa1a2b Mon Sep 17 00:00:00 2001 -From: Serhiy Storchaka -Date: Mon, 22 Dec 2025 15:49:44 +0200 -Subject: [PATCH] [3.12] gh-119342: Fix a potential denial of service in - plistlib (GH-119343) (#142149) - -Reading a specially prepared small Plist file could cause OOM because file's -read(n) preallocates a bytes object for reading the specified amount of -data. Now plistlib reads large data by chunks, therefore the upper limit of -consumed memory is proportional to the size of the input file. -(cherry picked from commit 694922cf40aa3a28f898b5f5ee08b71b4922df70) - -CVE: CVE-2025-13837 -Upstream-Status: Backport [https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b] -Signed-off-by: Peter Marko ---- - Lib/plistlib.py | 31 ++++++++++------ - Lib/test/test_plistlib.py | 37 +++++++++++++++++-- - ...-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst | 5 +++ - 3 files changed, 59 insertions(+), 14 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst - -diff --git a/Lib/plistlib.py b/Lib/plistlib.py -index 3292c30d5f..c5554ea1f7 100644 ---- a/Lib/plistlib.py -+++ b/Lib/plistlib.py -@@ -73,6 +73,9 @@ from xml.parsers.expat import ParserCreate - PlistFormat = enum.Enum('PlistFormat', 'FMT_XML FMT_BINARY', module=__name__) - globals().update(PlistFormat.__members__) - -+# Data larger than this will be read in chunks, to prevent extreme -+# overallocation. -+_MIN_READ_BUF_SIZE = 1 << 20 - - class UID: - def __init__(self, data): -@@ -499,12 +502,24 @@ class _BinaryPlistParser: - - return tokenL - -+ def _read(self, size): -+ cursize = min(size, _MIN_READ_BUF_SIZE) -+ data = self._fp.read(cursize) -+ while True: -+ if len(data) != cursize: -+ raise InvalidFileException -+ if cursize == size: -+ return data -+ delta = min(cursize, size - cursize) -+ data += self._fp.read(delta) -+ cursize += delta -+ - def _read_ints(self, n, size): -- data = self._fp.read(size * n) -+ data = self._read(size * n) - if size in _BINARY_FORMAT: - return struct.unpack(f'>{n}{_BINARY_FORMAT[size]}', data) - else: -- if not size or len(data) != size * n: -+ if not size: - raise InvalidFileException() - return tuple(int.from_bytes(data[i: i + size], 'big') - for i in range(0, size * n, size)) -@@ -561,22 +576,16 @@ class _BinaryPlistParser: - - elif tokenH == 0x40: # data - s = self._get_size(tokenL) -- result = self._fp.read(s) -- if len(result) != s: -- raise InvalidFileException() -+ result = self._read(s) - - elif tokenH == 0x50: # ascii string - s = self._get_size(tokenL) -- data = self._fp.read(s) -- if len(data) != s: -- raise InvalidFileException() -+ data = self._read(s) - result = data.decode('ascii') - - elif tokenH == 0x60: # unicode string - s = self._get_size(tokenL) * 2 -- data = self._fp.read(s) -- if len(data) != s: -- raise InvalidFileException() -+ data = self._read(s) - result = data.decode('utf-16be') - - elif tokenH == 0x80: # UID -diff --git a/Lib/test/test_plistlib.py b/Lib/test/test_plistlib.py -index fa46050658..229a5a242e 100644 ---- a/Lib/test/test_plistlib.py -+++ b/Lib/test/test_plistlib.py -@@ -838,8 +838,7 @@ class TestPlistlib(unittest.TestCase): - - class TestBinaryPlistlib(unittest.TestCase): - -- @staticmethod -- def decode(*objects, offset_size=1, ref_size=1): -+ def build(self, *objects, offset_size=1, ref_size=1): - data = [b'bplist00'] - offset = 8 - offsets = [] -@@ -851,7 +850,11 @@ class TestBinaryPlistlib(unittest.TestCase): - len(objects), 0, offset) - data.extend(offsets) - data.append(tail) -- return plistlib.loads(b''.join(data), fmt=plistlib.FMT_BINARY) -+ return b''.join(data) -+ -+ def decode(self, *objects, offset_size=1, ref_size=1): -+ data = self.build(*objects, offset_size=offset_size, ref_size=ref_size) -+ return plistlib.loads(data, fmt=plistlib.FMT_BINARY) - - def test_nonstandard_refs_size(self): - # Issue #21538: Refs and offsets are 24-bit integers -@@ -959,6 +962,34 @@ class TestBinaryPlistlib(unittest.TestCase): - with self.assertRaises(plistlib.InvalidFileException): - plistlib.loads(b'bplist00' + data, fmt=plistlib.FMT_BINARY) - -+ def test_truncated_large_data(self): -+ self.addCleanup(os_helper.unlink, os_helper.TESTFN) -+ def check(data): -+ with open(os_helper.TESTFN, 'wb') as f: -+ f.write(data) -+ # buffered file -+ with open(os_helper.TESTFN, 'rb') as f: -+ with self.assertRaises(plistlib.InvalidFileException): -+ plistlib.load(f, fmt=plistlib.FMT_BINARY) -+ # unbuffered file -+ with open(os_helper.TESTFN, 'rb', buffering=0) as f: -+ with self.assertRaises(plistlib.InvalidFileException): -+ plistlib.load(f, fmt=plistlib.FMT_BINARY) -+ for w in range(20, 64): -+ s = 1 << w -+ # data -+ check(self.build(b'\x4f\x13' + s.to_bytes(8, 'big'))) -+ # ascii string -+ check(self.build(b'\x5f\x13' + s.to_bytes(8, 'big'))) -+ # unicode string -+ check(self.build(b'\x6f\x13' + s.to_bytes(8, 'big'))) -+ # array -+ check(self.build(b'\xaf\x13' + s.to_bytes(8, 'big'))) -+ # dict -+ check(self.build(b'\xdf\x13' + s.to_bytes(8, 'big'))) -+ # number of objects -+ check(b'bplist00' + struct.pack('>6xBBQQQ', 1, 1, s, 0, 8)) -+ - - class TestKeyedArchive(unittest.TestCase): - def test_keyed_archive_data(self): -diff --git a/Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst b/Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst -new file mode 100644 -index 0000000000..04fd8faca4 ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst -@@ -0,0 +1,5 @@ -+Fix a potential memory denial of service in the :mod:`plistlib` module. -+When reading a Plist file received from untrusted source, it could cause -+an arbitrary amount of memory to be allocated. -+This could have led to symptoms including a :exc:`MemoryError`, swapping, out -+of memory (OOM) killed processes or containers, or even system crashes. diff --git a/meta/recipes-devtools/python/python3/CVE-2025-6075.patch b/meta/recipes-devtools/python/python3/CVE-2025-6075.patch deleted file mode 100644 index eab5a882a0d..00000000000 --- a/meta/recipes-devtools/python/python3/CVE-2025-6075.patch +++ /dev/null @@ -1,364 +0,0 @@ -From 892747b4cf0f95ba8beb51c0d0658bfaa381ebca Mon Sep 17 00:00:00 2001 -From: Łukasz Langa -Date: Fri, 31 Oct 2025 17:51:32 +0100 -Subject: [PATCH] gh-136065: Fix quadratic complexity in os.path.expandvars() - (GH-134952) (GH-140851) - -(cherry picked from commit f029e8db626ddc6e3a3beea4eff511a71aaceb5c) - -Co-authored-by: Serhiy Storchaka - -CVE: CVE-2025-6075 - -Upstream-Status: Backport [https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca] - -Signed-off-by: Praveen Kumar ---- - Lib/ntpath.py | 126 ++++++------------ - Lib/posixpath.py | 43 +++--- - Lib/test/test_genericpath.py | 14 ++ - Lib/test/test_ntpath.py | 20 ++- - ...-05-30-22-33-27.gh-issue-136065.bu337o.rst | 1 + - 5 files changed, 93 insertions(+), 111 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst - -diff --git a/Lib/ntpath.py b/Lib/ntpath.py -index 9b0cca4..bd2b4e2 100644 ---- a/Lib/ntpath.py -+++ b/Lib/ntpath.py -@@ -374,17 +374,23 @@ def expanduser(path): - # XXX With COMMAND.COM you can use any characters in a variable name, - # XXX except '^|<>='. - -+_varpattern = r"'[^']*'?|%(%|[^%]*%?)|\$(\$|[-\w]+|\{[^}]*\}?)" -+_varsub = None -+_varsubb = None -+ - def expandvars(path): - """Expand shell variables of the forms $var, ${var} and %var%. - - Unknown variables are left unchanged.""" - path = os.fspath(path) -+ global _varsub, _varsubb - if isinstance(path, bytes): - if b'$' not in path and b'%' not in path: - return path -- import string -- varchars = bytes(string.ascii_letters + string.digits + '_-', 'ascii') -- quote = b'\'' -+ if not _varsubb: -+ import re -+ _varsubb = re.compile(_varpattern.encode(), re.ASCII).sub -+ sub = _varsubb - percent = b'%' - brace = b'{' - rbrace = b'}' -@@ -393,94 +399,44 @@ def expandvars(path): - else: - if '$' not in path and '%' not in path: - return path -- import string -- varchars = string.ascii_letters + string.digits + '_-' -- quote = '\'' -+ if not _varsub: -+ import re -+ _varsub = re.compile(_varpattern, re.ASCII).sub -+ sub = _varsub - percent = '%' - brace = '{' - rbrace = '}' - dollar = '$' - environ = os.environ -- res = path[:0] -- index = 0 -- pathlen = len(path) -- while index < pathlen: -- c = path[index:index+1] -- if c == quote: # no expansion within single quotes -- path = path[index + 1:] -- pathlen = len(path) -- try: -- index = path.index(c) -- res += c + path[:index + 1] -- except ValueError: -- res += c + path -- index = pathlen - 1 -- elif c == percent: # variable or '%' -- if path[index + 1:index + 2] == percent: -- res += c -- index += 1 -- else: -- path = path[index+1:] -- pathlen = len(path) -- try: -- index = path.index(percent) -- except ValueError: -- res += percent + path -- index = pathlen - 1 -- else: -- var = path[:index] -- try: -- if environ is None: -- value = os.fsencode(os.environ[os.fsdecode(var)]) -- else: -- value = environ[var] -- except KeyError: -- value = percent + var + percent -- res += value -- elif c == dollar: # variable or '$$' -- if path[index + 1:index + 2] == dollar: -- res += c -- index += 1 -- elif path[index + 1:index + 2] == brace: -- path = path[index+2:] -- pathlen = len(path) -- try: -- index = path.index(rbrace) -- except ValueError: -- res += dollar + brace + path -- index = pathlen - 1 -- else: -- var = path[:index] -- try: -- if environ is None: -- value = os.fsencode(os.environ[os.fsdecode(var)]) -- else: -- value = environ[var] -- except KeyError: -- value = dollar + brace + var + rbrace -- res += value -- else: -- var = path[:0] -- index += 1 -- c = path[index:index + 1] -- while c and c in varchars: -- var += c -- index += 1 -- c = path[index:index + 1] -- try: -- if environ is None: -- value = os.fsencode(os.environ[os.fsdecode(var)]) -- else: -- value = environ[var] -- except KeyError: -- value = dollar + var -- res += value -- if c: -- index -= 1 -+ -+ def repl(m): -+ lastindex = m.lastindex -+ if lastindex is None: -+ return m[0] -+ name = m[lastindex] -+ if lastindex == 1: -+ if name == percent: -+ return name -+ if not name.endswith(percent): -+ return m[0] -+ name = name[:-1] - else: -- res += c -- index += 1 -- return res -+ if name == dollar: -+ return name -+ if name.startswith(brace): -+ if not name.endswith(rbrace): -+ return m[0] -+ name = name[1:-1] -+ -+ try: -+ if environ is None: -+ return os.fsencode(os.environ[os.fsdecode(name)]) -+ else: -+ return environ[name] -+ except KeyError: -+ return m[0] -+ -+ return sub(repl, path) - - - # Normalize a path, e.g. A//B, A/./B and A/foo/../B all become A\B. -diff --git a/Lib/posixpath.py b/Lib/posixpath.py -index b8dd563..75020ee 100644 ---- a/Lib/posixpath.py -+++ b/Lib/posixpath.py -@@ -279,42 +279,41 @@ def expanduser(path): - # This expands the forms $variable and ${variable} only. - # Non-existent variables are left unchanged. - --_varprog = None --_varprogb = None -+_varpattern = r'\$(\w+|\{[^}]*\}?)' -+_varsub = None -+_varsubb = None - - def expandvars(path): - """Expand shell variables of form $var and ${var}. Unknown variables - are left unchanged.""" - path = os.fspath(path) -- global _varprog, _varprogb -+ global _varsub, _varsubb - if isinstance(path, bytes): - if b'$' not in path: - return path -- if not _varprogb: -+ if not _varsubb: - import re -- _varprogb = re.compile(br'\$(\w+|\{[^}]*\})', re.ASCII) -- search = _varprogb.search -+ _varsubb = re.compile(_varpattern.encode(), re.ASCII).sub -+ sub = _varsubb - start = b'{' - end = b'}' - environ = getattr(os, 'environb', None) - else: - if '$' not in path: - return path -- if not _varprog: -+ if not _varsub: - import re -- _varprog = re.compile(r'\$(\w+|\{[^}]*\})', re.ASCII) -- search = _varprog.search -+ _varsub = re.compile(_varpattern, re.ASCII).sub -+ sub = _varsub - start = '{' - end = '}' - environ = os.environ -- i = 0 -- while True: -- m = search(path, i) -- if not m: -- break -- i, j = m.span(0) -- name = m.group(1) -- if name.startswith(start) and name.endswith(end): -+ -+ def repl(m): -+ name = m[1] -+ if name.startswith(start): -+ if not name.endswith(end): -+ return m[0] - name = name[1:-1] - try: - if environ is None: -@@ -322,13 +321,11 @@ def expandvars(path): - else: - value = environ[name] - except KeyError: -- i = j -+ return m[0] - else: -- tail = path[j:] -- path = path[:i] + value -- i = len(path) -- path += tail -- return path -+ return value -+ -+ return sub(repl, path) - - - # Normalize a path, e.g. A//B, A/./B and A/foo/../B all become A/B. -diff --git a/Lib/test/test_genericpath.py b/Lib/test/test_genericpath.py -index 1ff7f75..b0a1326 100644 ---- a/Lib/test/test_genericpath.py -+++ b/Lib/test/test_genericpath.py -@@ -7,6 +7,7 @@ import os - import sys - import unittest - import warnings -+from test import support - from test.support import os_helper - from test.support import warnings_helper - from test.support.script_helper import assert_python_ok -@@ -430,6 +431,19 @@ class CommonTest(GenericTest): - os.fsencode('$bar%s bar' % nonascii)) - check(b'$spam}bar', os.fsencode('%s}bar' % nonascii)) - -+ @support.requires_resource('cpu') -+ def test_expandvars_large(self): -+ expandvars = self.pathmodule.expandvars -+ with os_helper.EnvironmentVarGuard() as env: -+ env.clear() -+ env["A"] = "B" -+ n = 100_000 -+ self.assertEqual(expandvars('$A'*n), 'B'*n) -+ self.assertEqual(expandvars('${A}'*n), 'B'*n) -+ self.assertEqual(expandvars('$A!'*n), 'B!'*n) -+ self.assertEqual(expandvars('${A}A'*n), 'BA'*n) -+ self.assertEqual(expandvars('${'*10*n), '${'*10*n) -+ - def test_abspath(self): - self.assertIn("foo", self.pathmodule.abspath("foo")) - with warnings.catch_warnings(): -diff --git a/Lib/test/test_ntpath.py b/Lib/test/test_ntpath.py -index f790f77..161e57d 100644 ---- a/Lib/test/test_ntpath.py -+++ b/Lib/test/test_ntpath.py -@@ -5,8 +5,8 @@ import sys - import unittest - import warnings - from ntpath import ALLOW_MISSING -+from test import support - from test.support import os_helper --from test.support import TestFailed - from test.support.os_helper import FakePath - from test import test_genericpath - from tempfile import TemporaryFile -@@ -56,7 +56,7 @@ def tester(fn, wantResult): - fn = fn.replace("\\", "\\\\") - gotResult = eval(fn) - if wantResult != gotResult and _norm(wantResult) != _norm(gotResult): -- raise TestFailed("%s should return: %s but returned: %s" \ -+ raise support.TestFailed("%s should return: %s but returned: %s" \ - %(str(fn), str(wantResult), str(gotResult))) - - # then with bytes -@@ -72,7 +72,7 @@ def tester(fn, wantResult): - warnings.simplefilter("ignore", DeprecationWarning) - gotResult = eval(fn) - if _norm(wantResult) != _norm(gotResult): -- raise TestFailed("%s should return: %s but returned: %s" \ -+ raise support.TestFailed("%s should return: %s but returned: %s" \ - %(str(fn), str(wantResult), repr(gotResult))) - - -@@ -689,6 +689,19 @@ class TestNtpath(NtpathTestCase): - check('%spam%bar', '%sbar' % nonascii) - check('%{}%bar'.format(nonascii), 'ham%sbar' % nonascii) - -+ @support.requires_resource('cpu') -+ def test_expandvars_large(self): -+ expandvars = ntpath.expandvars -+ with os_helper.EnvironmentVarGuard() as env: -+ env.clear() -+ env["A"] = "B" -+ n = 100_000 -+ self.assertEqual(expandvars('%A%'*n), 'B'*n) -+ self.assertEqual(expandvars('%A%A'*n), 'BA'*n) -+ self.assertEqual(expandvars("''"*n + '%%'), "''"*n + '%') -+ self.assertEqual(expandvars("%%"*n), "%"*n) -+ self.assertEqual(expandvars("$$"*n), "$"*n) -+ - def test_expanduser(self): - tester('ntpath.expanduser("test")', 'test') - -@@ -923,6 +936,7 @@ class TestNtpath(NtpathTestCase): - self.assertIsInstance(b_final_path, bytes) - self.assertGreater(len(b_final_path), 0) - -+ - class NtCommonTest(test_genericpath.CommonTest, unittest.TestCase): - pathmodule = ntpath - attributes = ['relpath'] -diff --git a/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst b/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst -new file mode 100644 -index 0000000..1d152bb ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst -@@ -0,0 +1 @@ -+Fix quadratic complexity in :func:`os.path.expandvars`. --- -2.40.0 diff --git a/meta/recipes-devtools/python/python3_3.10.19.bb b/meta/recipes-devtools/python/python3_3.10.20.bb similarity index 98% rename from meta/recipes-devtools/python/python3_3.10.19.bb rename to meta/recipes-devtools/python/python3_3.10.20.bb index fbb2f80886b..88a57971b95 100644 --- a/meta/recipes-devtools/python/python3_3.10.19.bb +++ b/meta/recipes-devtools/python/python3_3.10.20.bb @@ -37,10 +37,6 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-Avoid-shebang-overflow-on-python-config.py.patch \ file://0001-test_storlines-skip-due-to-load-variability.patch \ file://0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch \ - file://CVE-2025-6075.patch \ - file://CVE-2025-13836.patch \ - file://CVE-2025-13837.patch \ - file://CVE-2025-12084.patch \ " SRC_URI:append:class-native = " \ @@ -49,7 +45,7 @@ SRC_URI:append:class-native = " \ file://12-distutils-prefix-is-inside-staging-area.patch \ file://0001-Don-t-search-system-for-headers-libraries.patch \ " -SRC_URI[sha256sum] = "c8f4a596572201d81dd7df91f70e177e19a70f1d489968b54b5fbbf29a97c076" +SRC_URI[sha256sum] = "de6517421601e39a9a3bc3e1bc4c7b2f239297423ee05e282598c83ec0647505" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar" From patchwork Thu Apr 9 23:10:09 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85743 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF76AF364D9 for ; Thu, 9 Apr 2026 23:11:27 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144831.1775776282587513977 for ; Thu, 09 Apr 2026 16:11:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=zhZrdaJy; spf=pass (domain: smile.fr, ip: 209.85.128.67, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-488a29e6110so16179595e9.3 for ; Thu, 09 Apr 2026 16:11:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776281; x=1776381081; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=PGwAQjzppj08vZE+eBqJn8AJRwFKcPlSu7fv234ON6o=; b=zhZrdaJyy20xXvvqR5rFjvC2gQ0CbA7r9znhLu+GZZ1YOqycNscJYxjSK43EJ0QDpL 0o6F18J3NzzTVT1gaV4ZO1T3XgqkkeZhMhUZ7RLbob8Gp0fQ9XJbT3g+BAmI2Zu4WI2Q 0BawUnbhAhpWyAaBGotf/eCvsU3lwi/mbkzO8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776281; x=1776381081; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=PGwAQjzppj08vZE+eBqJn8AJRwFKcPlSu7fv234ON6o=; b=BahDehukgR4gBGNuZPzlZOOMknJk3mEuwMg1kpBgnJMKHoikPiKQLyjKiBQ29HbGzt 7aZoZSC8u2hRy4hx+q1Ac099THYiOwbISRZuJIQXgLGl+m8yJPSO9kFSxaKOSO1vwxqo RW8ZbCyulxlzFqtXgcGcshItoWTEfPmMMcHvvzQjnVjIcR/Qu53n8Kc1MEKppa+VNC+P 1TrF9wEZQ4aBARbV3U7W5RiwiVS9Ct8EY6L/qnnjc8NRoB5lllYauauw52cndy7eHCiu wC7p94WlBvMhSGzgJ61wD1cG9mwsXNjXEV1wK6d73MhP52oEewjTnqemB/K6pd1kK+yk 97bg== X-Gm-Message-State: AOJu0YxEhp0m8bSmFa/0a9blXtIqUGclo3Bmb9jtUSvzTexlkkVD2Tok pzJHel64yOO/bXq9jOFrPb0UFy2GE5hXx4ictmEik/hqu2seCh/81R5yrBXDKHD1aJaAMl9U3x7 TeTxvG42m7jP6 X-Gm-Gg: AeBDievikYPHQFoq2VnDlWH50rhLUN1Vk3glssuMa3XNJn+nnq+cf9XUABJDJ6pKNON u+a+afeDppLHyAJg9nxZCxcBMMt6k0CnV5NidMAI80x5+McnhlYZ4zevsD8iLhdMIoWOHntOV5m UxUkxojY6YUurSCrDisIzET69IZZ5D5FKM0UIyr5JcBgawWopdwqLB75FOUIyH4Lqo47PBY1Lni vVTmrj0RogrGFGFcdR5g+LHQFm5R5UNFOrhybomBauSC42Sy4K4TFR+NHzNaxxzWFe52jy19C5O z8byFWqPdrGodhiqITwpvqDJWmhxUvT2456p/+oD5JIlYyXBBxSuHM99j1TWFf/1IjJnShvIyuC kyFTMFa3xPvfQZMOHMHBjHSRnMT614mZhRZl6y71Fx01E687QnShVTWui3h7QEYl7pyG6gIlxca 76wdxHzCx/wZhBlznvIj7dGo7QN15DhmPAZCQuA3S5kJttdSA5Y5cR5uGjWt1M2cjRVbWAyHTFj t7FDTCAqo7NoNymlUo5hdE7050y X-Received: by 2002:a05:600c:19cf:b0:485:4453:401d with SMTP id 5b1f17b1804b1-488d67ebc79mr7488875e9.2.1775776280639; Thu, 09 Apr 2026 16:11:20 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:20 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 09/30] python3-pyopenssl: Fix CVE-2026-27448 Date: Fri, 10 Apr 2026 01:10:09 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234968 From: Vijay Anusuri Pick patch mentioned in NVD [1] https://nvd.nist.gov/vuln/detail/CVE-2026-27448 [2] https://ubuntu.com/security/CVE-2026-27448 Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../python3-pyopenssl/CVE-2026-27448.patch | 125 ++++++++++++++++++ .../python/python3-pyopenssl_22.0.0.bb | 4 + 2 files changed, 129 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch diff --git a/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch new file mode 100644 index 00000000000..4a06e2c0201 --- /dev/null +++ b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch @@ -0,0 +1,125 @@ +From d41a814759a9fb49584ca8ab3f7295de49a85aa0 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor +Date: Mon, 16 Feb 2026 21:04:37 -0500 +Subject: [PATCH] Handle exceptions in set_tlsext_servername_callback callbacks + (#1478) + +When the servername callback raises an exception, call sys.excepthook +with the exception info and return SSL_TLSEXT_ERR_ALERT_FATAL to abort +the handshake. Previously, exceptions would propagate uncaught through +the CFFI callback boundary. + +https://claude.ai/code/session_01P7y1XmWkdtC5UcmZwGDvGi + +Co-authored-by: Claude + +Upstream-Status: Backport [https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0] +CVE: CVE-2026-27448 +Signed-off-by: Vijay Anusuri +--- + CHANGELOG.rst | 2 ++ + src/OpenSSL/SSL.py | 7 ++++++- + tests/test_ssl.py | 50 ++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 58 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG.rst b/CHANGELOG.rst +index c84b30a..5b6d523 100644 +--- a/CHANGELOG.rst ++++ b/CHANGELOG.rst +@@ -20,6 +20,8 @@ Deprecations: + Changes: + ^^^^^^^^ + ++- ``Context.set_tlsext_servername_callback`` now handles exceptions raised in the callback by calling ``sys.excepthook`` and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. ++ + - Expose wrappers for some `DTLS + `_ + primitives. `#1026 `_ +diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py +index 12374b7..6ef44d4 100644 +--- a/src/OpenSSL/SSL.py ++++ b/src/OpenSSL/SSL.py +@@ -1,5 +1,6 @@ + import os + import socket ++import sys + from sys import platform + from functools import wraps, partial + from itertools import count, chain +@@ -1431,7 +1432,11 @@ class Context(object): + + @wraps(callback) + def wrapper(ssl, alert, arg): +- callback(Connection._reverse_mapping[ssl]) ++ try: ++ callback(Connection._reverse_mapping[ssl]) ++ except Exception: ++ sys.excepthook(*sys.exc_info()) ++ return _lib.SSL_TLSEXT_ERR_ALERT_FATAL + return 0 + + self._tlsext_servername_callback = _ffi.callback( +diff --git a/tests/test_ssl.py b/tests/test_ssl.py +index ccc8a38..77e1876 100644 +--- a/tests/test_ssl.py ++++ b/tests/test_ssl.py +@@ -1884,6 +1884,56 @@ class TestServerNameCallback(object): + + assert args == [(server, b"foo1.example.com")] + ++ def test_servername_callback_exception( ++ self, monkeypatch: pytest.MonkeyPatch ++ ) -> None: ++ """ ++ When the callback passed to `Context.set_tlsext_servername_callback` ++ raises an exception, ``sys.excepthook`` is called with the exception ++ and the handshake fails with an ``Error``. ++ """ ++ exc = TypeError("server name callback failed") ++ ++ def servername(conn: Connection) -> None: ++ raise exc ++ ++ excepthook_calls: list[ ++ tuple[type[BaseException], BaseException, object] ++ ] = [] ++ ++ def custom_excepthook( ++ exc_type: type[BaseException], ++ exc_value: BaseException, ++ exc_tb: object, ++ ) -> None: ++ excepthook_calls.append((exc_type, exc_value, exc_tb)) ++ ++ context = Context(SSLv23_METHOD) ++ context.set_tlsext_servername_callback(servername) ++ ++ # Necessary to actually accept the connection ++ context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem)) ++ context.use_certificate( ++ load_certificate(FILETYPE_PEM, server_cert_pem) ++ ) ++ ++ # Do a little connection to trigger the logic ++ server = Connection(context, None) ++ server.set_accept_state() ++ ++ client = Connection(Context(SSLv23_METHOD), None) ++ client.set_connect_state() ++ client.set_tlsext_host_name(b"foo1.example.com") ++ ++ monkeypatch.setattr(sys, "excepthook", custom_excepthook) ++ with pytest.raises(Error): ++ interact_in_memory(server, client) ++ ++ assert len(excepthook_calls) == 1 ++ assert excepthook_calls[0][0] is TypeError ++ assert excepthook_calls[0][1] is exc ++ assert excepthook_calls[0][2] is not None ++ + + class TestApplicationLayerProtoNegotiation(object): + """ +-- +2.25.1 + diff --git a/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb b/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb index db0e809ef54..13d87939b62 100644 --- a/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb +++ b/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb @@ -10,6 +10,10 @@ SRC_URI[sha256sum] = "660b1b1425aac4a1bea1d94168a85d99f0b3144c869dd4390d27629d00 PYPI_PACKAGE = "pyOpenSSL" inherit pypi setuptools3 +SRC_URI += " \ + file://CVE-2026-27448.patch \ +" + PACKAGES =+ "${PN}-tests" FILES:${PN}-tests = "${libdir}/${PYTHON_DIR}/site-packages/OpenSSL/test" From patchwork Thu Apr 9 23:10:10 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85744 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71AD9F364DC for ; Thu, 9 Apr 2026 23:11:28 +0000 (UTC) Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.145069.1775776283025602736 for ; Thu, 09 Apr 2026 16:11:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=O4WDQfMx; spf=pass (domain: smile.fr, ip: 209.85.128.66, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f66.google.com with SMTP id 5b1f17b1804b1-488ad135063so12548925e9.0 for ; Thu, 09 Apr 2026 16:11:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776281; x=1776381081; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DS4DHbc7Jf3zRsV2JHtkpVskXSIoVHL+z+JE3NrXy+4=; b=O4WDQfMx4xb5272yhHhmVCy5n6eDVYzrdl07YpwV04LA6jRVpGDOnPg9vWeC52/qtv ysYq5H7sKS4uo2DrSIGWsUgu0I7/Op/katRoWFGSxtEgBjK6ly0qY32pKRTfiZEqWFGP moCM9iOQ6V9vMO7COfga+DPkzUcHp1kG7LkBQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776281; x=1776381081; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=DS4DHbc7Jf3zRsV2JHtkpVskXSIoVHL+z+JE3NrXy+4=; b=a01c+EqLCSqtIoqdJBJ5BQttL3087r3vAfZtXcLnpK3VQbNO+Po8eFnw6DosleC6ls 2FGmxc4qhmbgKi6Dt9X/y0dkPeFltjHM2DZNzV9oekCZviQhAo1onpjesSEW+ouAp3zv v4HdGPSTYg1b3kKxyZz8VxDEnH/FIrYIA35MhGI9xbwFbo5lvD0BD09jVZA1uJWb4Aiz imoWnEvOkIqSJV2FaC68TzOo28wFOjJiOqdPw2Bd0O1QSEFLNGXF2QfdQgOUhauF/oze MIyhSB5S9JBvmDbe6FshrOUKtsqj/DdCmVDwUvJeP9nTXtbCZN9X8QH9PQEy9kWmwyMq 3qVA== X-Gm-Message-State: AOJu0YyAHy73jsFg96M0t8oWlUo0S07YiyChB50ALqwQMpZUVYUZxFFj Q2ObpkyndoMZtFYsq7dYF4+Ty5r812tyiS/JuzGFo4j10UCfT/kVEC/DdGa5n/DTnfCuOZUmgOH 1cdxI0sOk1scc X-Gm-Gg: AeBDiesLGlA6VciI0YsWRmmT94ROr/bffy7ibBXKnay40OGTShbqmn7am5S0AgmxPf1 JiFClj7/rEjFGRu/7D+DDb/RSSvbkIzIDqLTMAVbEZheawsSMyKzEaXPeBL+sy4YIbQzHAp1r+1 EWO9AnaZzQty/fNjyflV8PBkQHUd/QF1OaYxm6POeij6KE+APZkayk7B8dpdBBlGUz129r/QSXX bq7LaDnQl4zPEOQxdmtNBV7hxuvK85gnBfV2uqpeiaCYHx6v8th/D++gcXlbNPHn5SN4O+xSTGE ZM4yk0E8yJ+qSPx6aXdE+EjBSTt5cIuhioiYI7rqzlLPaNJDqzC1iEKzHg2+DSAWt0fksW//JRT dsKYxZDBUwlFBkKcTLlSz/cbARG1fZZPluNGpQSee1GyNfTLZ7WIar5cnGYoJXTgQ2hzDx4ZcQF m8R4qKLn6YYkDTsMtLBPdIvpCHMFwcFCa/hlqCbqKqNFJul/Rg1tlLD6uj2P1DjSqX72Ud/oLTU LtRPYqmbmQXqBCcXqhmeeTPZ/6Y X-Received: by 2002:a05:600c:5397:b0:488:b8bc:6a32 with SMTP id 5b1f17b1804b1-488d68a4765mr8661355e9.23.1775776281166; Thu, 09 Apr 2026 16:11:21 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:20 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 10/30] python3-pyopenssl: Fix CVE-2026-27459 Date: Fri, 10 Apr 2026 01:10:10 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234969 From: Vijay Anusuri Pick patch mentioned in NVD [1] https://nvd.nist.gov/vuln/detail/CVE-2026-27459 [2] https://ubuntu.com/security/CVE-2026-27459 Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../python3-pyopenssl/CVE-2026-27459.patch | 106 ++++++++++++++++++ .../python/python3-pyopenssl_22.0.0.bb | 1 + 2 files changed, 107 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch diff --git a/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch new file mode 100644 index 00000000000..b5e37a6900d --- /dev/null +++ b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch @@ -0,0 +1,106 @@ +From 57f09bb4bb051d3bc2a1abd36e9525313d5cd408 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor +Date: Wed, 18 Feb 2026 07:46:15 -0500 +Subject: [PATCH] Fix buffer overflow in DTLS cookie generation callback + (#1479) + +The cookie generate callback copied user-returned bytes into a +fixed-size native buffer without enforcing a maximum length. A +callback returning more than DTLS1_COOKIE_LENGTH bytes would overflow +the OpenSSL-provided buffer, corrupting adjacent memory. + +Co-authored-by: Claude Opus 4.6 + +Upstream-Status: Backport [https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408] +CVE: CVE-2026-27459 +Signed-off-by: Vijay Anusuri +--- + CHANGELOG.rst | 1 + + src/OpenSSL/SSL.py | 7 +++++++ + tests/test_ssl.py | 38 ++++++++++++++++++++++++++++++++++++++ + 3 files changed, 46 insertions(+) + +diff --git a/CHANGELOG.rst b/CHANGELOG.rst +index 5b6d523..13d8abd 100644 +--- a/CHANGELOG.rst ++++ b/CHANGELOG.rst +@@ -20,6 +20,7 @@ Deprecations: + Changes: + ^^^^^^^^ + ++- Properly raise an error if a DTLS cookie callback returned a cookie longer than ``DTLS1_COOKIE_LENGTH`` bytes. Previously this would result in a buffer-overflow. + - ``Context.set_tlsext_servername_callback`` now handles exceptions raised in the callback by calling ``sys.excepthook`` and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. + + - Expose wrappers for some `DTLS +diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py +index 6ef44d4..fa1b556 100644 +--- a/src/OpenSSL/SSL.py ++++ b/src/OpenSSL/SSL.py +@@ -556,11 +556,18 @@ class _CookieGenerateCallbackHelper(_CallbackExceptionHelper): + def __init__(self, callback): + _CallbackExceptionHelper.__init__(self) + ++ max_cookie_len = getattr(_lib, "DTLS1_COOKIE_LENGTH", 255) ++ + @wraps(callback) + def wrapper(ssl, out, outlen): + try: + conn = Connection._reverse_mapping[ssl] + cookie = callback(conn) ++ if len(cookie) > max_cookie_len: ++ raise ValueError( ++ f"Cookie too long (got {len(cookie)} bytes, " ++ f"max {max_cookie_len})" ++ ) + out[0 : len(cookie)] = cookie + outlen[0] = len(cookie) + return 1 +diff --git a/tests/test_ssl.py b/tests/test_ssl.py +index 77e1876..fb77b75 100644 +--- a/tests/test_ssl.py ++++ b/tests/test_ssl.py +@@ -4455,3 +4455,41 @@ class TestDTLS(object): + assert 0 < c.get_cleartext_mtu() < 500 + except NotImplementedError: # OpenSSL 1.1.0 and earlier + pass ++ ++ def test_cookie_generate_too_long(self) -> None: ++ s_ctx = Context(DTLS_METHOD) ++ ++ def generate_cookie(ssl: Connection) -> bytes: ++ return b"\x00" * 256 ++ ++ def verify_cookie(ssl: Connection, cookie: bytes) -> bool: ++ return True ++ ++ s_ctx.set_cookie_generate_callback(generate_cookie) ++ s_ctx.set_cookie_verify_callback(verify_cookie) ++ s_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem)) ++ s_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem)) ++ s_ctx.set_options(OP_NO_QUERY_MTU) ++ s = Connection(s_ctx) ++ s.set_accept_state() ++ ++ c_ctx = Context(DTLS_METHOD) ++ c_ctx.set_options(OP_NO_QUERY_MTU) ++ c = Connection(c_ctx) ++ c.set_connect_state() ++ ++ c.set_ciphertext_mtu(1500) ++ s.set_ciphertext_mtu(1500) ++ ++ # Client sends ClientHello ++ try: ++ c.do_handshake() ++ except SSL.WantReadError: ++ pass ++ chunk = c.bio_read(self.LARGE_BUFFER) ++ s.bio_write(chunk) ++ ++ # Server tries DTLSv1_listen, which triggers cookie generation. ++ # The oversized cookie should raise ValueError. ++ with pytest.raises(ValueError, match="Cookie too long"): ++ s.DTLSv1_listen() +-- +2.25.1 + diff --git a/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb b/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb index 13d87939b62..42de3207b46 100644 --- a/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb +++ b/meta/recipes-devtools/python/python3-pyopenssl_22.0.0.bb @@ -12,6 +12,7 @@ inherit pypi setuptools3 SRC_URI += " \ file://CVE-2026-27448.patch \ + file://CVE-2026-27459.patch \ " PACKAGES =+ "${PN}-tests" From patchwork Thu Apr 9 23:10:11 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85748 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97E10F364DB for ; Thu, 9 Apr 2026 23:11:28 +0000 (UTC) Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144832.1775776285095176894 for ; Thu, 09 Apr 2026 16:11:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=xmUlOiqE; spf=pass (domain: smile.fr, ip: 209.85.128.66, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f66.google.com with SMTP id 5b1f17b1804b1-488b00ed86fso15334625e9.3 for ; Thu, 09 Apr 2026 16:11:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776283; x=1776381083; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ugHqcjdN6zoBas+QQwnv65Xz4W7IIwZMWDc6pFdOi90=; b=xmUlOiqElpHEvdAR0PTxfd8yFgc6gbsb8il6aJiJZbeQ+yg8sQcz/xRJFOp6MT6Tun o7gmvuulE8NHFFPmK2Bf7nDpJoRK4meDBrww2wfTFzEt+p2qu56X2QDwbqestvP49Pyi 3UFkwfnIREEpA7eKcB5sR2UjKNN71SFrPCihg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776283; x=1776381083; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ugHqcjdN6zoBas+QQwnv65Xz4W7IIwZMWDc6pFdOi90=; b=RVGJGu5E5gb710oS3fehXrE/cpAnamppne1PtZOkTHmx/nQ3AbqKr751f27TfvNn40 HRCIx97JlZNdbWHTIM8VozJkfAS9OAjGsc54yheM1JCYGTf+L3u7MkvsbtOZ39SQa0+8 hNTFu3r/hMqBzi5bc8Abu1h1WvPw2gO9McbpTGrGVZE85Y27Ip4nHA4HI6bY/P5dpGA8 o0nTnXk08wEWQzoF3u2+yAkPUHDLJ1Bcj2AAkJOJUjd7qZ9PVxWrTSyWpmm2kE7cmTF7 0xHYopLiXRRO976Ddxmgjx+DmY9jzafcmjl0dsjSMZ8Kd8/UC8ZGcFog7gvtIkCYjt2j qy0Q== X-Gm-Message-State: AOJu0YxbF8S76xqi34H5BLwgP6gi1KAVH/+8srzIgznn0fa2kktP/6et Wz0244rq4gtSwBjikVFCmhs+juCoH7NWmKV3kUERHB9aXsIyK9gSUeLIHRmsTBWOgPtgSeRGkWJ +5r8hZh5tmdfR X-Gm-Gg: AeBDiet8Lb5cGCN5pw8q4Gv1wKLmcVhtn6FsTUBFcsham3z6TuHzWMjaet00VuenITl ZpBHGXdAK/tMfR6svqO3zvbMnjqfaWoYH3k42HXpd0Awp+cTOXeVS8dfqBmp52uKeik5QxvwwVL dECcl4hav18lyMHDfJICV6DTogQB01Q2BFuT20FtQeKjdUQE44I1Rh37epnYNM5sZq3+ma6cXlf nq6l3A9EZOWMZdzIp83xjX7qE3rc1eHrPKswH6YKivX7h8h+5AkG7gy2RaVcqxTv9IRoHfRmaNv Pr5jbaHNEnRkiHNNikc80uwv+nGOTaeKteSZD5aKIJbf5J5I/lUuCr9eKYPZQAh3j34TQYMR3KC aaTTjusl04hXd3QyRvKXlTJidowo8irAYy+7pJUFWTFxWAA8HSVBwme4VT5WSaxIHOU/LYug+Df Nv9tHSAYiiR46MSCeXf0UO4gAnXt/d4kj6IJ5yFDDpr4MgUf3+7kfn5P6EfdB8CTNVBHTX0j3uF gSVQ/b881AXzwyQbEgRWp+/+3cb X-Received: by 2002:a05:600c:5299:b0:487:1fb4:7e1 with SMTP id 5b1f17b1804b1-488d6875f3emr7441525e9.22.1775776282738; Thu, 09 Apr 2026 16:11:22 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:21 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 11/30] libarchive: Fix CVE-2026-4111 Date: Fri, 10 Apr 2026 01:10:11 +0200 Message-ID: <9af05e2d56ed355c02722a24ee66b2b0d4097cb9.1775775155.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234970 From: Vijay Anusuri Pick patch according to [1] [1] https://security-tracker.debian.org/tracker/CVE-2026-4111 [2] https://github.com/libarchive/libarchive/pull/2877 [3] https://access.redhat.com/errata/RHSA-2026:5080 Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../libarchive/CVE-2026-4111-1.patch | 32 ++ .../libarchive/CVE-2026-4111-2.patch | 308 ++++++++++++++++++ .../libarchive/libarchive_3.6.2.bb | 2 + 3 files changed, 342 insertions(+) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch new file mode 100644 index 00000000000..1f065b13648 --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch @@ -0,0 +1,32 @@ +From 7273d04803a1e5a482f26d8d0fbaf2b204a72168 Mon Sep 17 00:00:00 2001 +From: Tim Kientzle +Date: Sun, 1 Mar 2026 20:24:56 -0800 +Subject: [PATCH] Reject filters when the block length is nonsensical + +Credit: Grzegorz Antoniak @antekone + +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/7273d04803a1e5a482f26d8d0fbaf2b204a72168] +CVE: CVE-2026-4111 +Signed-off-by: Vijay Anusuri +--- + libarchive/archive_read_support_format_rar5.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c +index 38979cb..867f0a8 100644 +--- a/libarchive/archive_read_support_format_rar5.c ++++ b/libarchive/archive_read_support_format_rar5.c +@@ -2914,7 +2914,9 @@ static int parse_filter(struct archive_read* ar, const uint8_t* p) { + if(block_length < 4 || + block_length > 0x400000 || + filter_type > FILTER_ARM || +- !is_valid_filter_block_start(rar, block_start)) ++ !is_valid_filter_block_start(rar, block_start) || ++ (rar->cstate.window_size > 0 && ++ (ssize_t)block_length > rar->cstate.window_size >> 1)) + { + archive_set_error(&ar->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Invalid filter encountered"); +-- +2.25.1 + diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch new file mode 100644 index 00000000000..243a03a8e5d --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch @@ -0,0 +1,308 @@ +From ef53e2023d75a205cf7cbddb5d01c4cc592e9ce4 Mon Sep 17 00:00:00 2001 +From: Tim Kientzle +Date: Sun, 1 Mar 2026 10:04:01 -0800 +Subject: [PATCH] Infinite loop in Rar5 decompression + +Found by: Elhanan Haenel + +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/ef53e2023d75a205cf7cbddb5d01c4cc592e9ce4] +CVE: CVE-2026-4111 +Signed-off-by: Vijay Anusuri +--- + Makefile.am | 2 + + libarchive/test/CMakeLists.txt | 1 + + .../test/test_read_format_rar5_loop_bug.c | 53 +++++ + .../test_read_format_rar5_loop_bug.rar.uu | 189 ++++++++++++++++++ + 4 files changed, 245 insertions(+) + create mode 100644 libarchive/test/test_read_format_rar5_loop_bug.c + create mode 100644 libarchive/test/test_read_format_rar5_loop_bug.rar.uu + +diff --git a/Makefile.am b/Makefile.am +index dd1620d..14edb2a 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -507,6 +507,7 @@ libarchive_test_SOURCES= \ + libarchive/test/test_read_format_rar_invalid1.c \ + libarchive/test/test_read_format_rar_overflow.c \ + libarchive/test/test_read_format_rar5.c \ ++ libarchive/test/test_read_format_rar5_loop_bug.c \ + libarchive/test/test_read_format_raw.c \ + libarchive/test/test_read_format_tar.c \ + libarchive/test/test_read_format_tar_concatenated.c \ +@@ -869,6 +870,7 @@ libarchive_test_EXTRA_DIST=\ + libarchive/test/test_read_format_rar5_invalid_dict_reference.rar.uu \ + libarchive/test/test_read_format_rar5_leftshift1.rar.uu \ + libarchive/test/test_read_format_rar5_leftshift2.rar.uu \ ++ libarchive/test/test_read_format_rar5_loop_bug.rar.uu \ + libarchive/test/test_read_format_rar5_multiarchive.part01.rar.uu \ + libarchive/test/test_read_format_rar5_multiarchive.part02.rar.uu \ + libarchive/test/test_read_format_rar5_multiarchive.part03.rar.uu \ +diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt +index 05c6fd7..c8f2e90 100644 +--- a/libarchive/test/CMakeLists.txt ++++ b/libarchive/test/CMakeLists.txt +@@ -156,6 +156,7 @@ IF(ENABLE_TEST) + test_read_format_rar_filter.c + test_read_format_rar_overflow.c + test_read_format_rar5.c ++ test_read_format_rar5_loop_bug.c + test_read_format_raw.c + test_read_format_tar.c + test_read_format_tar_concatenated.c +diff --git a/libarchive/test/test_read_format_rar5_loop_bug.c b/libarchive/test/test_read_format_rar5_loop_bug.c +new file mode 100644 +index 0000000..77dd78c +--- /dev/null ++++ b/libarchive/test/test_read_format_rar5_loop_bug.c +@@ -0,0 +1,53 @@ ++/*- ++ * Copyright (c) 2026 Tim Kientzle ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#include "test.h" ++ ++DEFINE_TEST(test_read_format_rar5_loop_bug) ++{ ++ const char *reffile = "test_read_format_rar5_loop_bug.rar"; ++ struct archive_entry *ae; ++ struct archive *a; ++ const void *buf; ++ size_t size; ++ la_int64_t offset; ++ ++ extract_reference_file(reffile); ++ assert((a = archive_read_new()) != NULL); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a)); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a)); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_open_filename(a, reffile, 10240)); ++ ++ // This has just one entry ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae)); ++ ++ // Read blocks until the end of the entry ++ while (ARCHIVE_OK == archive_read_data_block(a, &buf, &size, &offset)) { ++ } ++ ++ assertEqualIntA(a, ARCHIVE_EOF, archive_read_next_header(a, &ae)); ++ ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); ++ assertEqualInt(ARCHIVE_OK, archive_free(a)); ++} +diff --git a/libarchive/test/test_read_format_rar5_loop_bug.rar.uu b/libarchive/test/test_read_format_rar5_loop_bug.rar.uu +new file mode 100644 +index 0000000..3e47004 +--- /dev/null ++++ b/libarchive/test/test_read_format_rar5_loop_bug.rar.uu +@@ -0,0 +1,189 @@ ++begin 644 test_read_format_rar5_loop_bug.rar ++M4F%R(1H'`0#%&C,R`P$``)T-9%L.`@+P0`"`@`P`@`,``6'(WFP@`?\7_U/^ ++M8@!.`B`H```````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++M```````````````````````````````````````````````````````````` ++5```````````````````Y^;*!`@4` ++` ++end +-- +2.25.1 + diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index e74326b40fd..85fe6e5baa2 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -50,6 +50,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ file://0001-Merge-pull-request-2768-from-Commandoss-master.patch \ file://CVE-2025-60753-01.patch \ file://CVE-2025-60753-02.patch \ + file://CVE-2026-4111-1.patch \ + file://CVE-2026-4111-2.patch \ " UPSTREAM_CHECK_URI = "http://libarchive.org/" From patchwork Thu Apr 9 23:10:12 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85746 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DEAA3E98FDF for ; Thu, 9 Apr 2026 23:11:28 +0000 (UTC) Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.145070.1775776285694870686 for ; Thu, 09 Apr 2026 16:11:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=MPHtvbRf; spf=pass (domain: smile.fr, ip: 209.85.128.65, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f65.google.com with SMTP id 5b1f17b1804b1-488ba840146so13523505e9.1 for ; Thu, 09 Apr 2026 16:11:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776284; x=1776381084; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BP2dmZ8/tCvcPVYoWBz+GfrxwcZDBTHysfpT3H3eCm0=; b=MPHtvbRfCAjjGB8Me29WCeKgGqUKnL5nEPbxH26yegge3DUGbEy4w3wDjpdN9uO+KP g6woO0fwysROmFgU1KqukasN7Elela89vULbFkjuloMhgEpKrd1FMko322kfmkfoIekg I2XeUAx5zpS7zKOJBQk0T99cMyRbo8bbFtkKw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776284; x=1776381084; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=BP2dmZ8/tCvcPVYoWBz+GfrxwcZDBTHysfpT3H3eCm0=; b=iCdpdxin6qP8S4Wvpk5ytKeirhEEUU8iE0XYf2S6pjFe373f2J5vGDWtqm+e1cl1m7 2aN+J4+vv+8ZFjt1WDUFBTZak/Ml9nQj6Dfk1Ute4rGnDF+bs0nEv/w6h8tieDq3LOaV fVwZXjCQDyeRdXP4jWpuUTp8eN4pxAO2eqkWyo2PBcctibvz23AeX0uozylPrildFtuH vOkcmoMH/tlIeUC0mXXfl2QouFe2MIPqelDuIwWPke0Eb6Idltpwqjr0DJFo9NChDXux 8y+UCEw/LV87TnB58y574NGtC4SQiqBw5NxsxF4IE9UH4yrZc85EWYHgFOeQ+R8r0Gt/ m9Cw== X-Gm-Message-State: AOJu0YzSBEbB7smrRCHumEAX3UbSDwknGZQVx4Mpo/yz6aYk13IdlOR6 sHSngSFAg/kHV3cpZtZnaVjTThATEXZJ0rx9kQSooBDpW6tcOwYibGoKbabw2141rwVJ584AsKR R+uumTsdWwUdc X-Gm-Gg: AeBDievQpt7AZqpJqhonqNkHf5bhLqgFSpODzackabOIEbzPeQVHtSBysB1PSq8Icbm j3PrGBWfjiLzS6V59B3+O1sFut6A6Ch3xSSfW9BPNMWNseSnj/3RU1ZYMjefa76YlpuazVxA55G dV20TeBYibiwLfl9Bo8B2i7hy0TNoQFMiSy9kgy7nzVL2WOJdut/8jcPidB4y0PEvqPfWPHSpVe uGvelbwSYo2GXX1fS42VTh5GzR3mUiv1hnE5tc2+pRuDtILFWH/8DzhAoq/2w2loHHpTKjF25Ix C7Uff1mXIksOFcumJ4IFnArrkZ7mPn/565Cn31heDRCw/HbDcvYaMeW2DBerAhJiZqPMEW6a8gx 3psGJ2iey80EMFdBd9SJzPis8/9ekX6SnvDFwwtuU24BAvw7yYgBM9dRfgI2Wt0XG9Lan7mdaZL aOLfP0O17pJJLLdd2rIBG6WteMeAAMhlGm6aTaS95cJcxGzycY56oMoQFE+SgzjnQQxHmuF3fHo 26QwXQxFKJ7j5v5zNCmRVEprWTq X-Received: by 2002:a05:600c:314b:b0:488:b241:2c5f with SMTP id 5b1f17b1804b1-488d687c076mr6386615e9.26.1775776283779; Thu, 09 Apr 2026 16:11:23 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:23 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 12/30] vim: Fix CVE-2026-33412 Date: Fri, 10 Apr 2026 01:10:12 +0200 Message-ID: <910667342b78fefa22214f6375b657e8b130a24a.1775775155.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234971 From: Hitendra Prajapati Pick patch from [1] also mentioned in NVD report with [2] [1] https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a [2] https://nvd.nist.gov/vuln/detail/CVE-2026-33412 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../vim/files/CVE-2026-33412.patch | 61 +++++++++++++++++++ meta/recipes-support/vim/vim.inc | 1 + 2 files changed, 62 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2026-33412.patch diff --git a/meta/recipes-support/vim/files/CVE-2026-33412.patch b/meta/recipes-support/vim/files/CVE-2026-33412.patch new file mode 100644 index 00000000000..62daa308b58 --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-33412.patch @@ -0,0 +1,61 @@ +From 645ed6597d1ea896c712cd7ddbb6edee79577e9a Mon Sep 17 00:00:00 2001 +From: pyllyukko +Date: Thu, 19 Mar 2026 19:58:05 +0000 +Subject: [PATCH] patch 9.2.0202: [security]: command injection via newline in + glob() + +Problem: The glob() function on Unix-like systems does not escape + newline characters when expanding wildcards. A maliciously + crafted string containing '\n' can be used as a command + separator to execute arbitrary shell commands via + mch_expand_wildcards(). This depends on the user's 'shell' + setting. +Solution: Add the newline character ('\n') to the SHELL_SPECIAL + definition to ensure it is properly escaped before being + passed to the shell (pyllyukko). + +closes: #19746 + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c + +Signed-off-by: pyllyukko +Signed-off-by: Christian Brabandt + +CVE: CVE-2026-33412 +Upstream-Status: Backport [https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a] +Signed-off-by: Hitendra Prajapati +--- + src/os_unix.c | 2 +- + src/version.c | 2 ++ + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/os_unix.c b/src/os_unix.c +index cf195e62e1..d767956b1a 100644 +--- a/src/os_unix.c ++++ b/src/os_unix.c +@@ -7106,7 +7106,7 @@ mch_expandpath( + # define SEEK_END 2 + #endif + +-#define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|" ++# define SHELL_SPECIAL (char_u *)"\t \"&'$;<>()\\|\n" + + int + mch_expand_wildcards( +diff --git a/src/version.c b/src/version.c +index 4f3912aedd..712a3e637c 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -724,6 +724,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 1684, + /**/ + 1683, + /**/ +-- +2.50.1 + diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 289f31be707..fc9b4db055a 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://disable_acl_header_check.patch \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ + file://CVE-2026-33412.patch \ " PV .= ".1683" From patchwork Thu Apr 9 23:10:13 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85745 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 72D49EA3C5C for ; Thu, 9 Apr 2026 23:11:29 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144833.1775776287016698278 for ; Thu, 09 Apr 2026 16:11:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=UFfJWzH8; spf=pass (domain: smile.fr, ip: 209.85.128.67, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-4887f49ec5aso17982315e9.1 for ; Thu, 09 Apr 2026 16:11:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776285; x=1776381085; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=sMEM8VvFmNdDO0qa35jZnfImu6P/RN8dlTc/DuIxpfs=; b=UFfJWzH807FptQKGyxlc+Xq3dTU0aiX1KcNzU9Egee/fiDYN8bSQZ2kUfCgovIHILS k24U6IPs3F6wE1DGh5Dagb2vAGMOo71Cdm1jkXXHagczlrk+OwF4IJMTaL/3Z01g17x8 gmhNJAg+i/0Dl3sWUJR4p435gyVuvNanJXCtM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776285; x=1776381085; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=sMEM8VvFmNdDO0qa35jZnfImu6P/RN8dlTc/DuIxpfs=; b=Nrvqg3Ghxl9xY1Tg3uskdOQCkOhvwP1iV0Dq8Rdl5olwOYNiZbfnRYNyUUBj2/8zF2 TkSuOGlCJWqUiTvrDHN86Tq8Fl1B2ROC52Kw38ou2GXltrZsFks3Xn9g2ZOujsbaUNPx zzNdTJqCLCenRwHcjfAYtYjfHujR7nwzMGQSfYv/ig+lkZagG2FZP8Y+NMF4lneCq081 Kp+qlg+TFeXT+/D6uldjlYVPmmCK+Nt7qYWHi7h5BtU4O8ULTU/8C0Ok8FddJsoFNlP9 RP1HeIQS7edTmZtSZJQoPf1YoQozvqRGyjDluMhr/SLI4BPq2C5RSIb3bB495MzKyRQm tpvQ== X-Gm-Message-State: AOJu0YxnerQWNvo7J3DEAbEmmcA58jgD0aBftH4MOMupoz/h+ykrUhMX wxu2YVU5/ErxuxRixke66JwZrFuv45AUytoYQX9oNVvcdZuWFezmExqxezzaZ7+30Di4FB6z3ud pGknlCH6RfM5m X-Gm-Gg: AeBDieuCAszDFcxGRHp7QVzIW7pNtYFG7UsxUZYo+qrAKwT2o9WtoyoMhvqjGVnuPk2 m3gAT4AWRk2lI6rG5gZ+UBkXmyCHXnx2bdGvXtlVMR6g/MPWdvFBm62DgaC2QSE0EraCKI71De8 RgcdKabJWil5XsHaZN3Mtetcv+JpwHE4tQK6Uma/ofkSDmy2ETARMPe/tUGs/HMQ4uO9Y4q83jM 5vi67EFVe0TNQX/jFcDJjTkbf5G+U+A1fsek/xRELhLf7kuaiEs7go10TP7Y7UdvCcrAio11PdX DLKUYGz/eNwIR3ji7e6w4FY9u47Ct4y4j15a7LlL1D+OZMXBCX4+LlOcS5lsLkc3TjFNBlMtYML qBgZbVWM6aMoFJwgBdDtD8RdkNyhlHXTrRdTRQNn1QJO7oCUfQalS8yBTcorUWb2trtgtpGHlxt qNI1lNcFzuZI6oIILa2THQH+GWIaEh02WhND8T3cTRaavdIRys6HrHsGw/JIn281P2eRYzpwxx5 ZUyJG2wj09buSDjGW1yv1xnXSgI X-Received: by 2002:a05:600c:4504:b0:485:3b9e:caa7 with SMTP id 5b1f17b1804b1-488d6864f6dmr7557465e9.23.1775776285153; Thu, 09 Apr 2026 16:11:25 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:24 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 13/30] sqlite3: Fix CVE-2025-70873 Date: Fri, 10 Apr 2026 01:10:13 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234972 From: Vijay Anusuri Pick patch as per [1] [1] https://sqlite.org/src/info/3d459f1fb1bd1b5e [2] https://sqlite.org/forum/forumpost/761eac3c82 [3] https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054 Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../sqlite/files/CVE-2025-70873.patch | 33 +++++++++++++++++++ meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-70873.patch diff --git a/meta/recipes-support/sqlite/files/CVE-2025-70873.patch b/meta/recipes-support/sqlite/files/CVE-2025-70873.patch new file mode 100644 index 00000000000..86004c0b741 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2025-70873.patch @@ -0,0 +1,33 @@ +From 5a05c59d4d75c03f23d5fb70feac9f789954bf8a Mon Sep 17 00:00:00 2001 +From: drh <> +Date: Sat, 6 Dec 2025 20:41:24 +0000 +Subject: [PATCH] In the zipfile extension, only return as many bytes as + Inflate actually generated. [forum:/forumpost/761eac3c82|Forum post + 761eac3c82]. Adjust ./configure so that it builds zipfile into testfixture if + ZLIB is available, so that tests get run on unix platforms. + +FossilOrigin-Name: 3d459f1fb1bd1b5e723629c463ab392af7b206ece3388bda216c6a4c26160909 + +Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/5a05c59d4d75c03f23d5fb70feac9f789954bf8a] +CVE: CVE-2025-70873 +Signed-off-by: Vijay Anusuri +--- + shell.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/shell.c b/shell.c +index fa45d40..3c4902c 100644 +--- a/shell.c ++++ b/shell.c +@@ -7668,7 +7668,7 @@ static void zipfileInflate( + if( err!=Z_STREAM_END ){ + zipfileCtxErrorMsg(pCtx, "inflate() failed (%d)", err); + }else{ +- sqlite3_result_blob(pCtx, aRes, nOut, zipfileFree); ++ sqlite3_result_blob(pCtx, aRes, (int)str.total_out, zipfileFree); + aRes = 0; + } + } +-- +2.25.1 + diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb index acdd80022e1..9e10caa399a 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb @@ -10,6 +10,7 @@ SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://CVE-2023-7104.patch \ file://CVE-2025-29088.patch \ file://CVE-2025-6965.patch \ + file://CVE-2025-70873.patch \ " SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c" From patchwork Thu Apr 9 23:10:14 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85750 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 747DCF36B82 for ; Thu, 9 Apr 2026 23:11:30 +0000 (UTC) Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144835.1775776288028432542 for ; Thu, 09 Apr 2026 16:11:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=zIV1qBXg; spf=pass (domain: smile.fr, ip: 209.85.128.68, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f68.google.com with SMTP id 5b1f17b1804b1-488afb0427eso18339805e9.1 for ; Thu, 09 Apr 2026 16:11:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776286; x=1776381086; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DnPfSxuNmlH81fbdPnvc6ltVJQ+styhsyLQRmmXMXrU=; b=zIV1qBXgKwQ4Z+WMQDwPzMhbU21stLNCkKDYDAvgxENORPRPefSriOHoWk/rUq6zAX W0z4cPECFbcY8T66QulU9niYqtSX3KslP690g3/TQmTIB6f3azXqlEvwf1eArVZf04/z ezrPTyhgmedSMk2/rEBoPoI7/yo/OtgXi+Ql0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776286; x=1776381086; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=DnPfSxuNmlH81fbdPnvc6ltVJQ+styhsyLQRmmXMXrU=; b=QOYcfp/k76elT6BqB+SwMFn5yk/7pNUgyUaJlx7cQG1pPYCwi1OUz5RqBgxH3TBagw WY1D+lulANntAQuQAEbtQUrbaSHKPLI/zDy7YplHCLu91rXB8+p+jok9lAFLmooe/qbH PSLiv+aUN8VI/EAAM9csA2dtfjk/RXd8CCi79VjpsyyTDDb2FGr50pfb5GeDwAuFdMS/ oz8n1WdkjgNwP59sLHKk9aTKMq+KIJCydcsbSeyiLunyZzIltUg8IUyUTuhhAeaoe8y1 dQyTcbL3xECQiJF8wXth+BM4BeqjsG00/uQyz1ARNeX14oTxjuVhdLRBIpc0HnZ5FRbX VHlw== X-Gm-Message-State: AOJu0YzInwfl9IT85AZqtxAxpjdOihn7dSicb4bFqr9QrbrUz2//LH22 XU3LQS3ksQ9BjzKhbBY7lMkGVYsxP31n7dxa7yn6wEfcNZ/hlABORpS7OFrQt/6rcMtQmh69ubT Z2jD+7vPfBwFu X-Gm-Gg: AeBDietlYhktQI5E5F9UVwaKs4VmF6LPCYAjJS8syg31+TfXAAZRSxC8TntcfeFKl8J 81NlOVAFgfzoO+O5dvWdgoO+ZWKtcmxlWbINB4QZDZ4R+MUurcs+pLP+P+AMzAl+ojwc3zR8P4q AMx9UiidKbNztWemPpbZfN0BOmWbAdG4kdboabKBmRb0EggMwkatIq52Gk1X3XovsvOWnFhF55X r7HHa+1mDzxA9hCtq8guvJ4A28TOOUwCaCVRW8FH4uHqnsIOdM72rfnHuDtIvjTYfQLMfbM8Mi+ EPnQ7+A0Xf/t5iNuxAg0ztfBIwIAlDDEqSp1mvol96Gg7wh8KabEORVwbgaVPpmXRJq9lOOWZQc e+AnHtTfu0QVD5+xX+HCCMAcHAXKiHbc5iVYpoWh6hvCv8BJpJGUPxqZQCgk2LnxT1kn3xFNfAu jN6TottasCcQkq9EvKtOI3JpExlhCJOFfoQw2LZ+9eleQ5l8VnpOYcZBIx6ARt5wj1L5qZfLBar aBarhjXyyqyjSr+6/Cx2msTKdhy X-Received: by 2002:a05:600c:c16d:b0:488:be21:54ae with SMTP id 5b1f17b1804b1-488d66504bfmr9309295e9.0.1775776286170; Thu, 09 Apr 2026 16:11:26 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:25 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 14/30] curl: patch CVE-2025-14524 Date: Fri, 10 Apr 2026 01:10:14 +0200 Message-ID: <69b98b1f2bd0717b0ab7adcb5d8aa9b84ae2f48b.1775775155.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234973 From: Vijay Anusuri Pick commit per [1]. [1] https://curl.se/docs/CVE-2025-14524.html [2] https://security-tracker.debian.org/tracker/CVE-2025-14524 Signed-off-by: Amaury Couderc Signed-off-by: Paul Barker Signed-off-by: Vijay Anusuri [YC: cherry-picked from scarthgap commit 951113a6e8185969444b5e28292f23434dba1f6c] Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2025-14524.patch | 42 +++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14524.patch diff --git a/meta/recipes-support/curl/curl/CVE-2025-14524.patch b/meta/recipes-support/curl/curl/CVE-2025-14524.patch new file mode 100644 index 00000000000..0ab77ade9d5 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2025-14524.patch @@ -0,0 +1,42 @@ +From b3e2318ff3cbe4a9babe5b6875916a429bd584be Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 10 Dec 2025 11:40:47 +0100 +Subject: [PATCH] curl_sasl: if redirected, require permission to use bearer + +Closes #19933 + +CVE: CVE-2025-14524 +Upstream-Status: Backport [https://github.com/curl/curl/commit/1a822275d333dc6da6043497160fd04c8fa48640] + +Signed-off-by: Amaury Couderc + +--- + lib/curl_sasl.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c +index 7e28c92..f0b0341 100644 +--- a/lib/curl_sasl.c ++++ b/lib/curl_sasl.c +@@ -345,7 +345,9 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, + data->set.str[STRING_SERVICE_NAME] : + sasl->params->service; + #endif +- const char *oauth_bearer = data->set.str[STRING_BEARER]; ++ const char *oauth_bearer = ++ (!data->state.this_is_a_follow || data->set.allow_auth_to_other_hosts) ? ++ data->set.str[STRING_BEARER] : NULL; + struct bufref nullmsg; + + Curl_bufref_init(&nullmsg); +@@ -531,7 +533,9 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, + data->set.str[STRING_SERVICE_NAME] : + sasl->params->service; + #endif +- const char *oauth_bearer = data->set.str[STRING_BEARER]; ++ const char *oauth_bearer = ++ (!data->state.this_is_a_follow || data->set.allow_auth_to_other_hosts) ? ++ data->set.str[STRING_BEARER] : NULL; + struct bufref serverdata; + + Curl_bufref_init(&serverdata); diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index 72bd1a20881..b8fa8b5266a 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -70,6 +70,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2025-14017.patch \ file://CVE-2025-15079.patch \ file://CVE-2025-15224.patch \ + file://CVE-2025-14524.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Thu Apr 9 23:10:15 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85751 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B69C8F36B86 for ; Thu, 9 Apr 2026 23:11:30 +0000 (UTC) Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.145071.1775776289079247777 for ; Thu, 09 Apr 2026 16:11:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=HePFsfap; spf=pass (domain: smile.fr, ip: 209.85.128.65, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f65.google.com with SMTP id 5b1f17b1804b1-4887ca8e529so9442095e9.0 for ; Thu, 09 Apr 2026 16:11:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776287; x=1776381087; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OCrRpjcSzw3cpfrKy1N2tyj/zldtSrQhQmfan6FM4XI=; b=HePFsfapCLoh1NhM4H+XgJioqrsiKCAyufnQMqEcfowHMK6+vKKhK50uomA/Ux6lmR nJMcIbbgyzbkERylyzqYMiB19/R7HFAdQke+xA0Yp0Njz82xwAXPP9GrrnbCWT8sEqgP JECzl4WIPw1bfazF7gZYHPrWcbPskrMnx8WwY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776287; x=1776381087; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=OCrRpjcSzw3cpfrKy1N2tyj/zldtSrQhQmfan6FM4XI=; b=MHrM9Q9tFWzfj1TXsGHNPH/fl8tbQtnB9CJVTn+YlJoff9ww6BDbPL5nLfRUJlzOee 4fTMQClygl96PuSCFaQI74Kvtb/B53/M92IF21LOeEYhmiO/VPWAB+KDX74UN+tYvavb yDZLpk2gHHs/s/YzOhzQmXWSC3qAqFga950p9q9exNDwky1KG2qUcAA07ijILBiF3ner r7UntL+h8IORPFPUpN5uuQcPPVw/QC5r7sGAH/RObnXNaiR7KjgwBR5YuDm58vTg6c/Y 5spbZ/eynp47hREqcIQE8oXfWISW+Kf7jnU8AHoTZ0fPZKHGxMQ4ncBNS59nhW0I19tJ 88Rw== X-Gm-Message-State: AOJu0YxeX+XDQGwfHoCe5KAsMo9KoS4q++hRbOA52Y8NRZDGI4SvjsSS ltZOoCtgFp6b7VUVsfwqAZ/u0R0AWQKLxVftl/yKP+t0B1GQevfYUY+dzCfBfmSGh9SwFHzKv43 BoFMKfg7MbXxx X-Gm-Gg: AeBDieuIzON6FOlxwA+8R0agZ5viTo83nfa282ahEdz6OSIyKRmsPl4PodIM1cG9MGV JDZgs7LNODxaszZic47wrOck/RV2aXgQCK6FDgwnSEDDMFkcu2iFg9j7wtGmbXB44ql5ShwpD2b 6YTMCGxsv+T9sPiIs9u5GohZEoNoKXSXCJA7Uj3nzIIcQkTgijdkSlmDYr8vhbRIkf2McB3vyEN QJXFElkBKpGIE6GeFPtZx5KbwRBkKnhHSshtoUn6JuXkFnZhRAhR1MXIlDoMbF3q0WGB7B9OA0d IOAd/0R3VUr9sV+CNPNHqbtjKv7vIj+5OA5zMSOl/kytTGbtpgDKEG3xb+mvtu+G677JKJoiBrW eRfv4CV1uy5h6AcczfVBy6iXkEjBQEemK4eW2ydl2CWs+UjKcXQxRLA459p5lZgIF0sZRWsb52x 8QNyBbxUlxcbk64d26Vze7UMqFKAWs1IjqgSiX6cRjRbQbVI6mG01SFU9SBNGqFk8CvPN4O9nGM ZMHAqy3uUnjP5zbiMdqOJHPOTBZ X-Received: by 2002:a05:600c:154d:b0:485:3989:b3e4 with SMTP id 5b1f17b1804b1-488d685b6ddmr7441365e9.6.1775776287247; Thu, 09 Apr 2026 16:11:27 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:26 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 15/30] curl: patch CVE-2026-1965 Date: Fri, 10 Apr 2026 01:10:15 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234974 From: Vijay Anusuri pick patches from ubuntu per [1] [1] https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz [2] https://ubuntu.com/security/CVE-2026-1965 [3] https://curl.se/docs/CVE-2026-1965.html Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2026-1965-1.patch | 98 +++++++++++++++++++ .../curl/curl/CVE-2026-1965-2.patch | 29 ++++++ meta/recipes-support/curl/curl_7.82.0.bb | 2 + 3 files changed, 129 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-1.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-2.patch diff --git a/meta/recipes-support/curl/curl/CVE-2026-1965-1.patch b/meta/recipes-support/curl/curl/CVE-2026-1965-1.patch new file mode 100644 index 00000000000..1d0f5c59e8d --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-1965-1.patch @@ -0,0 +1,98 @@ +From 34fa034d9a390c4bd65e2d05262755ec8646ac12 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 5 Feb 2026 08:34:21 +0100 +Subject: [PATCH] url: fix reuse of connections using HTTP Negotiate + +Assume Negotiate means connection-based + +Reported-by: Zhicheng Chen +Closes #20534 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/34fa034d9a390c4bd6] +Backported by Ubuntu team https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz + +CVE: CVE-2026-1965 +Signed-off-by: Vijay Anusuri +--- + lib/url.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 82 insertions(+), 5 deletions(-) + +--- a/lib/url.c ++++ b/lib/url.c +@@ -1145,6 +1145,18 @@ ConnectionExists(struct Curl_easy *data, + #endif + #endif + ++#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) ++ bool wantNegohttp = ++ (data->state.authhost.want & CURLAUTH_NEGOTIATE) && ++ (needle->handler->protocol & PROTO_FAMILY_HTTP); ++#ifndef CURL_DISABLE_PROXY ++ bool wantProxyNegohttp = ++ needle->bits.proxy_user_passwd && ++ (data->state.authproxy.want & CURLAUTH_NEGOTIATE) && ++ (needle->handler->protocol & PROTO_FAMILY_HTTP); ++#endif ++#endif ++ + *force_reuse = FALSE; + *waitpipe = FALSE; + +@@ -1496,6 +1508,57 @@ ConnectionExists(struct Curl_easy *data, + continue; + } + #endif ++ ++#ifdef USE_SPNEGO ++ /* If we are looking for an HTTP+Negotiate connection, check if this is ++ already authenticating with the right credentials. If not, keep looking ++ so that we can reuse Negotiate connections if possible. */ ++ if(wantNegohttp) { ++ if(Curl_timestrcmp(needle->user, check->user) || ++ Curl_timestrcmp(needle->passwd, check->passwd)) ++ continue; ++ } ++ else if(check->http_negotiate_state != GSS_AUTHNONE) { ++ /* Connection is using Negotiate auth but we do not want Negotiate */ ++ continue; ++ } ++ ++#ifndef CURL_DISABLE_PROXY ++ /* Same for Proxy Negotiate authentication */ ++ if(wantProxyNegohttp) { ++ /* Both check->http_proxy.user and check->http_proxy.passwd can be ++ * NULL */ ++ if(!check->http_proxy.user || !check->http_proxy.passwd) ++ continue; ++ ++ if(Curl_timestrcmp(needle->http_proxy.user, ++ check->http_proxy.user) || ++ Curl_timestrcmp(needle->http_proxy.passwd, ++ check->http_proxy.passwd)) ++ continue; ++ } ++ else if(check->proxy_negotiate_state != GSS_AUTHNONE) { ++ /* Proxy connection is using Negotiate auth but we do not want Negotiate */ ++ continue; ++ } ++#endif ++ if(wantNTLMhttp || wantProxyNTLMhttp) { ++ /* Credentials are already checked, we may use this connection. We MUST ++ * use a connection where it has already been fully negotiated. If it has ++ * not, we keep on looking for a better one. */ ++ chosen = check; ++ if((wantNegohttp && ++ (check->http_negotiate_state != GSS_AUTHNONE)) || ++ (wantProxyNegohttp && ++ (check->proxy_negotiate_state != GSS_AUTHNONE))) { ++ /* We must use this connection, no other */ ++ *force_reuse = TRUE; ++ break; ++ } ++ continue; /* get another */ ++ } ++#endif ++ + if(canmultiplex) { + /* We can multiplex if we want to. Let's continue looking for + the optimal connection to use. */ diff --git a/meta/recipes-support/curl/curl/CVE-2026-1965-2.patch b/meta/recipes-support/curl/curl/CVE-2026-1965-2.patch new file mode 100644 index 00000000000..fa5fefd2517 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-1965-2.patch @@ -0,0 +1,29 @@ +From f1a39f221d57354990e3eeeddc3404aede2aff70 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Sat, 21 Feb 2026 18:11:41 +0100 +Subject: [PATCH] url: fix copy and paste url_match_auth_nego mistake + +Follow-up to 34fa034 +Reported-by: dahmono on github +Closes #20662 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/f1a39f221d57354990] +Backported by Ubuntu team https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz + +CVE: CVE-2026-1965 +Signed-off-by: Vijay Anusuri +--- + lib/url.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/lib/url.c ++++ b/lib/url.c +@@ -1542,7 +1542,7 @@ ConnectionExists(struct Curl_easy *data, + continue; + } + #endif +- if(wantNTLMhttp || wantProxyNTLMhttp) { ++ if(wantNegohttp || wantProxyNegohttp) { + /* Credentials are already checked, we may use this connection. We MUST + * use a connection where it has already been fully negotiated. If it has + * not, we keep on looking for a better one. */ diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index b8fa8b5266a..0e107f1e753 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -71,6 +71,8 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2025-15079.patch \ file://CVE-2025-15224.patch \ file://CVE-2025-14524.patch \ + file://CVE-2026-1965-1.patch \ + file://CVE-2026-1965-2.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Thu Apr 9 23:10:16 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85754 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 87796F36B84 for ; Thu, 9 Apr 2026 23:11:40 +0000 (UTC) Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.145073.1775776290263508999 for ; Thu, 09 Apr 2026 16:11:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=AkSV4KoP; spf=pass (domain: smile.fr, ip: 209.85.128.66, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f66.google.com with SMTP id 5b1f17b1804b1-4887fd35e60so9749795e9.2 for ; Thu, 09 Apr 2026 16:11:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776288; x=1776381088; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=mHQ/4LWJhGkDYCDuIEIGCpAaK6+07wKzkT6vBVw3cXE=; b=AkSV4KoPWBlh82eunr/5TW+ufUuZKoYcZ/eWeWrRlCSbZIK/1/FSvx4FldNeITvwl6 vNUlO466gRf2PHOjJjhTCoGEQdC0450mh0BRZh8cr7ro8gHVcburSg+pvK2BLPjejo4v 5MK9+Q19ml0UN0gSdbnV8VzzLH10dLuS6I2tA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776288; x=1776381088; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=mHQ/4LWJhGkDYCDuIEIGCpAaK6+07wKzkT6vBVw3cXE=; b=IgFJiXmg4PzmH92M87lU7v1TWkqbA5TptbvzmEIaG6HuJ+EoXXVPMveaQV9gTVhQkm yVI0dI9uIx7RtOvsaRKrRruouN+d0KTHQo8bW+6l7KJ9hTMOALQBS5fJpVSpy3szXtBO SzJfGkjMJbKoT44nmAhl7NO19lZAj/S1F8Fm25N7lcJrXVvfKIQN9K/Bk1OsG1m3HLkD LskG+yf9n4Opa03lOwvpNFtWvM1SDW+BWEjH7+bzagRMjbnAdrthMGIWSWATVKSLUWZX J5nTxEBEavXrRyoSJ7YcsFy/usNsEMdsz7kLiihKftqbasDpY2IZxx/hpMtLc8O/HRec 5FgA== X-Gm-Message-State: AOJu0YzKjXxIiXfwEZqvwbsUFH437JW59cUCEjz5SqwmXxtunPQHj1AQ 9mTfOOnQZ8QtGwICu1pLSNnD69v8XaOcBgRZ17DURgHcPKNz87VYz+S4B2zZnt3wo2QY8o36cfS hLDW5lUL9m+oU X-Gm-Gg: AeBDiev/8QLbTYW7s6iYf9+GLRkob1hXdaM4IvBHefgdgd6oD06Piv8zkRrIEDj1h7K rVN6ex3tn70G3V3FBmJZrAePjCftNtmD0kqit9Z02k9iopLglE4Cqh3D/+Q6ribxqBm9GkMncwI 1xk9JV8NCrxh53AehxmntAjewPHjYcl9RdeDzWZ9uqbzNvLJlzLLqzxvmKiua/XVZEru89YQzhi dRG7WFxyhfiy993zMUhncx2ypgteaTXnbKQXdO+O/rEuHto7DIpyRtH7QXb3Ax9Sf28AHHB1g9L gtrlC+1+Rg1YT3UxGQoTN75KO1dx3fanRHCbpYsGvvIOr8TLLVpuAEx+mVNuodiEbUgc/4rTjiv I0/qeGDMwkJSAs1ey1i2FJYNMF9bfgpdgxmGC4U7rqhnpehb7gOM7b0+Ib+4e31XrGTNulB0Q+G oWiWRIMBQaFWgsSNVRNHWhBnXTsxU7JOcxwrmL9f0zI3mt3TUABpbXGWxC0R1rUbEDQeYxr/wo9 i8VA3V4d4TQjA64nyaX8Rh/GeoMaOyJ0D48fU0= X-Received: by 2002:a05:600d:d:b0:488:9e43:9690 with SMTP id 5b1f17b1804b1-488d67dbf4amr7513785e9.10.1775776288385; Thu, 09 Apr 2026 16:11:28 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:27 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 16/30] curl: patch CVE-2026-3783 Date: Fri, 10 Apr 2026 01:10:16 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234975 From: Vijay Anusuri CVE-2026-3783-pre1.patch is dependency patch for CVE-2026-3783.patch cherry picked from upstream commit: https://github.com/curl/curl/commit/d7b970e46ba29a7e558e21d19f485977ffed6266 https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877 Reference: https://curl.se/docs/CVE-2026-3783.html Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2026-3783-pre1.patch | 66 ++++++++ .../curl/curl/CVE-2026-3783.patch | 157 ++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 2 + 3 files changed, 225 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783.patch diff --git a/meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch b/meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch new file mode 100644 index 00000000000..746e5d9ab6c --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch @@ -0,0 +1,66 @@ +From d7b970e46ba29a7e558e21d19f485977ffed6266 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 29 Apr 2022 22:56:47 +0200 +Subject: [PATCH] http: move Curl_allow_auth_to_host() + +It was mistakenly put within the CURL_DISABLE_HTTP_AUTH #ifdef + +Reported-by: Michael Olbrich +Fixes #8772 +Closes #8775 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/d7b970e46ba29a7e558e21d19f485977ffed6266] +CVE: CVE-2026-3783 #Dependency Patch +Signed-off-by: Vijay Anusuri +--- + lib/http.c | 30 +++++++++++++++--------------- + 1 file changed, 15 insertions(+), 15 deletions(-) + +diff --git a/lib/http.c b/lib/http.c +index 0d5c449bc72a..b215307dcaaa 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -651,6 +651,21 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data) + return result; + } + ++/* ++ * Curl_allow_auth_to_host() tells if authentication, cookies or other ++ * "sensitive data" can (still) be sent to this host. ++ */ ++bool Curl_allow_auth_to_host(struct Curl_easy *data) ++{ ++ struct connectdata *conn = data->conn; ++ return (!data->state.this_is_a_follow || ++ data->set.allow_auth_to_other_hosts || ++ (data->state.first_host && ++ strcasecompare(data->state.first_host, conn->host.name) && ++ (data->state.first_remote_port == conn->remote_port) && ++ (data->state.first_remote_protocol == conn->handler->protocol))); ++} ++ + #ifndef CURL_DISABLE_HTTP_AUTH + /* + * Output the correct authentication header depending on the auth type +@@ -775,21 +790,6 @@ output_auth_headers(struct Curl_easy *data, + return CURLE_OK; + } + +-/* +- * Curl_allow_auth_to_host() tells if authentication, cookies or other +- * "sensitive data" can (still) be sent to this host. +- */ +-bool Curl_allow_auth_to_host(struct Curl_easy *data) +-{ +- struct connectdata *conn = data->conn; +- return (!data->state.this_is_a_follow || +- data->set.allow_auth_to_other_hosts || +- (data->state.first_host && +- strcasecompare(data->state.first_host, conn->host.name) && +- (data->state.first_remote_port == conn->remote_port) && +- (data->state.first_remote_protocol == conn->handler->protocol))); +-} +- + /** + * Curl_http_output_auth() setups the authentication headers for the + * host/proxy and the correct authentication diff --git a/meta/recipes-support/curl/curl/CVE-2026-3783.patch b/meta/recipes-support/curl/curl/CVE-2026-3783.patch new file mode 100644 index 00000000000..769198d6883 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-3783.patch @@ -0,0 +1,157 @@ +From e3d7401a32a46516c9e5ee877e613e62ed35bddc Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 6 Mar 2026 23:13:07 +0100 +Subject: [PATCH] http: only send bearer if auth is allowed + +Verify with test 2006 + +Closes #20843 + +Curl_auth_allowed_to_host() function got renamed from +Curl_allow_auth_to_host() by the commit +https://github.com/curl/curl/commit/72652c0613d37ce18e99cca17a42887f12ad43da + +Current curl version 7.82.0 has function Curl_allow_auth_to_host() + +Upstream-Status: Backport [https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877] +CVE: CVE-2026-3783 +Signed-off-by: Vijay Anusuri +--- + lib/http.c | 1 + + tests/data/Makefile.inc | 2 +- + tests/data/test2006 | 98 +++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 100 insertions(+), 1 deletion(-) + create mode 100644 tests/data/test2006 + +diff --git a/lib/http.c b/lib/http.c +index 691091b..6acd537 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -757,6 +757,7 @@ output_auth_headers(struct Curl_easy *data, + if(authstatus->picked == CURLAUTH_BEARER) { + /* Bearer */ + if((!proxy && data->set.str[STRING_BEARER] && ++ Curl_allow_auth_to_host(data) && + !Curl_checkheaders(data, STRCONST("Authorization")))) { + auth = "Bearer"; + result = http_output_bearer(data); +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index ad41a5e..e641cb8 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -221,7 +221,7 @@ test1916 test1917 test1918 \ + \ + test1933 test1934 test1935 test1936 test1937 test1938 test1939 \ + \ +-test2000 test2001 test2002 test2003 test2004 \ ++test2000 test2001 test2002 test2003 test2004 test2006 \ + \ + test2023 \ + test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \ +diff --git a/tests/data/test2006 b/tests/data/test2006 +new file mode 100644 +index 0000000..200d30a +--- /dev/null ++++ b/tests/data/test2006 +@@ -0,0 +1,98 @@ ++ ++ ++ ++ ++netrc ++HTTP ++ ++ ++# Server-side ++ ++ ++HTTP/1.1 301 Follow this you fool ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 6 ++Connection: close ++Location: http://b.com/%TESTNUMBER0002 ++ ++-foo- ++ ++ ++ ++HTTP/1.1 200 OK ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 7 ++Connection: close ++ ++target ++ ++ ++ ++HTTP/1.1 301 Follow this you fool ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 6 ++Connection: close ++Location: http://b.com/%TESTNUMBER0002 ++ ++HTTP/1.1 200 OK ++Date: Tue, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT ++ETag: "21025-dc7-39462498" ++Accept-Ranges: bytes ++Content-Length: 7 ++Connection: close ++ ++target ++ ++ ++ ++# Client-side ++ ++ ++http ++ ++ ++proxy ++ ++ ++.netrc default with redirect plus oauth2-bearer ++ ++ ++--netrc --netrc-file %LOGDIR/netrc%TESTNUMBER --oauth2-bearer SECRET_TOKEN -L -x http://%HOSTIP:%HTTPPORT/ http://a.com/ ++ ++ ++default login testuser password testpass ++ ++ ++ ++ ++ ++GET http://a.com/ HTTP/1.1 ++Host: a.com ++Authorization: Bearer SECRET_TOKEN ++User-Agent: curl/%VERSION ++Accept: */* ++Proxy-Connection: Keep-Alive ++ ++GET http://b.com/%TESTNUMBER0002 HTTP/1.1 ++Host: b.com ++User-Agent: curl/%VERSION ++Accept: */* ++Proxy-Connection: Keep-Alive ++ ++ ++ ++ +-- +2.25.1 + diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index 0e107f1e753..f50af1d4722 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -73,6 +73,8 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2025-14524.patch \ file://CVE-2026-1965-1.patch \ file://CVE-2026-1965-2.patch \ + file://CVE-2026-3783-pre1.patch \ + file://CVE-2026-3783.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Thu Apr 9 23:10:17 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85758 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id ECA7DF36B91 for ; Thu, 9 Apr 2026 23:11:41 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144836.1775776291306698915 for ; Thu, 09 Apr 2026 16:11:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=AvHpthUG; spf=pass (domain: smile.fr, ip: 209.85.128.67, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-488ba840146so13523875e9.1 for ; Thu, 09 Apr 2026 16:11:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776289; x=1776381089; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ImvltFtUT4cB6LZ4Yhh3fO4WvYNXpQvW2K3n+YAiVQk=; b=AvHpthUGaO9Tdie2v0Ezh8E0JonQ8lsUWuWr3C2xXlupghJTCMYuIin9PAgig1e5lR /MkioXfMKgioMBtOG+x9OQ//21Lrj/YMnvUPuJfrVW1HziVhsmWAB02R0JKLV9G7WPS7 PnsLddUdF+uKNsjuRw7ap5zwMhnpPrDYTtcfk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776289; x=1776381089; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ImvltFtUT4cB6LZ4Yhh3fO4WvYNXpQvW2K3n+YAiVQk=; b=P6xddTY2NdHKlLFDW2TNth3oKD33EPShHKt04+PLBslfFIt99SHsNNjMTdcaCfXEcN Mq1XKDx7mMFgzp7neiEzjT/tSBehqNS9HGPaixYY0Ttnw7mgyyeoFej2cl77YZlTTE9g CfJHqPkIHMJTsgFiR3iOKGj7oU16r/omKzstMIQ5T9Dz8aWCbcpo4v5dFm2s831w6YvI rlZXVcS+ECp1la3jyd6TTh5kp2iYQB7MyqCBe72/zheu0Noof2K464EOAZOE/KybhXcq rMuCo14bkCHCI33Pc4Vjwb8X4J+LDl1NA+9SVK+K/T4zVLJe30RDwd0dLu9ogrjkM5GF 1hNQ== X-Gm-Message-State: AOJu0YywiNxfyNavmXCjD+yhQbeabqCpc1j/wVKZ9FX/Cv1tGRScebeo fbjT/r5jIQ0/ahHGVbG8fyzbww4DhKOsdgse7mMfl9BRuGuUJW/+enIuCmptusqIZAyqXF7ovYA nY2najtmQfiwN X-Gm-Gg: AeBDietZiC6BrFrup9sjWz3J7o8khN58DanZzqidQPDRIIebBAx4NzRXJ5COggrL57w 84zJdSS0OyeIHmubFYkzSf+ZTqO/+jNUqGv7qyRzk78U8NDFf4LV+TwjPxMCE89oEfpnEoSD7iS qLXYg83wzMB+Kk/Um2JgR5MOa60guBmA4FVixJcoCGybDZ/6qp1osdNoRR9scR5EcglXV6VkYlL 0whcEXd8KtPW99/ckrVuysHQitZ9sykJuCxhebVQhlPVk9lbDlkOGuwhiMFmNf3WRrV9Q/5lDx+ l+LiSXotK8sU19hOp1Ubt6AGhGY8uG6FffbZaTyMwQaXg/w+3qXoDQ5JVp3uMDTw/Y79dp1CYrM RBRpC9iiilzauXRf0VrHpCSNmNNlx2pGdJy0iIFuXfC65Hv/RQDj702SK726CaVSyPgL5NXmgQ7 6XlmpnXy+8+ROsykPigbs7XYZ+2161iFloJdF0hzAF6kH3YNrpercbRuNRTdDiE3dgxqmjsGeRh 0mbSYfmaH5h540iVSYRfceqC02w X-Received: by 2002:a05:600c:630d:b0:488:79a3:f04c with SMTP id 5b1f17b1804b1-488d687cfd0mr8271595e9.27.1775776289390; Thu, 09 Apr 2026 16:11:29 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:28 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 17/30] curl: patch CVE-2026-3784 Date: Fri, 10 Apr 2026 01:10:17 +0200 Message-ID: <659a32145680054823581ddcf6412410247df108.1775775155.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234976 From: Vijay Anusuri pick patch from ubuntu per [1] [1] https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz [2] https://ubuntu.com/security/CVE-2026-3784 [3] https://curl.se/docs/CVE-2026-3784.html Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2026-3784.patch | 73 +++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 74 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3784.patch diff --git a/meta/recipes-support/curl/curl/CVE-2026-3784.patch b/meta/recipes-support/curl/curl/CVE-2026-3784.patch new file mode 100644 index 00000000000..95784e47637 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-3784.patch @@ -0,0 +1,73 @@ +From 5f13a7645e565c5c1a06f3ef86e97afb856fb364 Mon Sep 17 00:00:00 2001 +From: Stefan Eissing +Date: Fri, 6 Mar 2026 14:54:09 +0100 +Subject: [PATCH] proxy-auth: additional tests + +Also eliminate the special handling for socks proxy match. + +Closes #20837 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/5f13a7645e565c5c1a06f3] +Backported by Ubuntu team https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz + +CVE: CVE-2026-3784 +Signed-off-by: Vijay Anusuri +--- + lib/url.c | 28 +++++++--------------------- + tests/http/test_13_proxy_auth.py | 20 ++++++++++++++++++++ + tests/http/testenv/curl.py | 18 +++++++++++++++--- + 3 files changed, 42 insertions(+), 24 deletions(-) + +--- a/lib/url.c ++++ b/lib/url.c +@@ -930,33 +930,15 @@ proxy_info_matches(const struct proxy_in + { + if((data->proxytype == needle->proxytype) && + (data->port == needle->port) && +- Curl_safe_strcasecompare(data->host.name, needle->host.name)) +- return TRUE; ++ curl_strequal(data->host.name, needle->host.name)) { + ++ if(Curl_timestrcmp(data->user, needle->user) || ++ Curl_timestrcmp(data->passwd, needle->passwd)) ++ return FALSE; ++ return TRUE; ++ } + return FALSE; + } +- +-static bool +-socks_proxy_info_matches(const struct proxy_info *data, +- const struct proxy_info *needle) +-{ +- if(!proxy_info_matches(data, needle)) +- return FALSE; +- +- /* the user information is case-sensitive +- or at least it is not defined as case-insensitive +- see https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.1 */ +- +- /* curl_strequal does a case insentive comparison, so do not use it here! */ +- if(Curl_timestrcmp(data->user, needle->user) || +- Curl_timestrcmp(data->passwd, needle->passwd)) +- return FALSE; +- return TRUE; +-} +-#else +-/* disabled, won't get called */ +-#define proxy_info_matches(x,y) FALSE +-#define socks_proxy_info_matches(x,y) FALSE + #endif + + /* A connection has to have been idle for a shorter time than 'maxage_conn' +@@ -1282,8 +1264,8 @@ ConnectionExists(struct Curl_easy *data, + continue; + + if(needle->bits.socksproxy && +- !socks_proxy_info_matches(&needle->socks_proxy, +- &check->socks_proxy)) ++ !proxy_info_matches(&needle->socks_proxy, ++ &check->socks_proxy)) + continue; + #endif + if(needle->bits.conn_to_host != check->bits.conn_to_host) diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index f50af1d4722..a2ee5736810 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -75,6 +75,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2026-1965-2.patch \ file://CVE-2026-3783-pre1.patch \ file://CVE-2026-3783.patch \ + file://CVE-2026-3784.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Thu Apr 9 23:10:18 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85760 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6425BF36B93 for ; Thu, 9 Apr 2026 23:11:42 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144837.1775776292441666458 for ; Thu, 09 Apr 2026 16:11:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=SSfSB/sa; spf=pass (domain: smile.fr, ip: 209.85.128.67, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-488b0046078so14823105e9.1 for ; Thu, 09 Apr 2026 16:11:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776291; x=1776381091; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=dojgKuj1U3Ofmia7xnsKS6kU/Ct53OOxwo7dApi+roE=; b=SSfSB/saGQWAOFV2dnMhp6ZtDP718GR2pulIJSL/U3jRhBVSOG/Xwa3kdQ82jYr8DJ M7bUiEQtf8BmB4A5N3VfPyuoR4+QpUrQrXLm9t36CWq8UEfyhyVhO094d7BqRbfYdsG8 lPl1jV3qK5GSPuCaqfogdKGi9qiNSpBzRwQ5Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776291; x=1776381091; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=dojgKuj1U3Ofmia7xnsKS6kU/Ct53OOxwo7dApi+roE=; b=K7S8oMYBC4/Z3S0AsYeCIQq1jR/Jm4Ll+CZmSvVu/5URyjBwZRel4U/zrh2lJoteda XMvFIklgJ7dFgugLTV1KjAwjxWMgplZlp//o6rViI+dtQc2QkGewS/fpPap/eVUqNRB3 zweWJJaa6kv6KwNvZw8M7ZlrPAsn2IWr3s9KHz9d5qh3V1/n2uu+16dgNVhGfPlymFIx dbz8lWehnkLFr8qvWYT4pr1Es4HC9IwY3vYYILP8kV9NuzP6uqVZE+3d/YfqqKq52pCI mlho8/RwX85uDHfjgOrpNbEOHfki0IZViejZi+gfkmNu9DCCiGkHeO5PQ3S2IlXYvT72 vSaQ== X-Gm-Message-State: AOJu0Yzp0b3j/XOrcJi1XKE9388QQRAHTk5Y/BiwTRkb1mT+lUJcbxP2 OhFKN6TxU/0sdBrKsSmyLr+yjw8OKwZM+Z/WLZ7mt42cokUTLeT+wh6Nsr289vru1LNCtu3c7d6 +gyQsvFZRxXaO X-Gm-Gg: AeBDieu5P5uXbmfRjNtEIyePFKXHlHwy6Pk0OsTo83buOeR9wsROJMa2RdrzIdNjBeN E2qfUcr7jspRyYii6yeVjgqB6DIDai1cYAx/WCBI8aWfZPt9YnXDze5QV97ajz7cPh3r93F251x VL+v+QLVG/ytpRqLqYPkoWt9Habuq08PKNOmKYvfh7wjXbxet8xLmWc3tK93U+/83jAd5Lt68AQ h8a1yiFLCn/rCA2rk/ivcIar1i4gOlCaJSBMS9TsotuHtgB/m4kzz4GyQe+8GG9yJ7g69Dxfwap pDC2eSkqjUM2WtnW0fp+ZuS+oa369NFj1IUf9an5oNA1hoXt5auJhHGhPxO97FpUEhN9QP5JCK9 DoD/zQUP+QREz3+TSNpxBoMxK2V+vmg4EJKmPn3W54ME7Isfk4yE1PAEFY0nejBXA4lCqqZRyDD ZLWM+WRaZJk2nHzOmv9MVmUCTHSd+2VNKwUpNmI76gJ1VZbRY6fQ9C8AY9Mpk28kY8z3XtKo/5k wyPVl15iXtQhNmlpd/24WPLvCEJ X-Received: by 2002:a05:600c:8207:b0:488:a4d6:69ad with SMTP id 5b1f17b1804b1-488d688dd1bmr7392305e9.27.1775776290579; Thu, 09 Apr 2026 16:11:30 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:29 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 18/30] ncurses: fix for CVE-2025-69720 Date: Fri, 10 Apr 2026 01:10:18 +0200 Message-ID: <4a046b39185314ceafbc7846b9c00fb8984c71ce.1775775155.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234977 From: Hitendra Prajapati Pick relevant part of snapshot commit 20251213, see [1]. That has: add a limit-check in infocmp -i option (report/example by Yixuan Cao). [1] https://invisible-island.net/ncurses/NEWS.html#index-t20251213 References: 1. https://github.com/Cao-Wuhui/CVE-2025-69720 2. https://nvd.nist.gov/vuln/detail/CVE-2025-69720 3. https://access.redhat.com/errata/RHSA-2026:5913 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../ncurses/files/CVE-2025-69720.patch | 42 +++++++++++++++++++ .../ncurses/ncurses_6.3+20220423.bb | 1 + 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-core/ncurses/files/CVE-2025-69720.patch diff --git a/meta/recipes-core/ncurses/files/CVE-2025-69720.patch b/meta/recipes-core/ncurses/files/CVE-2025-69720.patch new file mode 100644 index 00000000000..d570b2007a7 --- /dev/null +++ b/meta/recipes-core/ncurses/files/CVE-2025-69720.patch @@ -0,0 +1,42 @@ +From 6f6db0e8fd14e40096a0ee6f8bdf32dedbd3fc9e Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati +Date: Mon, 6 Apr 2026 18:08:09 +0530 +Subject: [PATCH] add limit-check in infocmp + +origin : https://invisible-island.net/archives/ncurses/6.5/ncurses-6.5-20251213.patch.gz +Refer: https://github.com/Cao-Wuhui/CVE-2025-69720 +patch by : Thomas E. Dickey + +CVE: CVE-2025-69720 +Upstream-Status: Backport [https://github.com/ThomasDickey/ncurses-snapshots/commit/6f6db0e8fd14e40096a0ee6f8bdf32dedbd3fc9e] +Signed-off-by: Hitendra Prajapati +--- + progs/infocmp.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/progs/infocmp.c b/progs/infocmp.c +index 0ee0b958..538aca5a 100644 +--- a/progs/infocmp.c ++++ b/progs/infocmp.c +@@ -816,7 +816,7 @@ lookup_params(const assoc * table, char *dst, char *src) + static void + analyze_string(const char *name, const char *cap, TERMTYPE2 *tp) + { +- char buf2[MAX_TERMINFO_LENGTH]; ++ char buf2[MAX_TERMINFO_LENGTH + 1]; + const char *sp; + const assoc *ap; + int tp_lines = tp->Numbers[2]; +@@ -846,7 +846,8 @@ analyze_string(const char *name, const char *cap, TERMTYPE2 *tp) + if (VALID_STRING(cp) && + cp[0] != '\0' && + cp != cap) { +- len = strlen(cp); ++ if ((len = strlen(cp)) > MAX_TERMINFO_LENGTH) ++ len = MAX_TERMINFO_LENGTH; + _nc_STRNCPY(buf2, sp, len); + buf2[len] = '\0'; + +-- +2.50.1 + diff --git a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb index 68a845f27c8..15ea2756cdb 100644 --- a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb +++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb @@ -7,6 +7,7 @@ SRC_URI += "file://0001-tic-hang.patch \ file://CVE-2023-50495.patch \ file://CVE-2023-45918.patch \ file://CVE-2025-6141.patch \ + file://CVE-2025-69720.patch \ " # commit id corresponds to the revision in package version SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260" From patchwork Thu Apr 9 23:10:19 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85763 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4FD4F36B94 for ; Thu, 9 Apr 2026 23:11:42 +0000 (UTC) Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.145074.1775776293790314566 for ; Thu, 09 Apr 2026 16:11:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=FTC1YCPS; spf=pass (domain: smile.fr, ip: 209.85.128.65, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f65.google.com with SMTP id 5b1f17b1804b1-488b8bc6bc9so9839875e9.3 for ; Thu, 09 Apr 2026 16:11:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776292; x=1776381092; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Zotv0sVG2xdNQubgvj8WN++QpOSWag/mUgHyGkLX0Us=; b=FTC1YCPSJ93ehFtwEvcjmpmZQ05yrEGajCZruz3ipBzRapYc5DCUWC+ERLAZjCFj/j 9IdqZkhDR+opOhrnMiByrIajE6VtsSe13Ww1b6dNavY7Gay3NyslTWIW1BtJiVbGRedl bg30tQiyrj619pXHjYpewOui/otyoNrPTNlok= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776292; x=1776381092; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Zotv0sVG2xdNQubgvj8WN++QpOSWag/mUgHyGkLX0Us=; b=bcxHgzwBMGUkFqmSRHfiDZtIuy/inR+tjfnaCuD+YfHS6Q/TJP/huIUmlqgX8lY2FF 8/xaoqHGX4eevGprmxtVFZnEuWl0B6KMaNcs2oEK7DaSDw/G4kiReRbbhWNrEqHErsWM L0fD0bmjdudwN9ahmmq6O/gyzG2V8w9qqAMALOA7yWnDGwXcobS+Wk+Zc5pVNGaMp8kQ EHoLMjlytlktA6uJKayiDIw2CaRLCTC0DHj9xKNqACIZLH7olh5tNZY/uNGgG7ROPSfY kb4f/9rYQOneYDC2HSJriQebXkD8EjMO7vSP9GX+vlcfFAcudqzNUzZh0iHJilmL8YAd 9ouw== X-Gm-Message-State: AOJu0YyWTNk03Wby/OCSqo9GMWYICRRKB+8SP73Mf0Wda+wpAjZvOcLS 4ptpN3BOQF27lpIElO+aGb1/ng2bYWoeKrgEOYQQ1P53JcAkpDjN12GqkTUgeSSksxrSm4SdWHo eMbr6rhfKeoth X-Gm-Gg: AeBDiesqOGpjf6KMZndAwZWGsm6+XHODmnsMLAqsJDVoJvaDVp3AzJAi2sMRpa5A33b 88r14Uo1Z0eBxZw4AL/IYP/3OIY74VYnnz9U3hH3Gi7GK9Y7tFkxzGGvw9QTT+UV7mRkODWxUUk u9cJ1Nv2ocaAJZJX57nK+131UkPtFXZeMRK37RXX2siBleYFOAnUjwcqY/bF6ZyPbqAlJfUWDWw xpFfSHFxKkoI3t9k/6JfGrk3rouqM5fwUyEDnE1v2XULNgcFp5gTvDqg5/TSjI60vifupHptMfi E2TymNJz1WHHV3M0zQ2MRQ4aZyZCvVAV+ypR0kzyiQefVej/Y8QBg13jE/T/ncNX/vT7x9vivDF x5WyZmvVT3trVv1tnkfmB+tkq//pvPWtePOrvms4SYXcN0JJPooyEfnoHOzWHE9cX/Jg320lobY YXTWGOJvIOCbguAiPl04jTLIctCpIzltpY2482CSI2hdSilzpR46wg2aMNlab/e1dtbfO0gFXL0 UmDK+Zqz4DN+aAcX5kipPY0ECQaqpcgVzI8AaE= X-Received: by 2002:a05:600c:3150:b0:488:c80c:c236 with SMTP id 5b1f17b1804b1-488d68057f3mr8406605e9.5.1775776291675; Thu, 09 Apr 2026 16:11:31 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:30 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 19/30] recipes: Default to https git protocol for YP/OE repos Date: Fri, 10 Apr 2026 01:10:19 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234978 From: Yoann Congal This corresponds to the master commit 139102a73d41 ("recipes: Default to https git protocol where possible"). But only for the git.yoctoproject.org and git.openembedded.org repos. > The recommendation from server maintainers is that the https protocol > is both faster and more reliable than the dedicated git protocol at this point. > Switch to it where possible. Signed-off-by: Yoann Congal --- meta/lib/oeqa/selftest/cases/fetch.py | 2 ++ meta/lib/oeqa/selftest/cases/recipetool.py | 8 ++++---- meta/recipes-core/dbus-wait/dbus-wait_git.bb | 2 +- meta/recipes-core/images/build-appliance-image_15.0.0.bb | 2 +- meta/recipes-core/psplash/psplash_git.bb | 2 +- meta/recipes-core/update-rc.d/update-rc.d_0.8.bb | 2 +- meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +- meta/recipes-graphics/libfakekey/libfakekey_git.bb | 2 +- meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb | 2 +- meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb | 2 +- .../xcursor-transparent-theme_git.bb | 2 +- meta/recipes-kernel/kern-tools/kern-tools-native_git.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-dev.bb | 4 ++-- meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb | 4 ++-- meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb | 4 ++-- meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb | 4 ++-- meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb | 4 ++-- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 4 ++-- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 4 ++-- .../matchbox-config-gtk/matchbox-config-gtk_0.2.bb | 2 +- .../recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb | 2 +- .../matchbox-keyboard/matchbox-keyboard_0.1.1.bb | 2 +- .../matchbox-panel-2/matchbox-panel-2_2.11.bb | 2 +- .../matchbox-terminal/matchbox-terminal_0.2.bb | 2 +- .../matchbox-theme-sato/matchbox-theme-sato_0.2.bb | 2 +- meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb | 2 +- .../recipes-sato/settings-daemon/settings-daemon_0.0.2.bb | 2 +- meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb | 2 +- 28 files changed, 39 insertions(+), 37 deletions(-) diff --git a/meta/lib/oeqa/selftest/cases/fetch.py b/meta/lib/oeqa/selftest/cases/fetch.py index be14272e635..b5c09355fee 100644 --- a/meta/lib/oeqa/selftest/cases/fetch.py +++ b/meta/lib/oeqa/selftest/cases/fetch.py @@ -34,6 +34,7 @@ PREMIRRORS:forcevariable = "" # No mirrors and broken git, should fail features = """ DL_DIR = "%s" +SRC_URI:pn-dbus-wait = "git://git.yoctoproject.org/dbus-wait;branch=master;protocol=git" GIT_PROXY_COMMAND = "false" MIRRORS:forcevariable = "" PREMIRRORS:forcevariable = "" @@ -46,6 +47,7 @@ PREMIRRORS:forcevariable = "" # Broken git but a specific mirror features = """ DL_DIR = "%s" +SRC_URI:pn-dbus-wait = "git://git.yoctoproject.org/dbus-wait;branch=master;protocol=git" GIT_PROXY_COMMAND = "false" MIRRORS:forcevariable = "git://.*/.* http://downloads.yoctoproject.org/mirror/sources/" """ % dldir diff --git a/meta/lib/oeqa/selftest/cases/recipetool.py b/meta/lib/oeqa/selftest/cases/recipetool.py index a2d8d292ad5..adbf0c15f03 100644 --- a/meta/lib/oeqa/selftest/cases/recipetool.py +++ b/meta/lib/oeqa/selftest/cases/recipetool.py @@ -359,7 +359,7 @@ class RecipetoolCreateTests(RecipetoolBase): tempsrc = os.path.join(self.tempdir, 'srctree') os.makedirs(tempsrc) recipefile = os.path.join(self.tempdir, 'libmatchbox.bb') - srcuri = 'git://git.yoctoproject.org/libmatchbox' + srcuri = 'git://git.yoctoproject.org/libmatchbox;protocol=https' result = runCmd(['recipetool', 'create', '-o', recipefile, srcuri + ";rev=9f7cf8895ae2d39c465c04cc78e918c157420269", '-x', tempsrc]) self.assertTrue(os.path.isfile(recipefile), 'recipetool did not create recipe file; output:\n%s' % result.output) checkvars = {} @@ -512,13 +512,13 @@ class RecipetoolCreateTests(RecipetoolBase): self._test_recipetool_create_git('http://git.yoctoproject.org/git/matchbox-keyboard') def test_recipetool_create_git_srcuri_master(self): - self._test_recipetool_create_git('git://git.yoctoproject.org/matchbox-keyboard;branch=master') + self._test_recipetool_create_git('git://git.yoctoproject.org/matchbox-keyboard;branch=master;protocol=https') def test_recipetool_create_git_srcuri_branch(self): - self._test_recipetool_create_git('git://git.yoctoproject.org/matchbox-keyboard;branch=matchbox-keyboard-0-1') + self._test_recipetool_create_git('git://git.yoctoproject.org/matchbox-keyboard;branch=matchbox-keyboard-0-1;protocol=https') def test_recipetool_create_git_srcbranch(self): - self._test_recipetool_create_git('git://git.yoctoproject.org/matchbox-keyboard', 'matchbox-keyboard-0-1') + self._test_recipetool_create_git('git://git.yoctoproject.org/matchbox-keyboard;protocol=https', 'matchbox-keyboard-0-1') class RecipetoolTests(RecipetoolBase): diff --git a/meta/recipes-core/dbus-wait/dbus-wait_git.bb b/meta/recipes-core/dbus-wait/dbus-wait_git.bb index f2eb8b1874e..63d3447875d 100644 --- a/meta/recipes-core/dbus-wait/dbus-wait_git.bb +++ b/meta/recipes-core/dbus-wait/dbus-wait_git.bb @@ -11,7 +11,7 @@ SRCREV = "6cc6077a36fe2648a5f993fe7c16c9632f946517" PV = "0.1+git${SRCPV}" PR = "r2" -SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master" +SRC_URI = "git://git.yoctoproject.org/${BPN};protocol=https;branch=master" UPSTREAM_CHECK_COMMITS = "1" S = "${WORKDIR}/git" diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb index 544fbea80fe..8595412e501 100644 --- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -25,7 +25,7 @@ IMAGE_FSTYPES = "wic.vmdk wic.vhd wic.vhdx" inherit core-image setuptools3 SRCREV ?= "1aee6e9648661c1e6159127c2b6e4690576020f7" -SRC_URI = "git://git.yoctoproject.org/poky;branch=kirkstone \ +SRC_URI = "git://git.yoctoproject.org/poky;protocol=https;branch=kirkstone \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ file://README_VirtualBox_Guest_Additions.txt \ diff --git a/meta/recipes-core/psplash/psplash_git.bb b/meta/recipes-core/psplash/psplash_git.bb index 9532ed1534a..5420366d862 100644 --- a/meta/recipes-core/psplash/psplash_git.bb +++ b/meta/recipes-core/psplash/psplash_git.bb @@ -9,7 +9,7 @@ DEPENDS = "gdk-pixbuf-native" SRCREV = "44afb7506d43cca15582b4c5b90ba5580344d75d" PV = "0.1+git${SRCPV}" -SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master \ +SRC_URI = "git://git.yoctoproject.org/${BPN};protocol=https;branch=master \ file://psplash-init \ file://psplash-start.service \ file://psplash-systemd.service \ diff --git a/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb b/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb index ee491984293..6a86196f41f 100644 --- a/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb +++ b/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://update-rc.d;beginline=5;endline=15;md5=d40a07c27f535425934bb5001f2037d9" -SRC_URI = "git://git.yoctoproject.org/update-rc.d;branch=master" +SRC_URI = "git://git.yoctoproject.org/update-rc.d;protocol=https;branch=master" SRCREV = "8636cf478d426b568c1be11dbd9346f67e03adac" UPSTREAM_CHECK_COMMITS = "1" diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index 6ebe4f457ed..823d4f011be 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -1,6 +1,6 @@ require pseudo.inc -SRC_URI = "git://git.yoctoproject.org/pseudo;branch=master \ +SRC_URI = "git://git.yoctoproject.org/pseudo;protocol=https;branch=master \ file://fallback-passwd \ file://fallback-group \ " diff --git a/meta/recipes-graphics/libfakekey/libfakekey_git.bb b/meta/recipes-graphics/libfakekey/libfakekey_git.bb index 5d94be52b4f..7db54c10988 100644 --- a/meta/recipes-graphics/libfakekey/libfakekey_git.bb +++ b/meta/recipes-graphics/libfakekey/libfakekey_git.bb @@ -13,7 +13,7 @@ SECTION = "x11/wm" SRCREV = "7ad885912efb2131e80914e964d5e635b0d07b40" PV = "0.3+git${SRCPV}" -SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master" +SRC_URI = "git://git.yoctoproject.org/${BPN};protocol=https;branch=master" S = "${WORKDIR}/git" diff --git a/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb b/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb index b01b332a55b..f195ea233f6 100644 --- a/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb +++ b/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb @@ -17,7 +17,7 @@ DEPENDS = "virtual/libx11 libxext" #SRCREV for 1.12 SRCREV = "e846ee434f8e23d9db38af13c523f791495e0e87" -SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master" +SRC_URI = "git://git.yoctoproject.org/${BPN};protocol=https;branch=master" S = "${WORKDIR}/git" diff --git a/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb b/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb index 81704beac46..ce20283e6e8 100644 --- a/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb +++ b/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb @@ -12,7 +12,7 @@ DEPENDS = "libmatchbox virtual/libx11 libxext libxrender startup-notification ex # SRCREV tagged 1.2.2 SRCREV = "27da947e7fbdf9659f7e5bd1e92af92af6c03970" -SRC_URI = "git://git.yoctoproject.org/matchbox-window-manager;branch=master \ +SRC_URI = "git://git.yoctoproject.org/matchbox-window-manager;protocol=https;branch=master \ file://0001-Fix-build-with-gcc-10.patch \ file://kbdconfig" diff --git a/meta/recipes-graphics/xcursor-transparent-theme/xcursor-transparent-theme_git.bb b/meta/recipes-graphics/xcursor-transparent-theme/xcursor-transparent-theme_git.bb index 09fbc9b7983..1d04ad09746 100644 --- a/meta/recipes-graphics/xcursor-transparent-theme/xcursor-transparent-theme_git.bb +++ b/meta/recipes-graphics/xcursor-transparent-theme/xcursor-transparent-theme_git.bb @@ -10,7 +10,7 @@ SECTION = "x11/base" SRCREV = "23c8af5ba4a1b7efbaf0bbca59a65ff7e10a1a06" PV = "0.1.1+git${SRCPV}" -SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master" +SRC_URI = "git://git.yoctoproject.org/${BPN};protocol=https;branch=master" UPSTREAM_CHECK_COMMITS = "1" S = "${WORKDIR}/git" diff --git a/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb index 12f1cf516ee..3de1e7bae2a 100644 --- a/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb +++ b/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb @@ -16,7 +16,7 @@ PV = "0.3+git${SRCPV}" inherit native -SRC_URI = "git://git.yoctoproject.org/yocto-kernel-tools.git;branch=master" +SRC_URI = "git://git.yoctoproject.org/yocto-kernel-tools.git;protocol=https;branch=master" S = "${WORKDIR}/git" do_configure() { diff --git a/meta/recipes-kernel/linux/linux-yocto-dev.bb b/meta/recipes-kernel/linux/linux-yocto-dev.bb index 94800aeacac..d0549dabe5c 100644 --- a/meta/recipes-kernel/linux/linux-yocto-dev.bb +++ b/meta/recipes-kernel/linux/linux-yocto-dev.bb @@ -17,8 +17,8 @@ include recipes-kernel/linux/linux-yocto-dev-revisions.inc KBRANCH = "v5.18/standard/base" KMETA = "kernel-meta" -SRC_URI = "git://git.yoctoproject.org/linux-yocto-dev.git;branch=${KBRANCH};name=machine \ - git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=master;destsuffix=${KMETA}" +SRC_URI = "git://git.yoctoproject.org/linux-yocto-dev.git;protocol=https;branch=${KBRANCH};name=machine \ + git://git.yoctoproject.org/yocto-kernel-cache;protocol=https;type=kmeta;name=meta;branch=master;destsuffix=${KMETA}" # Set default SRCREVs. Both the machine and meta SRCREVs are statically set # to the korg v3.7 tag, and hence prevent network access during parsing. If diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index 772fc4e2ef2..b9f1605cf9b 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -14,8 +14,8 @@ python () { SRCREV_machine ?= "c8a23ffc90611d97d4e0d8b05e5aa30db4795e87" SRCREV_meta ?= "876ae2ac4c2844426ff953a696e455b44d953527" -SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ - git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" +SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;protocol=https;branch=${KBRANCH};name=machine \ + git://git.yoctoproject.org/yocto-kernel-cache;protocol=https;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LINUX_VERSION ?= "5.10.234" diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index ea763ce9aa1..7c8369cc874 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -14,8 +14,8 @@ python () { SRCREV_machine ?= "46e4e1200a4fa889438a2cc62151bb7f1057421a" SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" -SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ - git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" +SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;protocol=https;branch=${KBRANCH};name=machine \ + git://git.yoctoproject.org/yocto-kernel-cache;protocol=https;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LINUX_VERSION ?= "5.15.201" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index a78839e32e6..db6f9182db8 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -21,8 +21,8 @@ SRCREV_meta ?= "876ae2ac4c2844426ff953a696e455b44d953527" PV = "${LINUX_VERSION}+git${SRCPV}" -SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ - git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" +SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;protocol=https;branch=${KBRANCH};name=machine \ + git://git.yoctoproject.org/yocto-kernel-cache;protocol=https;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm|qemuarmv5)$" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 56853f481fa..358e3bbed3b 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -19,8 +19,8 @@ SRCREV_meta ?= "b75d71b7f2455467f2260d514040ccb44d4bdda5" PV = "${LINUX_VERSION}+git${SRCPV}" -SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ - git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" +SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;protocol=https;branch=${KBRANCH};name=machine \ + git://git.yoctoproject.org/yocto-kernel-cache;protocol=https;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm64|qemuarm|qemuarmv5)$" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb index db911b29524..74ae0db1a93 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -26,8 +26,8 @@ SRCREV_machine:qemumips64 ?= "4bae0f4714f4afc50c02ea884ec8ba6026d2ec16" SRCREV_machine ?= "0ef80b08429534f460a78de68ee5c6a05f722eb0" SRCREV_meta ?= "876ae2ac4c2844426ff953a696e455b44d953527" -SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \ - git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" +SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;protocol=https;name=machine;branch=${KBRANCH}; \ + git://git.yoctoproject.org/yocto-kernel-cache;protocol=https;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" LINUX_VERSION ?= "5.10.234" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 176d17e5736..0a770c81b76 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -35,8 +35,8 @@ SRCREV_machine:class-devupstream ?= "3330a8d33e086f76608bb4e80a3dc569d04a8814" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" -SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \ - git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" +SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;protocol=https;name=machine;branch=${KBRANCH}; \ + git://git.yoctoproject.org/yocto-kernel-cache;protocol=https;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" LINUX_VERSION ?= "5.15.201" diff --git a/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb b/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb index d951baf3610..9cb628c0ecc 100644 --- a/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb +++ b/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb @@ -11,7 +11,7 @@ RDEPENDS:${PN} = "settings-daemon" # SRCREV tagged 0.2 SRCREV = "ef2192ce98d9374ffdad5f78544c3f8f353c16aa" -SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master \ +SRC_URI = "git://git.yoctoproject.org/${BPN};protocol=https;branch=master \ file://no-handed.patch" UPSTREAM_CHECK_GITTAGREGEX = "(?P(\d+(\.\d+)+))" diff --git a/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb b/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb index b05a9c48ad4..95b525c5cd6 100644 --- a/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb +++ b/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb @@ -13,7 +13,7 @@ SECTION = "x11/wm" # SRCREV tagged 2.2 SRCREV = "6bc67d09da4147e5552fe30011a05a2c59d2f777" -SRC_URI = "git://git.yoctoproject.org/${BPN}-2;branch=master \ +SRC_URI = "git://git.yoctoproject.org/${BPN}-2;protocol=https;branch=master \ file://vfolders/ \ " diff --git a/meta/recipes-sato/matchbox-keyboard/matchbox-keyboard_0.1.1.bb b/meta/recipes-sato/matchbox-keyboard/matchbox-keyboard_0.1.1.bb index b1724675bab..6243d16a522 100644 --- a/meta/recipes-sato/matchbox-keyboard/matchbox-keyboard_0.1.1.bb +++ b/meta/recipes-sato/matchbox-keyboard/matchbox-keyboard_0.1.1.bb @@ -13,7 +13,7 @@ DEPENDS = "libfakekey expat libxft" #SRCREV for 0.1.1 SRCREV = "630d89068dc0a1e9199306d405cb32f892dfa4d3" -SRC_URI = "git://git.yoctoproject.org/${BPN};branch=matchbox-keyboard-0-1 \ +SRC_URI = "git://git.yoctoproject.org/${BPN};protocol=https;branch=matchbox-keyboard-0-1 \ file://0001-desktop-file-Hide-the-keyboard-from-app-list.patch \ file://80matchboxkeyboard.sh" diff --git a/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb b/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb index 3dec68b9638..d43aeea07ab 100644 --- a/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb +++ b/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb @@ -23,7 +23,7 @@ RPROVIDES:${PN} = "matchbox-panel" RREPLACES:${PN} = "matchbox-panel" RCONFLICTS:${PN} = "matchbox-panel" -SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master \ +SRC_URI = "git://git.yoctoproject.org/${BPN};protocol=https;branch=master \ file://0001-applets-systray-Allow-icons-to-be-smaller.patch \ " diff --git a/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb b/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb index 802ffa971bf..74e543b0b53 100644 --- a/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb +++ b/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb @@ -11,7 +11,7 @@ SECTION = "x11/utils" #SRCREV tagged 0.2 SRCREV = "161276d0f5d1be8187010fd0d9581a6feca70ea5" -SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master" +SRC_URI = "git://git.yoctoproject.org/${BPN};protocol=https;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "(?P(\d+(\.\d+)+))" S = "${WORKDIR}/git" diff --git a/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb b/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb index bc4024736f4..3a69ff847e5 100644 --- a/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb +++ b/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb @@ -2,7 +2,7 @@ require matchbox-theme-sato.inc # SRCREV tagged 0.2 SRCREV = "df085ba9cdaeaf2956890b0e29d7ea1779bf6c78" -SRC_URI = "git://git.yoctoproject.org/matchbox-sato;branch=master" +SRC_URI = "git://git.yoctoproject.org/matchbox-sato;protocol=https;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "(?P(\d+(\.\d+)+))" S = "${WORKDIR}/git" diff --git a/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb b/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb index eea7025c8d4..1709ab460b7 100644 --- a/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb +++ b/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb @@ -11,7 +11,7 @@ DEPENDS = "matchbox-panel-2 gtk+3" # SRCREV tagged 0.3 SRCREV = "9250fa5a012d84ff45984e8c4345ee7635227756" -SRC_URI = "git://git.yoctoproject.org/screenshot;branch=master" +SRC_URI = "git://git.yoctoproject.org/screenshot;protocol=https;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "(?P(\d+(\.\d+)+))" S = "${WORKDIR}/git" diff --git a/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb b/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb index 4356930da0d..33625f928d5 100644 --- a/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb +++ b/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb @@ -9,7 +9,7 @@ SECTION = "x11" # SRCREV tagged 0.0.2 SRCREV = "b2e5da502f8c5ff75e9e6da771372ef8e40fd9a2" -SRC_URI = "git://git.yoctoproject.org/xsettings-daemon;branch=master \ +SRC_URI = "git://git.yoctoproject.org/xsettings-daemon;protocol=https;branch=master \ file://addsoundkeys.patch \ file://70settings-daemon.sh \ " diff --git a/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb b/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb index 5a1d3299930..0dea9d67cab 100644 --- a/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb +++ b/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe" SRCREV = "bcb82804daa8f725b6add259dcef2067e61a75aa" PV .= "+git${SRCPV}" -SRC_URI = "git://git.yoctoproject.org/ptest-runner2;branch=master \ +SRC_URI = "git://git.yoctoproject.org/ptest-runner2;protocol=https;branch=master \ " S = "${WORKDIR}/git" From patchwork Thu Apr 9 23:10:20 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85753 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 92E02F36B87 for ; Thu, 9 Apr 2026 23:11:40 +0000 (UTC) Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144838.1775776294809129668 for ; Thu, 09 Apr 2026 16:11:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=tV1VSwUv; spf=pass (domain: smile.fr, ip: 209.85.128.65, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f65.google.com with SMTP id 5b1f17b1804b1-488a14c31eeso11150635e9.0 for ; Thu, 09 Apr 2026 16:11:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776293; x=1776381093; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hh1S4I66m4GVSBIIy1BtX/Md276XqDavCSzcnFAEIKc=; b=tV1VSwUvZtwFD3X2PFpuJyZwfsrkM68eRO6Vcnx7K676rOKXcNUGt7vPwBrOCYtyb+ ZOBZStK0D9EFnLWxkZVZW+/AE7ZZZA+2GZ3ggfr0lwVLRRuwcZV+Aki3bOrBNp1+q+6h KPfZ20rmJw4Cy6TnMl9hspJlsMjL57Cs3jv7s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776293; x=1776381093; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=hh1S4I66m4GVSBIIy1BtX/Md276XqDavCSzcnFAEIKc=; b=LBKh4UBjT+hgNf2yd9ixyiODlVrRSbg3iPgces4azrVHbMsKAbHwfoKgb/anTiVHNE GE7O1VHHCvc8SAkNCxGXG+9PvJ9NM89fWp3slmS6Mw6YHmxL0LxyXI+ynuA1CUcx15VI Qg93+8Y6hAQH8Qvi0y8q8LVkxgt9NBS6mbvVp2IHbHxtLnxt4lk8bpZWMjCdVSV5wmko jwRJYdXJ6kdhZqj1O4yOa6tFpb3Fheqzz/Fmbio/m0NzWN6y4CsozxRYCmK7Z4pE/vW7 qxjkzeSkblLaY2EeC+rQuD0ENBpj13yC+yi6oUcVP24mhXKYpROZO1/5YX8pN2oJhtmC ZAkQ== X-Gm-Message-State: AOJu0Yy/n86c3NcR3RwSHppBzTiAZdcYol5TdZpuKD6iP2ymQyOtlDDZ 6jcCpdG6dUx9Xd3+zrUqQDgMsRfGO2AFBxrfv3tD79N09ldenQLH3SdGd/k+pCbJM1ovNrBw29J VWCa8/q0dHHmG X-Gm-Gg: AeBDies5atst6YyDSd8QEnNklBUexUYfXAQ5mffSFrap7uMX3yiP4ijz+LSOYsIjZ5F s/6qZX6kMbC0pKUISkslJ7cyOCIewCWWlQu44D9O7GDKMmFvZoL7DiL57+RZuo1sy2LYiGXYoI8 Kz1MiHr4hrAB+rMUhhJO+UaJEEnGt3h11HNKIUQJ2LaE/Qwx2mum/36ye276fgTI3pglvOOWA3w mjos7YToYm6nsFsXEAAE4cH7KYiKqApVFzl1FSwBagiL3SAyV+qVTQNFL19rexvWhTBCn5x46kh OdUPD1rBNQxcOfQHSNSM6MPSGMILfg1da1dvpbpqKvVMUE9fp3OBkP7ScZcL7wQtV4ZA/PkP2aj ggt4C67UGnpAKq/YOrGkvU3XI6sd/wDomhZLDoclLHwnDyIHyo22OYeLHXbh9LyjvOqwaNIlOeC D40Lkib17ZwFxoqv4u3BNGd8N8J09dX/EqcXay+bFxnGt2mTJeMQgjePYM3baupVxR+CnTkY4lC m5CLJB39KcC6Fd16GEBFqKHH7B6 X-Received: by 2002:a05:600c:4e48:b0:486:fb0b:ad79 with SMTP id 5b1f17b1804b1-488d6858368mr7498195e9.20.1775776292934; Thu, 09 Apr 2026 16:11:32 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:31 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 20/30] oeqa/manual: Default to https git protocol for YP/OE repos Date: Fri, 10 Apr 2026 01:10:20 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234979 From: Yoann Congal Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"), > The recommendation from server maintainers is that the https protocol > is both faster and more reliable than the dedicated git protocol at this point. > Switch to it where possible. Signed-off-by: Yoann Congal --- meta/lib/oeqa/manual/crops.json | 2 +- meta/lib/oeqa/manual/eclipse-plugin.json | 2 +- meta/lib/oeqa/manual/toaster-unmanaged-mode.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/lib/oeqa/manual/crops.json b/meta/lib/oeqa/manual/crops.json index 5cfa6538432..cf6d19e6bf3 100644 --- a/meta/lib/oeqa/manual/crops.json +++ b/meta/lib/oeqa/manual/crops.json @@ -276,7 +276,7 @@ "expected_results": "this should output the directory of the devtool script and it should be within the sdk workdir you are working in. \n\n" }, "5": { - "action": " 4a) git clone git://git.openembedded.org/meta-openembedded in layers/build directory \n \n4b) Add meta-openembedded/meta-oe in bblayer.conf as mentioned below: ${SDKBASEMETAPATH}/layers/build/meta-openembedded/meta-oe \\ \n\n4c) devtool add \"npm://registry.npmjs.org;name=npm;version=2.2.0\" \n\n", + "action": " 4a) git clone https://git.openembedded.org/meta-openembedded in layers/build directory \n \n4b) Add meta-openembedded/meta-oe in bblayer.conf as mentioned below: ${SDKBASEMETAPATH}/layers/build/meta-openembedded/meta-oe \\ \n\n4c) devtool add \"npm://registry.npmjs.org;name=npm;version=2.2.0\" \n\n", "expected_results": " This should automatically create the recipe npm.bb under /recipes/npm/npm.bb \n\n" }, "6": { diff --git a/meta/lib/oeqa/manual/eclipse-plugin.json b/meta/lib/oeqa/manual/eclipse-plugin.json index 6c110d0656e..6f655a2ba90 100644 --- a/meta/lib/oeqa/manual/eclipse-plugin.json +++ b/meta/lib/oeqa/manual/eclipse-plugin.json @@ -246,7 +246,7 @@ ], "execution": { "1": { - "action": "Clone eclipse-poky source. \n \n - git clone git://git.yoctoproject.org/eclipse-poky \n\n", + "action": "Clone eclipse-poky source. \n \n - git clone https://git.yoctoproject.org/eclipse-poky \n\n", "expected_results": "Eclipse plugin is successfully installed \n\nDocumentation is there. For example if you have release yocto-2.0.1 you will found on https://downloads.yoctoproject.org/releases/yocto/yocto-2.0.1/eclipse-plugin/mars/ archive with documentation like org.yocto.doc-development-$date.zip \n \n" }, "2": { diff --git a/meta/lib/oeqa/manual/toaster-unmanaged-mode.json b/meta/lib/oeqa/manual/toaster-unmanaged-mode.json index 29d11a87d5b..3d1dba447b3 100644 --- a/meta/lib/oeqa/manual/toaster-unmanaged-mode.json +++ b/meta/lib/oeqa/manual/toaster-unmanaged-mode.json @@ -10,7 +10,7 @@ ], "execution": { "1": { - "action": "Set up yocto project and toaster test environment. \ncd ${installdir} \ngit clone git://git.yoctoproject.org/poky \n\n", + "action": "Set up yocto project and toaster test environment. \ncd ${installdir} \ngit clone https://git.yoctoproject.org/poky \n\n", "expected_results": "NA \n\n" }, "2": { From patchwork Thu Apr 9 23:10:21 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85757 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E7CBF36B88 for ; Thu, 9 Apr 2026 23:11:41 +0000 (UTC) Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144840.1775776296105420613 for ; Thu, 09 Apr 2026 16:11:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=qK1HkdXs; spf=pass (domain: smile.fr, ip: 209.85.128.65, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f65.google.com with SMTP id 5b1f17b1804b1-488b3f8fa2bso18118975e9.1 for ; Thu, 09 Apr 2026 16:11:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776294; x=1776381094; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=SgIyqMNlcqdB2Slzv2LSndHGiI0+jykFFYW2FWI32yQ=; b=qK1HkdXs4/T521nsw6tza8KFr15IEVXvPyocPZSOm6X3NWFrQct/19Yg2zWb5wm1DZ v+HgpdmLiQY9VJn/ArAGjPgQWxO1bFHzaA3cQ3UWnb5meyJTCN/aSQ+QK3+N+aB64ky5 Cqq73KnuL/1/ybYvOTJFmxChJs8dw1c3w0W7A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776294; x=1776381094; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=SgIyqMNlcqdB2Slzv2LSndHGiI0+jykFFYW2FWI32yQ=; b=jIudnMf/+BgtRU/HyxDH6GxJDRgvfv7k0zQfOfqfJqEYMMkCEM+daZn3/Ohn/rQsm7 tppq0iHw8uWXy6sb5WYS9++J66VLNGHH6xmYalm0Vd2ewhXdAwzUmy9I0yfm1tY4KcT0 V/SLaxVdBc9HpbrdGSj++PL3PWES+45bnOG37wqTrCaixObbpk9OJx2c5s09cgNxQfC3 vpgg8UxkxKG23bacnTksYaWoBoEWWTUVXxiJIxp8V81dGaXfSxP7lpXRwfXQia7jmXca L4cojqpljao9d9Tb+9uTPAVV/m08l5AgbHEi91YOS40cbn1quKtBA9SmbgdU6ifTNarI D78g== X-Gm-Message-State: AOJu0YzEyjh/boC5TbGw95g0Eg4NLuF2DJtXwYlyHYxI30nTbMH2aixe ed8kYD0azYrKATmczldD+1f3vM4A9+4lhOS/WbT9fv1oo75D4HpxkmXC8DTlpoE0nJqVAaweIEQ KCQp0wsObcqTl X-Gm-Gg: AeBDieuvLk512J+IwZMBpeDyHaFAmwu4nEisuxjhEGQwramzOUB4OwF2uv+6bnZAoEF V1VOi673sT+TG85vxCaEQ52diJ2Pz4jfA9MymLw15ZJjR4rZRtYVz5iZ6gbzaQelAoN/mipHNkv h/VC981tJ2XMYurSZp4egW3z2i6lxUynaBFJVfcTgyCkaBNsrBQTd79CcXDEas/QcyoIMgg/Rit pfkHXgnsPV+jb4Zgme/soe5TejRDR2VulXjtDDhbPSpgBIJ2iFqoVYz+iD0Mf1PrnRmf1FvHE+a 6fR8dyeMd0VinevJw1tUtEIunF80ktOt8lkXDEkPLlOHnU/Yvqs7/DPmpXmb7QFFbrxkFYKaSwi 8ylU2lZbsFRaBeBsmu+g2QNjvThsRyrSZsiqzibuhQYLg8dVPKQH7zMiX3VaJu+1lJXpZKhtwFq 3kpYVUCr9HPlSHBVbLa9q9Wn3obThvOQ1EsLyJkCX5MLrc8CSy+/FuOLTiDry+hmpPwE27BHESh o5erw3JdkjPhGxlk63kKL9aOYGQ X-Received: by 2002:a05:600c:a105:b0:485:fbd2:f72 with SMTP id 5b1f17b1804b1-488d681701fmr5166855e9.1.1775776294266; Thu, 09 Apr 2026 16:11:34 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:33 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 21/30] oeqa/sdk: Default to https git protocol for YP/OE repos Date: Fri, 10 Apr 2026 01:10:21 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234980 From: Yoann Congal Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"), > The recommendation from server maintainers is that the https protocol > is both faster and more reliable than the dedicated git protocol at this point. > Switch to it where possible. Signed-off-by: Yoann Congal --- meta/lib/oeqa/sdk/buildtools-docs-cases/build.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/lib/oeqa/sdk/buildtools-docs-cases/build.py b/meta/lib/oeqa/sdk/buildtools-docs-cases/build.py index 5b0eca046fa..264f813e076 100644 --- a/meta/lib/oeqa/sdk/buildtools-docs-cases/build.py +++ b/meta/lib/oeqa/sdk/buildtools-docs-cases/build.py @@ -13,5 +13,5 @@ class BuildTests(OESDKTestCase): """ def test_docs_build(self): with tempfile.TemporaryDirectory(prefix='docs-tarball-build-', dir=self.tc.sdk_dir) as testdir: - self._run('git clone git://git.yoctoproject.org/yocto-docs %s' % testdir) + self._run('git clone https://git.yoctoproject.org/yocto-docs %s' % testdir) self._run('cd %s/documentation && make html' % testdir) From patchwork Thu Apr 9 23:10:22 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85756 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6DF70F36B8B for ; Thu, 9 Apr 2026 23:11:41 +0000 (UTC) Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144841.1775776297099223266 for ; Thu, 09 Apr 2026 16:11:37 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=KU81oP7c; spf=pass (domain: smile.fr, ip: 209.85.128.65, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f65.google.com with SMTP id 5b1f17b1804b1-488b3f8fa2bso18119125e9.1 for ; Thu, 09 Apr 2026 16:11:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776295; x=1776381095; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=MQ1nnPZD4T81cHP4CPJAEtZLqfKwRd1IwiROmD+jMLs=; b=KU81oP7cd/Tj/gd8POHe+QIAS51JGPRiUfTNUfJ9P5Bg/hm6oE6bPzdeDK6MAKDWLQ lX+rkzHxmsF0/RokGOAWkNuBnY/TnBnshZrG4cQAjkkA1Vliarzdi5APAsoOhrCuebI0 mYM2n0CFHxlfGffdE9zu7TOTdTTnfVsVBf/Og= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776295; x=1776381095; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=MQ1nnPZD4T81cHP4CPJAEtZLqfKwRd1IwiROmD+jMLs=; b=mnXycWQASzacdlJR9TkPQk7i5GEkjoUOdFQssdo+Pn3mPHgs1e0olfno1x1uvPpu2G lO0+G2EHClRpZh0KwLOnb/N3EC+N7Y4qxSkVTpo2HUlZcLjYli2rDogRdKw8lIUlq6Ib tZYuvOE56JpMOqR2kmyxESHNfBkr71N7NJ7Ju99UjMFlECuSEEIcfUrOK/RwBlM6LmwR hkHsfA3Ga7L0dxotz3GvHj9QVkKU1hQwS8zmcLdBvj6SQFWs2vsfR1JADmk57KvhrhGq /NLmn2PU9LWv2Msd+M49+Ox59ak5dZTFfGC7KQSz2KDoDCJHB8NOHe3hvIjkYQDhrvKP WYBA== X-Gm-Message-State: AOJu0YwJwEugnZORbs1i8zjKI5EiShv351S24tb2v57D1U5ro8DKpOi/ ODgS9ajqSCetIafsh83HWS/GiWe3gXdM2jNMrh+WjilQlUo/CCbWhB1gmxq/kf0aMSRbWF//rMi R5EKvo1BY8542 X-Gm-Gg: AeBDietBXOsrrE01pz77tsrhKZdShxVah6+BMSkZDjgZhtk53EVC+9GxFcqAgmfopP+ aIBtOuTA8ZCXCKKtfluAfO1JNJ8XmADMZ4d2FS5gDXuWhNdLBJXu6ptMVeYskmSWjjCHxqfcpKu YY4OeFE7W2WrqihLtyDjMhj4z/V09ygNTQKjTzRA/2Wl9zjyFqhIjfAQF17luNSGRo5n/2GmPrT fOkOxILJig6hwIf7W/t6zmHZN7kyrgquCFW6O55TMvrFv3fXWgnbiKaw/bQyksqJsBhJaw87F6O KH7Zo5jR9mutXVZrVhD/apVByeX6P5+ANpz/9mOjcb9psE5/3ve2+BqmxaJEDkAWgFRPsgaXs/K YCJ14oZvd22n0M65LGAbnbTw2eQRaaB5FpaEPjAsL8uwLNWyl5BuVy9CbKGfXRfvPB9rbln/7As aOCPstkv0X/0p8biBPyi1k1UnO9VkkfNCfBJX4DcQRvd3+NBgts7+//8g2G4FqKpA2aXNduikC0 dIOQ5bcLt5a27KOi3Ggl22LbOBm X-Received: by 2002:a05:600d:8453:b0:46e:59bd:f7e2 with SMTP id 5b1f17b1804b1-488d68ae9b7mr5843955e9.11.1775776295224; Thu, 09 Apr 2026 16:11:35 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:34 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 22/30] scripts: Default to https git protocol for YP/OE repos Date: Fri, 10 Apr 2026 01:10:22 +0200 Message-ID: <97986a40346d7b5a13c0882674afacd98583108c.1775775155.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234981 From: Yoann Congal Following up on commit 139102a73d41 ("recipes: Default to https git protocol where possible"), > The recommendation from server maintainers is that the https protocol > is both faster and more reliable than the dedicated git protocol at this point. > Switch to it where possible. Signed-off-by: Yoann Congal --- scripts/combo-layer.conf.example | 4 ++-- scripts/contrib/patchtest.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/combo-layer.conf.example b/scripts/combo-layer.conf.example index 90e2b58723b..4ae3db45ab1 100644 --- a/scripts/combo-layer.conf.example +++ b/scripts/combo-layer.conf.example @@ -14,7 +14,7 @@ signoff = False # mandatory options # git upstream uri -src_uri = git://git.openembedded.org/bitbake +src_uri = https://git.openembedded.org/bitbake # the directory to clone the component repo local_repo_dir = /home/kyu3/src/test/bitbake @@ -76,7 +76,7 @@ last_revision = # that matches the original commit. [oe-core] -src_uri = git://git.openembedded.org/openembedded-core +src_uri = https://git.openembedded.org/openembedded-core local_repo_dir = /home/kyu3/src/test/oecore dest_dir = . last_revision = diff --git a/scripts/contrib/patchtest.sh b/scripts/contrib/patchtest.sh index b1e1ea334b9..550b6a88f3c 100755 --- a/scripts/contrib/patchtest.sh +++ b/scripts/contrib/patchtest.sh @@ -75,8 +75,8 @@ source $PTENV/bin/activate cd $PTENV # clone or pull -clone git://git.yoctoproject.org/patchtest $PT -clone git://git.yoctoproject.org/patchtest-oe $PTOE +clone https://git.yoctoproject.org/patchtest $PT +clone https://git.yoctoproject.org/patchtest-oe $PTOE # install requirements pip install -r $PT/requirements.txt --quiet From patchwork Thu Apr 9 23:10:23 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85755 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 808C8F36B8D for ; Thu, 9 Apr 2026 23:11:41 +0000 (UTC) Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.145077.1775776298237447514 for ; Thu, 09 Apr 2026 16:11:38 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=eHj2BFRr; spf=pass (domain: smile.fr, ip: 209.85.128.66, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f66.google.com with SMTP id 5b1f17b1804b1-488b0e1b870so20793385e9.2 for ; Thu, 09 Apr 2026 16:11:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776296; x=1776381096; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=tKZ9G/NdOtagwAPvJOKTWSQfsxyhuSqzb1tWjjrrk6I=; b=eHj2BFRrTojnxEeWns4xx2mEGKh9MZaFV66soa0dbaa0amhQIfFL2waeylBz4rO1Td trVLTCdxHqCqPSc4pTga/7G++vMRvtIcLky0am8DUtApjujuC5oHTBZGLLO1YpvIfwcv fCubAFQ6c7a8vsBqh+5chxjv3+oLGcFJbulJ4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776296; x=1776381096; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=tKZ9G/NdOtagwAPvJOKTWSQfsxyhuSqzb1tWjjrrk6I=; b=T10UdJyqSMNLCLdGFHjXBaZASQPqL1z3K/0qrc3bGyTQq6YLGtUnNvqNDea2eLq2ke hV8K4UgHO/KWy+bopxdcjddS+ttwitM/ElrJVRKsf1wKxptz92M3fZ3Zk8+Xn9Er+gs3 blHNSDwFupv5Jv6EyBNwL+ep6OFqYmDs5KhvWB8RiPBtyQSBP8pAF7YPLSB9I7pKSHKl SM3QiZVZWA/NJ1fTReiPSxNGZXJDU8A+f4OQl43+/UdJVwqNZqTcviAZ/EWObR7Y1HN0 08C4wYUunjzZkY/r4OJpVqO4s6QAjW79LYjT0qByEuArBiGx3icPDNEjRcqKP7Tz4Fnl GieA== X-Gm-Message-State: AOJu0YxSP+WYEZ+7ofl9qfZSFlbMffdN7V/h5T43WeeCnET3UrV0isSR wS7N/3hYjbsuYZoqFDf8FnI9AFwuG/GPS2f4HkNi/cO9JpID/5hf4+VfKIvDgaeOfBStbLhFP46 L7NHLSGvIBvEd X-Gm-Gg: AeBDieshxsgJEsIw+QtXpsqYKS6N/Kh4wZcCv2/chiwD5t32FJQerLO+P6JqcJdAa2p mDuE5lFYX6lisa6W2d2Z4x0zXpi8nvgUiOELxX+5/kAgtwXc187gFFSMduxAnzmTt1hhHgRgpXj 9FEK5tIDEXZiE7RI6rurwKk9/xO3RdnVPol6irn0VqU06hfZs1S9y98fUUYesFUKGnfRgYVZp8l 7LeM3dezKDAqIs8VHQo2ZCUgv/ANzO25qdYyoIuJDd3tL11xJhViHlzLXyD67e6KWV9bpMr6bqC opEsG8Tt4N2EHU7cQ5EBfIEWp+7fSG88+/4cNil2X1wsbVEkXNtJNcqgUkjY17oX5z2DX0syfNf cRtCCcp2OJNj7MFS+svZW+1xIrG6WRM7YVTN5qOtxCLB04m8BfngwBQD17CiwLZ1x1UkAsnqHJo uNXiQfm+2PMD4zeGTEbEb2SfK4J8Lg59fv+fqKqHKP4+IqEXMsoyXlOsVQmgjlKS7A5fao0MIz1 cL+8FAbl+c5Fu1ISLWQfaxs0Yfd X-Received: by 2002:a05:600c:8907:b0:488:80b6:873a with SMTP id 5b1f17b1804b1-488d6860bc3mr5265755e9.21.1775776296371; Thu, 09 Apr 2026 16:11:36 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:35 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 23/30] recipetool: Recognise https://git. as git urls Date: Fri, 10 Apr 2026 01:10:23 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234982 From: Richard Purdie If a url has git. in it, assume it is likely to be a git cloneable url and should be treated as such. This allows us to switch from https://git.yoctoproject.org/git/XXX urls to the preferred https://git.yoctoproject.org/XXX form. Signed-off-by: Richard Purdie (cherry picked from commit cedc9209e3bae0da8d61423b16c74c49a132aa63) Signed-off-by: Yoann Congal --- scripts/lib/recipetool/create.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py index 7b4c501456b..c4b99619f5e 100644 --- a/scripts/lib/recipetool/create.py +++ b/scripts/lib/recipetool/create.py @@ -366,7 +366,7 @@ def supports_srcrev(uri): def reformat_git_uri(uri): '''Convert any http[s]://....git URI into git://...;protocol=http[s]''' checkuri = uri.split(';', 1)[0] - if checkuri.endswith('.git') or '/git/' in checkuri or re.match('https?://git(hub|lab).com/[^/]+/[^/]+/?$', checkuri): + if checkuri.endswith('.git') or '/git/' in checkuri or re.match('https?://git(hub|lab).com/[^/]+/[^/]+/?$', checkuri) or re.match(r'https?://git\..*', checkuri): # Appends scheme if the scheme is missing if not '://' in uri: uri = 'git://' + uri From patchwork Thu Apr 9 23:10:24 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85759 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D414CF36B8F for ; Thu, 9 Apr 2026 23:11:41 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144843.1775776299198618181 for ; Thu, 09 Apr 2026 16:11:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=SONgqdwB; spf=pass (domain: smile.fr, ip: 209.85.128.67, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-48896199cbaso14892355e9.1 for ; Thu, 09 Apr 2026 16:11:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776297; x=1776381097; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0DVlFTt23UZW7nMuKmtGRGfHeZMVOI9dd39Hy0hpyIQ=; b=SONgqdwBh2bdE4H9oyzqtjp1iOGoKhMPsQQp37lwbfYN5fzcQjl9/aGIi30pHGLAFy w/FERjMSQL0rXaw928kpt1ZqFxlViUp2S5MF9gNzrrWk23hAZ6XEd1O3iyB4+2FE9FjC WCuYVy7HkOtjlnbziV7eGLPgW3Cc3de8+j94Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776297; x=1776381097; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=0DVlFTt23UZW7nMuKmtGRGfHeZMVOI9dd39Hy0hpyIQ=; b=m1kyO9zbp7I4gE61lZbJQDDaGhMXF8GQIpDTgvRvqSWRUCY84hkM7VfAQ3yynJHWX4 6a6e8ZaeUePyx52kQaKOKge5V84mEtsZ8Nd469KRpCfbvQPcJ5I5eQjqGLlvIulBhv/e E0RiNbuWegc2OLvyds9vCvoNtLsprXkqJfXBpc7M+2OAEed2LlvUK52DQb3g+pnKheTY EvS+j7XI1Ov5R2STEx+M32NkQbhx7yDiwB7GGuKETcZtlJzsdyd+Pu3kWznxh7Ot+NOb yQUYjTMV28fnm/jt0Zp5xtoDT9/HmAHjFz3B/GcKbzA1PDiFwfsra2gRNI7kasSqoTz4 IbXg== X-Gm-Message-State: AOJu0YyXvta1I2//uMDhv0Em0CS6f/AmK+EZhMfj3Hobi2n9KdKigbPE RfcEFgZCLt2TS2z8kERLd1BhpXn0hjYGVUYKwpZIhct2REVChpmxAcIV+2N+qIZVe7IybyYrefQ cE1h1nsG1lEwe X-Gm-Gg: AeBDieuMR4jXAiJqi1tLMxfciRi12Qw0Yfnwc4AAR8D1//dTJINwJCv751JNwGjeJ69 DkOiSZhFbbl0fVkG/2W9sINLx0lcEPykn3gB6EU8aT70Oatm4/XSvaEbukCOmAudz+VIU8M1lM6 24mTOYWiThVxkx3EztZ9I8S6IGGfnSLVYN8GgaRfCZf8A6khsbzHKc46ci1ktZnutbIiu0D4yEo 1AopLgull5amWEkLbggtzWT5ror0V+RN/HlYxyzdVkaSMtCir07WGKXUONNCUYuM2K8rWnf+mVC kWgYweRS8D0jA70WzBIPDbma/SrPu2ZccT2d9UhcPMcFG/BWONaO97pDB6EV2JGQMhKSHH5UF8a ZFQENdEd1Kl8B7EDb+8Qb/f3C14iOdjDoM03JrLdZcEeWh/37KIRcFzedIdJ0WLQOAU+bN5t/uY VLRClCdoqWX2P3yV3FcAYs1SaNHUh8ixOc7bLOuiZgtLaijnUfqQHmu0A/Ic64zRDLi6g+vjXWY ku8K0Fhk2SnEzkGmjxm44hfERsX X-Received: by 2002:a05:600c:198c:b0:485:3fd1:9936 with SMTP id 5b1f17b1804b1-488d67b8d43mr7544405e9.5.1775776297286; Thu, 09 Apr 2026 16:11:37 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:36 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 24/30] selftest/scripts: Update old git protocol references Date: Fri, 10 Apr 2026 01:10:24 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234983 From: Richard Purdie git protocol accesses to our infrastructure are currently struggling and this has highlighted a number of places we're making those obsolete access forms. Update them to use https instead of the git protocol since it is preferred and more reliable. The devtool test needed quoting to handle the ';' in the url. The -f option to devtool also shows a deprecation warning so remove that. There were internal references to git protocol urls inside the nested git submodules test report, which means those repos need updating to use new git revisions. Signed-off-by: Richard Purdie (cherry picked from commit 1ceba42623c5187d2f5a100d6a523abcdc75d34e) Signed-off-by: Yoann Congal --- .../recipes-test/devtool/devtool-upgrade-test2_git.bb | 2 +- .../devtool/devtool-upgrade-test2_git.bb.upgraded | 2 +- meta/lib/oeqa/selftest/cases/devtool.py | 4 ++-- meta/lib/oeqa/selftest/cases/externalsrc.py | 2 +- meta/lib/oeqa/selftest/cases/sstatetests.py | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb index 203f4b61c2e..bc3690a8e3d 100644 --- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb +++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb @@ -11,7 +11,7 @@ SRCREV = "1a3e1343761b30750bed70e0fd688f6d3c7b3717" PV = "0.1+git${SRCPV}" PR = "r2" -SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master" +SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master;protocol=https" UPSTREAM_CHECK_COMMITS = "1" RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature" diff --git a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded index 3d45fc48572..c0eda290892 100644 --- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded +++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded @@ -10,7 +10,7 @@ DEPENDS = "dbus" SRCREV = "6cc6077a36fe2648a5f993fe7c16c9632f946517" PV = "0.1+git${SRCPV}" -SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master" +SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master;protocol=https" UPSTREAM_CHECK_COMMITS = "1" RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature" diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py index dc0fc35062e..16660d46e2e 100644 --- a/meta/lib/oeqa/selftest/cases/devtool.py +++ b/meta/lib/oeqa/selftest/cases/devtool.py @@ -517,7 +517,7 @@ class DevtoolAddTests(DevtoolBase): def test_devtool_add_fetch_git(self): tempdir = tempfile.mkdtemp(prefix='devtoolqa') self.track_for_cleanup(tempdir) - url = 'gitsm://git.yoctoproject.org/mraa' + url = 'gitsm://git.yoctoproject.org/mraa;protocol=https' url_branch = '%s;branch=master' % url checkrev = 'ae127b19a50aa54255e4330ccfdd9a5d058e581d' testrecipe = 'mraa' @@ -526,7 +526,7 @@ class DevtoolAddTests(DevtoolBase): self.track_for_cleanup(self.workspacedir) self.add_command_to_tearDown('bitbake -c cleansstate %s' % testrecipe) self.add_command_to_tearDown('bitbake-layers remove-layer */workspace') - result = runCmd('devtool add %s %s -a -f %s' % (testrecipe, srcdir, url)) + result = runCmd('devtool add %s %s -a "%s"' % (testrecipe, srcdir, url)) self.assertExists(os.path.join(self.workspacedir, 'conf', 'layer.conf'), 'Workspace directory not created: %s' % result.output) self.assertTrue(os.path.isfile(os.path.join(srcdir, 'imraa', 'imraa.c')), 'Unable to find imraa/imraa.c in source directory') # Test devtool status diff --git a/meta/lib/oeqa/selftest/cases/externalsrc.py b/meta/lib/oeqa/selftest/cases/externalsrc.py index 1d800dc82ca..c127d254e36 100644 --- a/meta/lib/oeqa/selftest/cases/externalsrc.py +++ b/meta/lib/oeqa/selftest/cases/externalsrc.py @@ -17,7 +17,7 @@ class ExternalSrc(OESelftestTestCase): # so we check only that a recipe with externalsrc can be parsed def test_externalsrc_srctree_hash_files(self): test_recipe = "git-submodule-test" - git_url = "git://git.yoctoproject.org/git-submodule-test" + git_url = "https://git.yoctoproject.org/git-submodule-test" externalsrc_dir = tempfile.TemporaryDirectory(prefix="externalsrc").name self.write_config( diff --git a/meta/lib/oeqa/selftest/cases/sstatetests.py b/meta/lib/oeqa/selftest/cases/sstatetests.py index 4a32af902fb..831991dee8f 100644 --- a/meta/lib/oeqa/selftest/cases/sstatetests.py +++ b/meta/lib/oeqa/selftest/cases/sstatetests.py @@ -31,7 +31,7 @@ class SStateTests(SStateBase): # Use dbus-wait as a local git repo we can add a commit between two builds in pn = 'dbus-wait' srcrev = '6cc6077a36fe2648a5f993fe7c16c9632f946517' - url = 'git://git.yoctoproject.org/dbus-wait' + url = 'https://git.yoctoproject.org/dbus-wait' result = runCmd('git clone %s noname' % url, cwd=tempdir) srcdir = os.path.join(tempdir, 'noname') result = runCmd('git reset --hard %s' % srcrev, cwd=srcdir) From patchwork Thu Apr 9 23:10:25 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85761 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED02BF36B96 for ; Thu, 9 Apr 2026 23:11:42 +0000 (UTC) Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144844.1775776300250012882 for ; Thu, 09 Apr 2026 16:11:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=e3GdHr3j; spf=pass (domain: smile.fr, ip: 209.85.128.66, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f66.google.com with SMTP id 5b1f17b1804b1-488ab2db91aso20436645e9.3 for ; Thu, 09 Apr 2026 16:11:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776298; x=1776381098; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=MOA+lcpkkX7qBYMZd0N3H+RNwXUj10llQ4rbfdVFrog=; b=e3GdHr3j3I859a2LRqICbAh4O5HmfqVIYFSm7iQpEdU/KR+h8gDFJalKxJig9O9Jlx jV7hx+wh7g+ZG6HrKdsdJMGhsYfTBelLe7RPTYWSw2t0GTXdp2BaGR1VzyOJWFYtqNz6 T9q7UFGuZRibXdyiHANmCFYxj38Cemf45z6n4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776298; x=1776381098; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=MOA+lcpkkX7qBYMZd0N3H+RNwXUj10llQ4rbfdVFrog=; b=TykTjx83ACfKiMPetTRjA0T5wmFmhCusz6pmcGhbaeYDwfWUnE93/0UC7w6LxLxCNm iveH43rnN3p/EZ2c7gKh5hyrsFuylIGSM/fiqiWWwtTau0fillcIvBgzTmOEhQ/9FQ1y i4GOStZhNPs9edHqJmexa+4RzysElqESp6CDxapAAjr+i5pV8mS5bzaSbpLKTUEYAtnR pu2PLsr3pC7QMTMC4cnzQ9ldmJK5lK2r3Mc44VXcYNizgn2l3mbsUujyP5WEt7AvU3+R G2iFR6irSKUODp8RTZQrxGwg7UbojoMfF9Pyguci1MunwgI17aTuX4kkYFr2BrwksQXZ morg== X-Gm-Message-State: AOJu0YzNyZIhe67BPzi1hbIWPXfCPBPeLhVt9UnMJ5d1Mg8sv0ZMh2wk 4C9idm/xe6IZannadmDP/S+QVG3Pmkjt29BJCj8M6VF4rxhmMdCDTy/XnU/a7QFY5hgNBNJ6Nz1 tqSegUC62kMXT X-Gm-Gg: AeBDievGe3Fj848QrYVcX/9a6CIaFPIZVp9ToO5lTAxMQK/TkqPufuj0I7ppzq2+idh BJ2KcjXvz2rJAJ9rDBHw7/pv7eJC7bU7uIUC7cJVvuvxViR5xhGvN0WoXH44fUb3FxjmwhGcxij b+xFI4DckgV7XjAacxFUl9tQPOnarYh3a52Ugl/RhoNzrpBPpR/P3V+XTwP8de4ZA4aXkvQm7qQ M3Y+2Tj2dh4Z/3HYhs1da4oPOQWfGuAN1Otw28YS0r/KThQB6/MhkB6gveZoCLuuDBixSwd7azx hPblikliRjlOksgiTyMhzk9sW6soPgTzNohdwSH9vH++hFn6FqXtZkQ7sU/fhAkXl7DTB2Zxi// t/VnK8iX/FJ1wkiiGFeUUsPQo46GCZlQXPu+ubkDcvPzTSKUYdE8j265QB6CqaIVoBAQOzZ48sC B0qTGqWFWcOfSle5/bnNKFuzHJw4UeMYGQaTUNRp4dG2z3q+6oA0feiMOVA9Xmfzi32h99QogDZ Asd54dt8NjMPF7SkqVa8y8sirI8+a/BWlk+ApU= X-Received: by 2002:a05:600c:3150:b0:486:fcc7:d6a with SMTP id 5b1f17b1804b1-488d67f4c4dmr8818185e9.13.1775776298462; Thu, 09 Apr 2026 16:11:38 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:37 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 25/30] vim: Fix CVE-2026-25749 Date: Fri, 10 Apr 2026 01:10:25 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234984 From: Hitendra Prajapati Pick patch from [1] also mentioned in [2] [1] https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-25749 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../vim/files/CVE-2026-25749.patch | 64 +++++++++++++++++++ meta/recipes-support/vim/vim.inc | 1 + 2 files changed, 65 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2026-25749.patch diff --git a/meta/recipes-support/vim/files/CVE-2026-25749.patch b/meta/recipes-support/vim/files/CVE-2026-25749.patch new file mode 100644 index 00000000000..8b04379b9b7 --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-25749.patch @@ -0,0 +1,64 @@ +From e0065a61a42bdff9c75aa18104f8ff546938395f Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Thu, 5 Feb 2026 18:51:54 +0000 +Subject: [PATCH] patch 9.1.2132: [security]: buffer-overflow in 'helpfile' + option handling + +Problem: [security]: buffer-overflow in 'helpfile' option handling by + using strcpy without bound checks (Rahul Hoysala) +Solution: Limit strncpy to the length of the buffer (MAXPATHL) + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43 + +CVE: CVE-2026-25749 +Upstream-Status: Backport [https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9] + +Backport Changes: +- Excluded changes to src/version.c and runtime/doc/version9.txt + from this backport. This file only tracks upstream version increments. + We are applying a security fix, not a version upgrade. These changes + were skipped to maintain current package versioning and avoid merge conflicts. + +Signed-off-by: Christian Brabandt +(cherry picked from commit 0714b15940b245108e6e9d7aa2260dd849a26fa9) +Signed-off-by: Anil Dongare +--- + src/tag.c | 2 +- + src/testdir/test_help.vim | 9 +++++++++ + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/tag.c b/src/tag.c +index 6912e8743..a32bbb245 100644 +--- a/src/tag.c ++++ b/src/tag.c +@@ -3348,7 +3348,7 @@ get_tagfname( + if (tnp->tn_hf_idx > tag_fnames.ga_len || *p_hf == NUL) + return FAIL; + ++tnp->tn_hf_idx; +- STRCPY(buf, p_hf); ++ vim_strncpy(buf, p_hf, MAXPATHL - 1); + STRCPY(gettail(buf), "tags"); + #ifdef BACKSLASH_IN_FILENAME + slash_adjust(buf); +diff --git a/src/testdir/test_help.vim b/src/testdir/test_help.vim +index dac153d86..f9e4686bb 100644 +--- a/src/testdir/test_help.vim ++++ b/src/testdir/test_help.vim +@@ -222,4 +222,13 @@ func Test_helptag_navigation() + endfunc + + ++" This caused a buffer overflow ++func Test_helpfile_overflow() ++ let _helpfile = &helpfile ++ let &helpfile = repeat('A', 5000) ++ help ++ helpclose ++ let &helpfile = _helpfile ++endfunc ++ + " vim: shiftwidth=2 sts=2 expandtab +-- +2.43.7 + diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index fc9b4db055a..fa63689ef16 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -17,6 +17,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ file://CVE-2026-33412.patch \ + file://CVE-2026-25749.patch \ " PV .= ".1683" From patchwork Thu Apr 9 23:10:26 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85762 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45A1DF36B95 for ; Thu, 9 Apr 2026 23:11:43 +0000 (UTC) Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.145079.1775776302340420827 for ; Thu, 09 Apr 2026 16:11:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=MSIxVzkc; spf=pass (domain: smile.fr, ip: 209.85.128.66, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f66.google.com with SMTP id 5b1f17b1804b1-48897fd88ebso14941075e9.2 for ; Thu, 09 Apr 2026 16:11:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776300; x=1776381100; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WgRB6mtwS4X69iuWHKU2dnIK3AY7Udca1dpaZwyjjkQ=; b=MSIxVzkchRhHK0qyfhaM0aEz+Hka5ao7R3O6VIuZh2U3kPpR1vcClIHMsL1Y85YpRH aVDfyN8+Lv/UlpKCcP8P8k/GYLymHS69DY4UH/oiMJoPTv/zHQ5FbhJoRqaQCF2ni+Mo zrGoQsSoUY2HRv/DrNHMkqyRuANY59WMSOztA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776300; x=1776381100; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=WgRB6mtwS4X69iuWHKU2dnIK3AY7Udca1dpaZwyjjkQ=; b=KamVlOjFznE/FONpligGokhFseCMccgB5j9I6+Hp9zddhDT22P6ciXk0bb0CDTLGWF sfBOGcNGnV8qNaRY81A/3lRWHF+rj7NgAhljGRWN/ZKt+4kafSSGeLt9oM5DpgR4fFv7 XtstR9eRTaSujj8Vab8shbTWSdzNXtkbOf6uOqr5Y9Zr1Q/0sRxluX//FxaMCvnbBu9p 5Y9SDlZ1wi6j/TRv1NNys9Yt/2lweqg25dm3qYEa1Z5AypSU1k34IauXS8HZbdLwzUfM R+8dOq0MBapiLcHZP+YfB1vYw7mx7TWSux2fPF+lfG+pQ33B2qYa1ne42kY/VCP3bsL5 ZXTw== X-Gm-Message-State: AOJu0Ywh/81lXUnC6Xq/K42PFTSdjafy8EQZX6ga2W40kZAT85uK/+0t sgZ3yRM2mErc14RiVh3ZcydttoVe1H8bKeqvmixV6yaYlfmoEew7HuTfG+ca3o8mdt2KzOwYXKo zOX8MgyA6CbXm X-Gm-Gg: AeBDies2XqolmqWLeCo5OIfsZRoFksy4T7URoBsSLz72Ba8e2tmZxd0ZxAmnY370xDy XgFVEJ4QNtU35CGfztXXi8orDHyGcg/bxVjZsN2a++x0rwNuWlFKs9p+W1tAWzbEI8lq/W86sJ2 bdO4SK362F17rg4qFauI1V/+kIHgw4BFeo4R3vo5UjCSIdDfzIj0LSbHo/hhcGobqAqhCHufH/Y PY9FvtThWmzksKQLiPzRStirHyBwoLL44z1WfA0lmIq7XxPIGxx+CWZS6NJ9+2jQxYVMcyvqck+ alKvv7hZh0gE5I7eSJ9pBQt89drzLQ4SOEAxlRh3qt8L4+mGVWc/dMRtbU7FrvAuPJ6uFOJnp4e WF+ZUZvU+Oj+ZDDEetkJ32824DcatPPuoVg8cR0Q9whBSZSYnTPGZsbNcraGycD6uD/hSboQQqK 3fUGvuOVSp2QsFweq7PDLTg161smUnC2EbpmUEAy7JtTWJttlymXQJBfDvTJ17rd5r2mRWo1SmX DLh15xKBRXMb8I4DFZy+18igtQi X-Received: by 2002:a05:600c:c117:b0:486:fb69:4960 with SMTP id 5b1f17b1804b1-488d68af0e7mr5018845e9.19.1775776300389; Thu, 09 Apr 2026 16:11:40 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:39 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 26/30] vim: Fix CVE-2026-26269 Date: Fri, 10 Apr 2026 01:10:26 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:43 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234985 From: Hitendra Prajapati Pick patch from [1] also mentioned in [2] [1] https://github.com/vim/vim/commit/c5f312aad8e4179e437f81ad39a860cd0ef11970 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-26269 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../vim/files/CVE-2026-26269.patch | 150 ++++++++++++++++++ meta/recipes-support/vim/vim.inc | 1 + 2 files changed, 151 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2026-26269.patch diff --git a/meta/recipes-support/vim/files/CVE-2026-26269.patch b/meta/recipes-support/vim/files/CVE-2026-26269.patch new file mode 100644 index 00000000000..1f9a72bca1d --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-26269.patch @@ -0,0 +1,150 @@ +From 3cc246980b800454dda0603af410c77a8c1926e0 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Fri, 13 Feb 2026 10:27:12 +0100 +Subject: [PATCH] patch 9.1.2148: [security]: Buffer overflow in netbeans + interface + +Problem: [security]: Buffer overflow in netbeans special_keys() handling +Solution: Limit writing to max KEYBUFLEN bytes to prevent writing out of + bounds. + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-9w5c-hwr9-hc68 + +CVE: CVE-2026-26269 +Upstream-Status: Backport [https://github.com/vim/vim/commit/c5f312aad8e4179e437f81ad39a860cd0ef11970] + +Backport Changes: +- Excluded changes to src/version.c from this backport. This file only tracks + upstream version increments. We are applying a security fix, not a version + upgrade. These changes were skipped to maintain current package versioning + and avoid merge conflicts. + +Signed-off-by: Christian Brabandt +(cherry picked from commit c5f312aad8e4179e437f81ad39a860cd0ef11970) +Signed-off-by: Anil Dongare +--- + runtime/doc/version9.txt | 5 +++ + src/netbeans.c | 2 +- + src/testdir/test_netbeans.py | 4 ++- + src/testdir/test_netbeans.vim | 57 +++++++++++++++++++++++++++++++++++ + 4 files changed, 66 insertions(+), 2 deletions(-) + +diff --git a/runtime/doc/version9.txt b/runtime/doc/version9.txt +index b82071757..b32400f17 100644 +--- a/runtime/doc/version9.txt ++++ b/runtime/doc/version9.txt +@@ -41899,4 +41899,9 @@ features, but does not include runtime file changes (syntax, indent, ftplugin, + documentation, etc.) + + ++Patch 9.1.2148 ++Problem: [security]: Buffer overflow in netbeans special_keys() handling ++Solution: Limit writing to max KEYBUFLEN bytes to prevent writing out of ++ bounds. ++ + vim:tw=78:ts=8:noet:ft=help:norl:fdm=manual:nofoldenable +diff --git a/src/netbeans.c b/src/netbeans.c +index 4f5378512..8a341a20b 100644 +--- a/src/netbeans.c ++++ b/src/netbeans.c +@@ -2302,7 +2302,7 @@ special_keys(char_u *args) + if ((sep = strchr(tok, '-')) != NULL) + { + *sep = NUL; +- while (*tok) ++ while (*tok && i + 2 < KEYBUFLEN) + { + switch (*tok) + { +diff --git a/src/testdir/test_netbeans.py b/src/testdir/test_netbeans.py +index 0d6b09680..585886fb4 100644 +--- a/src/testdir/test_netbeans.py ++++ b/src/testdir/test_netbeans.py +@@ -112,7 +112,9 @@ class ThreadedTCPRequestHandler(socketserver.BaseRequestHandler): + 'startAtomic_Test' : '0:startAtomic!94\n', + 'endAtomic_Test' : '0:endAtomic!95\n', + 'AnnoScale_Test' : "".join(['2:defineAnnoType!60 ' + str(i) + ' "s' + str(i) + '" "x" "=>" blue none\n' for i in range(2, 26)]), +- 'detach_Test' : '2:close!96\n1:close!97\nDETACH\n' ++ 'detach_Test' : '2:close!96\n1:close!97\nDETACH\n', ++ 'specialKeys_overflow_Test' : '0:specialKeys!200 "' + 'A'*80 + '-X"\n' ++ + } + # execute the specified test + if cmd not in testmap: +diff --git a/src/testdir/test_netbeans.vim b/src/testdir/test_netbeans.vim +index d3d5e8baf..d1be5066e 100644 +--- a/src/testdir/test_netbeans.vim ++++ b/src/testdir/test_netbeans.vim +@@ -958,6 +958,58 @@ func Nb_bwipe_buffer(port) + sleep 10m + endfunc + ++func Nb_specialKeys_overflow(port) ++ call delete("Xnetbeans") ++ call writefile([], "Xnetbeans") ++ ++ " Last line number in the Xnetbeans file. Used to verify the result of the ++ " communication with the netbeans server ++ let g:last = 0 ++ ++ " Establish the connection with the netbeans server ++ exe 'nbstart :localhost:' .. a:port .. ':bunny' ++ call WaitFor('len(ReadXnetbeans()) > (g:last + 2)') ++ let l = ReadXnetbeans() ++ call assert_equal(['AUTH bunny', ++ \ '0:version=0 "2.5"', ++ \ '0:startupDone=0'], l[-3:]) ++ let g:last += 3 ++ ++ " Open the command buffer to communicate with the server ++ split Xcmdbuf ++ let cmdbufnr = bufnr() ++ call WaitFor('len(ReadXnetbeans()) > (g:last + 2)') ++ let l = ReadXnetbeans() ++ call assert_equal('0:fileOpened=0 "Xcmdbuf" T F', ++ \ substitute(l[-3], '".*/', '"', '')) ++ call assert_equal('send: 1:putBufferNumber!15 "Xcmdbuf"', ++ \ substitute(l[-2], '".*/', '"', '')) ++ call assert_equal('1:startDocumentListen!16', l[-1]) ++ let g:last += 3 ++ ++ " Keep the command buffer loaded for communication ++ hide ++ ++ sleep 1m ++ ++ " Open the command buffer to communicate with the server ++ split Xcmdbuf ++ let cmdbufnr = bufnr() ++ call appendbufline(cmdbufnr, '$', 'specialKeys_overflow_Test') ++ call WaitFor('len(ReadXnetbeans()) >= (g:last + 6)') ++ call WaitForAssert({-> assert_match('send: 0:specialKeys!200 "A\{80}-X"', ++ \ ReadXnetbeans()[-1])}) ++ ++ " Verify that specialKeys test, still works after the previous junk ++ call appendbufline(cmdbufnr, '$', 'specialKeys_Test') ++ call WaitFor('len(ReadXnetbeans()) >= (g:last + 1)') ++ call WaitForAssert({-> assert_match('^send: 0:specialKeys!91 "F12 F13 C-F13"$', ++ \ ReadXnetbeans()[-1])}) ++ let g:last += 1 ++ ++ sleep 10m ++endfunc ++ + " This test used to reference a buffer after it was freed leading to an ASAN + " error. + func Test_nb_bwipe_buffer() +@@ -967,4 +1019,9 @@ func Test_nb_bwipe_buffer() + nbclose + endfunc + ++" Verify that the specialKeys argument does not overflow ++func Test_nb_specialKeys_overflow() ++ call s:run_server('Nb_specialKeys_overflow') ++endfunc ++ + " vim: shiftwidth=2 sts=2 expandtab +-- +2.43.7 + diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index fa63689ef16..2f222c52956 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -18,6 +18,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ file://CVE-2026-33412.patch \ file://CVE-2026-25749.patch \ + file://CVE-2026-26269.patch \ " PV .= ".1683" From patchwork Thu Apr 9 23:10:27 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85764 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0AF18F36B8D for ; Thu, 9 Apr 2026 23:11:53 +0000 (UTC) Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144846.1775776303629034090 for ; Thu, 09 Apr 2026 16:11:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=eKUFMDSq; spf=pass (domain: smile.fr, ip: 209.85.128.68, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f68.google.com with SMTP id 5b1f17b1804b1-488b00ed86fso15336075e9.3 for ; Thu, 09 Apr 2026 16:11:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776302; x=1776381102; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1LWViaJVvPgdAmOu1dVWASfhFpDZ0EbLVx1et8ts3CM=; b=eKUFMDSqV/n+DoR7ivevw0nNTqrLlssyO5P9YHDMm7dajravBMc1eZ1gBoXPAf4QZK 8tPBVLt/CsHLf+Kd/jc+F0OG8UyQCAplq1ofDmD8LzyasQ8AnwyiAkjuDOCU6n9WZVe0 k+ZNBkfn5ROkglETGT46JsOk14lBKFpIWPE6M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776302; x=1776381102; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=1LWViaJVvPgdAmOu1dVWASfhFpDZ0EbLVx1et8ts3CM=; b=bCAkq3Mp2P1jpnIw01Td5+5+WVBR5MGckg4vReB2KvzzA2AqZqZOcED17ShrTtbnuh 7DoU6CTfOe0/SWF8blSbDr7PVna88mwc+5dRjhTHEuTiQ/bqMlfleCV0BCFhAXBUQ1g0 Y033XSpN547WuTZZm7tyasYVAFXQK6R2uov+dmr9TDSnPI5mc+jgTpTDzQUZmtDF9g8b xPVzQSH+wa/Re9qNo6aRu1dkaNy5BNq0wwkELeFbLvx8zDdzJUi/jRx0PJEm8WQaP7Um qVAXryxOGbUIe9pZUrP4kpAQbMft9yQIdUT+eMTWWFoXNfHj7eE37BqWCMow05Kj5mDz y/mg== X-Gm-Message-State: AOJu0YyHgXsTZOKva0PWycs5RIx2EJT6rMOQoB+jC0XN92+4sV1XR51M ZotmrcUtESb/LL4zqTLfXeWRUfOEX6j9VusxiQzTjvez3k5VqPTHS3v2Am/mcjbjEBV1kF2UXRg nv4KUtSO6rGwR X-Gm-Gg: AeBDiesaatCLdvJP3Od+U0TUlaSeaYAmUp9mHWNthH6Rl0WBXIlz+qnKme1PHagtADq 1WwE3fmC64/rvZBh3p0UY8Igh5qc3jxvBXS09+THuBqKepKrfsYm1qFAcx4xYSfXbc6xUUjQWRL OlHzKynhkuql+Jey5hjMUeMzFjqPM9Djd729VGVgf6xOCZpW2ly0sO9T4F7+z3Q0Y75DfE/MSsO TJw+vhZwHAkOqtE0ZLPnwda4okXGfOuowpPK3E/xsIn1ejOEZaxsNYxs2JBXSrJRmPNSGRvKh/k qfySQsvaPctIMCHpaigRkJRfUG7SinCDKXb9YIJKkSOJ9KU0g0t2t2B9Xlm/mEImqSq6IV2ezk6 Y48h4qbe7dRT7Nh7sWWDbylR1limG696dK82KKAtyRPoKU8ZvJWvWoX9z7hiVEdNos0Qvywa40N PfnqxxnZMX5XBoI7cP+Q1vsOs1iwT5X1tSqduC2GXNQrzzUGzmCbIyew6haRMeCbT592yDK3X3Y D8dUZzzmFoi1F3xNZVtVanj76LX X-Received: by 2002:a05:600c:a316:b0:488:a07a:19e9 with SMTP id 5b1f17b1804b1-488d68688a6mr5282145e9.19.1775776301804; Thu, 09 Apr 2026 16:11:41 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:40 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 27/30] vim: Fix CVE-2026-28418 Date: Fri, 10 Apr 2026 01:10:27 +0200 Message-ID: <8cadabb525aa1ea57aa0316240ac8f9ec09161d9.1775775155.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234986 From: Hitendra Prajapati Pick patch from [1] also mentioned in [2] [1] https://github.com/vim/vim/commit/f6a7f469a9c0d09e84cd6cb46c3a9e76f684da2d [2] https://nvd.nist.gov/vuln/detail/CVE-2026-28418 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../vim/files/CVE-2026-28418.patch | 78 +++++++++++++++++++ meta/recipes-support/vim/vim.inc | 1 + 2 files changed, 79 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2026-28418.patch diff --git a/meta/recipes-support/vim/files/CVE-2026-28418.patch b/meta/recipes-support/vim/files/CVE-2026-28418.patch new file mode 100644 index 00000000000..3a80ba77f7d --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-28418.patch @@ -0,0 +1,78 @@ +From f6a7f469a9c0d09e84cd6cb46c3a9e76f684da2d Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Mon, 23 Feb 2026 18:30:11 +0000 +Subject: [PATCH] patch 9.2.0074: [security]: Crash with overlong emacs tag + file + +Problem: Crash with overlong emacs tag file, because of an OOB buffer + read (ehdgks0627, un3xploitable) +Solution: Check for end of buffer and return early. + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-h4mf-vg97-hj8j + +Signed-off-by: Christian Brabandt + +CVE: CVE-2026-28418 +Upstream-Status: Backport [https://github.com/vim/vim/commit/f6a7f469a9c0d09e84cd6cb46c3a9e76f684da2d] +Signed-off-by: Hitendra Prajapati +--- + src/tag.c | 3 +++ + src/testdir/test_taglist.vim | 15 +++++++++++++++ + src/version.c | 2 ++ + 3 files changed, 20 insertions(+) + +diff --git a/src/tag.c b/src/tag.c +index a32bbb2459..45af67f20d 100644 +--- a/src/tag.c ++++ b/src/tag.c +@@ -1902,6 +1902,9 @@ emacs_tags_new_filename(findtags_state_T *st) + + for (p = st->ebuf; *p && *p != ','; p++) + ; ++ // invalid ++ if (*p == NUL) ++ return; + *p = NUL; + + // check for an included tags file. +diff --git a/src/testdir/test_taglist.vim b/src/testdir/test_taglist.vim +index 5a946042be..506e64f7ae 100644 +--- a/src/testdir/test_taglist.vim ++++ b/src/testdir/test_taglist.vim +@@ -301,4 +301,19 @@ func Test_tag_complete_with_overlong_line() + set tags& + endfunc + ++" This used to crash Vim ++func Test_evil_emacs_tagfile() ++ CheckFeature emacs_tags ++ let longline = repeat('a', 515) ++ call writefile([ ++ \ "\x0c", ++ \ longline ++ \ ], 'Xtags', 'D') ++ set tags=Xtags ++ ++ call assert_fails(':tag a', 'E426:') ++ ++ set tags& ++endfunc ++ + " vim: shiftwidth=2 sts=2 expandtab +diff --git a/src/version.c b/src/version.c +index 712a3e637c..7d265ab641 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -724,6 +724,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 1685, + /**/ + 1684, + /**/ +-- +2.50.1 + diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 2f222c52956..713e2779362 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -19,6 +19,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://CVE-2026-33412.patch \ file://CVE-2026-25749.patch \ file://CVE-2026-26269.patch \ + file://CVE-2026-28418.patch \ " PV .= ".1683" From patchwork Thu Apr 9 23:10:28 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85765 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F755F36B91 for ; Thu, 9 Apr 2026 23:11:53 +0000 (UTC) Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.145081.1775776305509768150 for ; Thu, 09 Apr 2026 16:11:45 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=0H2rHAkd; spf=pass (domain: smile.fr, ip: 209.85.128.65, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f65.google.com with SMTP id 5b1f17b1804b1-488b8bc6bc9so9840525e9.3 for ; Thu, 09 Apr 2026 16:11:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776304; x=1776381104; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=MdZr4nAtbs2Lcg82Mqgy0e/UF/0j8A/T4NQbmG4ttd4=; b=0H2rHAkdiX9EZvCApTsk2L8h9JpFeBDTGrfWkguYG2JtZypFc4/SOvKdY1J9TKf/JY Jobx4RUHWZ+vvXc/JxlXG5ZL7NjBBa3ovYlXX8Mjv29FoRydE2Ns+ijLxNzqx4BsNJkp O2NFMeRRbwzGDbbBHjSnPbAH3Ww3I+u5B2IJA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776304; x=1776381104; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=MdZr4nAtbs2Lcg82Mqgy0e/UF/0j8A/T4NQbmG4ttd4=; b=NQTIHKqgCPenAbktYSTigHuJple9ZLdgM6byD83wgXKWhJ1IwuD/KxKFu3lxDtMzYQ MQJprWaFLkVR8Sjjf6iKpb0B3IdY5B/vTuDJ+HhR7GV8+MajUcW/1MfJkXMSBoPbbj9F 3gSZZKeVBSQnRPaRcG8ZNG6oAFLD8fvZr8xSDN9Equ3q7cviOBaDNsCuokMs0FjIGbNZ xst/z3b+n6OtLa7jAAxoXrc3xPb7MfCA2sWFQLuTubYzKHgOWYAdTzl2dX2IU+ksaKCB SRHJy6aNWGT/jQegLMuyhlFevb5L+BtXEz46zrFwBNs1f3XiJbWEvxRKa48PQ1hROsiJ FEhQ== X-Gm-Message-State: AOJu0YzCkmYVjvA0tsoyZmxJeO2qUFMqRmBg4m0c6lCygim9/VqdyAnP FULwp62Blp5HRw6kQ52MAwSSvEMxSjdfHrK8GWlb62g2rdIGgmUOZxsI7iUJ7BLQ+P2s/Ah4GSv UajUYyWmnLdDU X-Gm-Gg: AeBDievfewikpWLudquoQmEqh6izxCqb8MEHd9TNCKgc/g8EWXNMqvBMtwFAgocM1OR ceoujuwzJ/ajIuMh93/fkTTfI6CKrytC0xWhwprkbViZQlA8L503lfmznCraDpelKnSogyKuvn+ rC3O2BzdM+OYSFax0BaHn64YcIoje0KSfDk9Lu11PbxGe8/+iRJLbjYR8NCtWZisx+57Ni8DzWu eCIjm0HBdy6fYnB7QyYosQzm9Nr4pcf6IEYrkhpI62kwdAHe77XYX32ucaWFdJTGpQBP4hREaZ/ oRiv8DW3VEuneMTuZOEY2dCDgPNVUEmQ6lVeTGnbpfY8yD8mMmFmibaHark9GLt4DkMHPhMbGU+ 7STuYLol3L6NJHLxwEqKuqjF6bk651H2ZSWQE3XhxR6Wml6JqLLzFFv4b/9rRgGgyhaXK/ykLGe VyVmnUl3ghjKs9HDJTggOm3JeAbA72bQU8m3nFfvoWk5ZMGS2tJibCPVLfH6ORzomEGivNuNFei c7xvQulBsn0cEG1bwCm+PQDKzVx X-Received: by 2002:a05:600c:5249:b0:488:c40b:c8bf with SMTP id 5b1f17b1804b1-488d680577dmr7380915e9.2.1775776303698; Thu, 09 Apr 2026 16:11:43 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:42 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 28/30] vim: Fix CVE-2026-28419 Date: Fri, 10 Apr 2026 01:10:28 +0200 Message-ID: <550a2a5e2d3b5aa08f50b89a0127187c3f76854c.1775775155.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234987 From: Hitendra Prajapati Pick patch from [1] also mentioned in [2] [1] https://github.com/vim/vim/commit/9b7dfa2948c9e1e5e32a5812812d580c7879f4a0 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-28419 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../vim/files/CVE-2026-28419.patch | 86 +++++++++++++++++++ meta/recipes-support/vim/vim.inc | 1 + 2 files changed, 87 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2026-28419.patch diff --git a/meta/recipes-support/vim/files/CVE-2026-28419.patch b/meta/recipes-support/vim/files/CVE-2026-28419.patch new file mode 100644 index 00000000000..91100a7e91e --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-28419.patch @@ -0,0 +1,86 @@ +From 9b7dfa2948c9e1e5e32a5812812d580c7879f4a0 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Mon, 23 Feb 2026 19:35:25 +0000 +Subject: [PATCH] patch 9.2.0075: [security]: Buffer underflow with emacs tag + file + +Problem: When parsing a malformed Emacs-style tags file, a 1-byte + heap-buffer-underflow read occurs if the 0x7f delimiter + appears at the very beginning of a line. This happens + because the code attempts to scan backward for a tag + name from the delimiter without checking if space exists. + (ehdgks0627, un3xploitable) +Solution: Add a check to ensure the delimiter (p_7f) is not at the + start of the buffer (lbuf) before attempting to isolate + the tag name. + +GitHub Advisory: +https://github.com/vim/vim/security/advisories/GHSA-xcc8-r6c5-hvwv + +Signed-off-by: Christian Brabandt + + +CVE: CVE-2026-28419 +Upstream-Status: Backport [https://github.com/vim/vim/commit/9b7dfa2948c9e1e5e32a5812812d580c7879f4a0] +Signed-off-by: Hitendra Prajapati +--- + src/tag.c | 3 +++ + src/testdir/test_taglist.vim | 16 ++++++++++++++++ + src/version.c | 2 ++ + 3 files changed, 21 insertions(+) + +diff --git a/src/tag.c b/src/tag.c +index 45af67f20d..d3a73997bb 100644 +--- a/src/tag.c ++++ b/src/tag.c +@@ -2023,6 +2023,9 @@ etag_fail: + } + else // second format: isolate tagname + { ++ if (p_7f == lbuf) ++ goto etag_fail; ++ + // find end of tagname + for (p = p_7f - 1; !vim_iswordc(*p); --p) + if (p == lbuf) +diff --git a/src/testdir/test_taglist.vim b/src/testdir/test_taglist.vim +index 506e64f7ae..42ecc4b76e 100644 +--- a/src/testdir/test_taglist.vim ++++ b/src/testdir/test_taglist.vim +@@ -316,4 +316,20 @@ func Test_evil_emacs_tagfile() + set tags& + endfunc + ++" This used to crash Vim due to a heap-buffer-underflow ++func Test_emacs_tagfile_underflow() ++ CheckFeature emacs_tags ++ " The sequence from the crash artifact: ++ let lines = [ ++ \ "\x0c\xff\xffT\x19\x8a", ++ \ "\x19\x19\x0dtags\x19\x19\x19\x00\xff\xff\xff", ++ \ "\x7f3\x0c" ++ \ ] ++ call writefile(lines, 'Xtags', 'D') ++ set tags=Xtags ++ call assert_fails(':tag a', 'E431:') ++ ++ set tags& ++endfunc ++ + " vim: shiftwidth=2 sts=2 expandtab +diff --git a/src/version.c b/src/version.c +index 7d265ab641..4f47ec2688 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -724,6 +724,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 1686, + /**/ + 1685, + /**/ +-- +2.50.1 + diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 713e2779362..b74c4a49c12 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://CVE-2026-25749.patch \ file://CVE-2026-26269.patch \ file://CVE-2026-28418.patch \ + file://CVE-2026-28419.patch \ " PV .= ".1683" From patchwork Thu Apr 9 23:10:29 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85767 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AE665F36B94 for ; Thu, 9 Apr 2026 23:11:53 +0000 (UTC) Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.144847.1775776306573280568 for ; Thu, 09 Apr 2026 16:11:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=M0j/ce0M; spf=pass (domain: smile.fr, ip: 209.85.128.66, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f66.google.com with SMTP id 5b1f17b1804b1-488a8ca4aadso15826125e9.3 for ; Thu, 09 Apr 2026 16:11:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776305; x=1776381105; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=h/Ye+f7BthEpP1oFiu0AFeFEWTFcP9JcHcob84EL8Go=; b=M0j/ce0M/qb4/UR2H0cUv5oIM6iTzZlOvjHjDk9SC1ktJmyszxx+Xn/RZKA5CKdi0n 4+ah/K0oI/rkltu3uEQ7V4/r5x8yUoRKY0ppWLlJ69U3qYgs04r1x8S0QOwiC4JOWgRV LLOuEOwDqu6VKO+QOdwvYQXMQkY83qBRz8mhU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776305; x=1776381105; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=h/Ye+f7BthEpP1oFiu0AFeFEWTFcP9JcHcob84EL8Go=; b=HeeMVv1JNeo6weVBCjZfQebaePeS5TIVUPH7P7YCyGfvStRExZNT86BC9hlrt5yKT7 PqwQ8by1U8nbowhXrxEiKMrzT9Hd/NugpU0rBRSsLHPquzJh0GfP/9OcFB22AVHE/DwG OL4n2CVNhlNBwB+Ui0s7MQ4k5bfx42VkuC6/LU/w2EjTtHELZq0S5Ue6r5RgbGvUXkrB vLdWnZEJYKRi2xmNyG4R3Ro4IWIuO5Yvxy4x4GitfFi+ryW5pCQDNjzTKIyLlHxyChBy swF2SAWJqqSG/ZvzseTfqWRf+rIrl6Qlqnyhlj8D5Ux/xbE2LOBGrJrzj/vV3rkurg+o l6aQ== X-Gm-Message-State: AOJu0Yzu3M/JAnQ6RYhfUQZWgD61zovEKMvnduxPBQfY4AssOtQQrf1f ORHk6RM1VvcFNGcdUrfqtU62YZGQks89oXIET1GztQWqiv+bOvtBF0Y6V3uK2JBlmJZqMLhX+Wo ZCFL175TEID3P X-Gm-Gg: AeBDieteSuALIWL8f+uLo5BC1pZYiHaLMhC3mic6OsycQ5egYT1Z6kpv8GQk1iPx3T9 LspY90C+bnuYf2op8m/Zm7C0+zHMxiqRKgA1fI5TszpZ0WrL6gvVjXZD0eMuvncHhsMj/LTiImV Okk3GNpQffwPNjvAEr4lT2JFHzbtJExwKgfNpA27uNaCYV9Ib3zL0JelE9z49BUGyrUFwEWafVr f6utPZXPnGexXSn+oSUq8wGkw7R+dQwbL2foT7AhkOUBJlq4lwICncRvljYzFTYCP9hJtrenvzX NG8a9fMy/o/aB231jVCoLoPZiiIaF7hSjsIm5+OoSxQ2xmUfUckD9g1wLFszTPC+PapIQi1l5Ls V+UOtgy6XPBII1lVgHkgkXk9fxUh+t5taonCi7N3n/y6Uwhg6mh1hgdGRxzpA81DTRiKenN32Xx UHvtIeE9cAgZOcr0DTDqjX5uzfNqe9j20s3XFnJV9hegf8ZQSN4keZmkq3Z/5DacNQN69PVWd+d fnLPvRKsBdcWRo73QD2JnUyw9zz X-Received: by 2002:a05:600c:5288:b0:488:b0a1:3cd9 with SMTP id 5b1f17b1804b1-488d684314bmr7661145e9.16.1775776304740; Thu, 09 Apr 2026 16:11:44 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:43 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 29/30] tcl: skip http11 tests Date: Fri, 10 Apr 2026 01:10:29 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234988 From: Ross Burton These tests are either unstable under load, or just unstable. A ticket has been filed upstream[1] but for now disable them. [ YOCTO #15467 ] [1] https://core.tcl-lang.org/tcl/tktview/3764f4e81f1483ab554c6d60f8483887bde28221 Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 8f1538518fd3a3017189b38437691ce358a2566a) Signed-off-by: Yoann Congal --- meta/recipes-devtools/tcltk/tcl/run-ptest | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/tcltk/tcl/run-ptest b/meta/recipes-devtools/tcltk/tcl/run-ptest index 87e025fce12..29dd57cde1a 100644 --- a/meta/recipes-devtools/tcltk/tcl/run-ptest +++ b/meta/recipes-devtools/tcltk/tcl/run-ptest @@ -5,8 +5,8 @@ export TZ="Europe/London" export TCL_LIBRARY=library # Some tests are overly strict with timings and fail on loaded systems. -# See bugs #14825 #14882 #15081 #15321. -SKIPPED_TESTS='async-* cmdMZ-6.6 event-* exit-1.* socket-* socket_inet-*' +# See bugs #14825 #14882 #15081 #15321 #15467. +SKIPPED_TESTS='async-* cmdMZ-6.6 event-* exit-1.* socket-* socket_inet-* http11-*' for i in `ls tests/*.test | awk -F/ '{print $2}'`; do ./tcltest tests/all.tcl -file $i -skip "$SKIPPED_TESTS" >$i.log 2>&1 From patchwork Thu Apr 9 23:10:30 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85766 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1601F36B96 for ; Thu, 9 Apr 2026 23:11:53 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.145082.1775776307566162620 for ; Thu, 09 Apr 2026 16:11:47 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=xPleAZKh; spf=pass (domain: smile.fr, ip: 209.85.128.67, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-4887ca8e529so9442665e9.0 for ; Thu, 09 Apr 2026 16:11:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775776306; x=1776381106; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=E7WGJo+r4HFWOocOezDDbAgVUcH9E73x0W7UiWaboFc=; b=xPleAZKh3cX7hrTK6Wu5MHBJqg9OcvVRO/tJ0oF/oyV/7VTsD0aLcJOPnNw/pub3x5 eqczTWO1uoiTCbbTzB9W4v8gIzke5frVFK4YlHQ9fyVKJrAl0NJAuPiwkYCQTK+zsc6+ Xx4UmoljGID7g4Gp0n5p4kg5CAhIfnttzUeKg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775776306; x=1776381106; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=E7WGJo+r4HFWOocOezDDbAgVUcH9E73x0W7UiWaboFc=; b=kaaurn1BiCMCRI3eZVk6L9pxON5ra71z8v0RSFdrr+VMRMs7jJlIrsGzoA+YQORdqe WV62B6gpVYafCLjedNOf2qwWbT4At6mxtc94ZTCdNCsHFgy79J4xqlvT96+AlDB3UbKH /0NQ7QfUv8bs1wloa+ZNWlaC4BI5FVIv+Fp9U0gX1mq7jmHnhJeP9WIVfGaDTMpOtls2 sonp6ZFoAQpazZsWiYUewnG7oxeZ0pnZyRW0PZNe8qadIfKPQvHEEIoNMJupjyGswrvR a5e7r/j8KkykE/UbNSXOa1aKH2ZtpRQ4TFv5Rz5f+GEcLW0//PgMdxF96V0yOt2o+AFr raGA== X-Gm-Message-State: AOJu0Yydlv6tFsijsnm+7LCKsV12TIhP2iGltzFG5bkBMwT6u3m2PWav wqTPcI4oosBLXMROc82mjpCA7kWTKvUNlSK+6Pp3jvps6ElbelFAkQ5KQwlBVFd/DL8/gcSaA3x QPvBJvxmPl1Kr X-Gm-Gg: AeBDieuswT2bS5Smb09vRCNm3KwZsnn4DhdlBiVTJc47qmQwYLQXZ5VRz48y5BNWswZ gPPTrLV/L9sau25ET49z5CquSvjnRWMD7pD7zWT/DF8rQQsIm1Qfa8LTgEjKeDnY0axheKJIVk8 ZUpjSiyLAfzKCixsZsyvfCWjkMoabRM2f3YtzPzAKX2ERWZKteoC2/SNWkkDDdWBfjn+CmrnEXa amc5EMLOgu9mjz3kwBjNJFS2W8CUO7QfF1NOjCKQaOO6rTtTEEPQ1awwF1dUGS8gXTHNzQC+K4o ehbo7j9iUuKUrv7VwAO9rYcdOvruzJCM7TIv1HQv6UsVeeOoFMYqIu759M6zyiiYfIeMll9isGN dcD4WlHsNtIawgQnffjl6e0/gXVGWPp2g0MFClN3MyKwl68cyavYN3HVSVy5+goTh4U3T4Uss6+ Tb3Pd3/mE8sn8Es3a4QKHSfjW5ZEhyQutUO/cSFppyZtObn7AjdU24o9pHU66jPEnh/KSZ5Ina/ VtV/885z/B5T+vxjJv9gpToLmoI X-Received: by 2002:a05:600c:3ba4:b0:488:c6e9:1e0c with SMTP id 5b1f17b1804b1-488d6847de9mr7796825e9.5.1775776305700; Thu, 09 Apr 2026 16:11:45 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00af4acfc73fc9518a.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:af4a:cfc7:3fc9:518a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d67e685csm7708855e9.6.2026.04.09.16.11.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 16:11:44 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v4 30/30] scripts/install-buildtools: Update to 4.0.34 Date: Fri, 10 Apr 2026 01:10:30 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Apr 2026 23:11:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234989 From: Yoann Congal Update to the 4.0.34 release of the 4.0 series for buildtools Signed-off-by: Yoann Congal --- scripts/install-buildtools | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install-buildtools b/scripts/install-buildtools index 6a1762c14b3..8754f2d773e 100755 --- a/scripts/install-buildtools +++ b/scripts/install-buildtools @@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout) DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools') DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto' -DEFAULT_RELEASE = 'yocto-4.0.33' -DEFAULT_INSTALLER_VERSION = '4.0.33' +DEFAULT_RELEASE = 'yocto-4.0.34' +DEFAULT_INSTALLER_VERSION = '4.0.34' DEFAULT_BUILDDATE = '202110XX' # Python version sanity check