From patchwork Fri May 8 09:49:25 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Benjamin Robin X-Patchwork-Id: 87741 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0A4B8CD3447 for ; Fri, 8 May 2026 09:49:38 +0000 (UTC) Received: from smtpout-03.galae.net (smtpout-03.galae.net [185.246.85.4]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.10184.1778233772662805396 for ; Fri, 08 May 2026 02:49:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=zURifmwc; spf=pass (domain: bootlin.com, ip: 185.246.85.4, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-03.galae.net (Postfix) with ESMTPS id 748B64E42C4F; Fri, 8 May 2026 09:49:30 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 42AD2606E3; Fri, 8 May 2026 09:49:30 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id AEB541081976F; Fri, 8 May 2026 11:49:28 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1778233769; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=vrErO1Y0K1UFb96k0LiFlIHeKhVu31FLB4AQkTSV/yU=; b=zURifmwcbT+q0KSDgd3AEZ6ZbghTS6Fz2EiUWiNWeP7BVZp1kquZ9QyFuQdHQFNtefmDCe wUsYEsuD2XLlxHsFzzKGzvIRApaSYhXV+HXrX/wRTJvJHZal+H70uhaukCg8MUIvrglppd 5ilYFazBYMNpXSYYvI5pc8FqU69R0j99dU9KpCzo/+o6sXhMU3miUOz/t566Bl50feZZiY 8e3+ZRZhuP9EtRbBKtbLeNMRWmIZ4c5Dz7ae7zcXT9Gp7HqCY/mDi+Lw4Gb2eWkoFyOO6M CzIVPHhkXmsjgqeGROJYTckW7pcZTDhXLHDjoSt6OBcgM2Bus0rW6CHiBeU75A== From: "Benjamin Robin (Schneider Electric)" Date: Fri, 08 May 2026 11:49:25 +0200 Subject: [PATCH v2 1/3] python3-sbom-cve-check: Update to version 1.3.1 MIME-Version: 1.0 Message-Id: <20260508-update-sbom-cve-check-v2-1-386df4c5e6a4@bootlin.com> References: <20260508-update-sbom-cve-check-v2-0-386df4c5e6a4@bootlin.com> In-Reply-To: <20260508-update-sbom-cve-check-v2-0-386df4c5e6a4@bootlin.com> To: openembedded-core@lists.openembedded.org Cc: richard.purdie@linuxfoundation.org, peter.marko@siemens.com, ross.burton@arm.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, pascal.eberhard@se.com, wahid.essid@se.com, "Benjamin Robin (Schneider Electric)" X-Mailer: b4 0.15.2 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 08 May 2026 09:49:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/236699 For details on this new release which fixes various bugs, see: https://github.com/bootlin/sbom-cve-check/releases/tag/v1.3.1 Also, update the LICENSE, which is now GPL-2.0-or-later instead of GPL-2.0-only, to be compatible with the licence dependencies. Signed-off-by: Benjamin Robin (Schneider Electric) --- ...ython3-sbom-cve-check_1.3.0.bb => python3-sbom-cve-check_1.3.1.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/sbom-cve-check/python3-sbom-cve-check_1.3.0.bb b/meta/recipes-devtools/sbom-cve-check/python3-sbom-cve-check_1.3.1.bb similarity index 76% rename from meta/recipes-devtools/sbom-cve-check/python3-sbom-cve-check_1.3.0.bb rename to meta/recipes-devtools/sbom-cve-check/python3-sbom-cve-check_1.3.1.bb index 96fc167ecbc3..8120848a667d 100644 --- a/meta/recipes-devtools/sbom-cve-check/python3-sbom-cve-check_1.3.0.bb +++ b/meta/recipes-devtools/sbom-cve-check/python3-sbom-cve-check_1.3.1.bb @@ -1,11 +1,11 @@ SUMMARY = "Lightweight SBOM CVE analysis tool" HOMEPAGE = "https://github.com/bootlin/sbom-cve-check" SECTION = "devel/python" -LICENSE = "GPL-2.0-only" +LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://LICENSE;md5=570a9b3749dd0463a1778803b12a6dce" PYPI_PACKAGE = "sbom_cve_check" -SRC_URI[sha256sum] = "dad6f9df848f6dd7b69922baef0ec187b66ad0847fe0cf62614529e27203e842" +SRC_URI[sha256sum] = "675828b2f02f11620b7a229853a24d09264bf41161be5fbb80a92456f46a14e0" inherit pypi python_hatchling From patchwork Fri May 8 09:49:26 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Benjamin Robin X-Patchwork-Id: 87740 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 09134CD3436 for ; Fri, 8 May 2026 09:49:38 +0000 (UTC) Received: from smtpout-03.galae.net (smtpout-03.galae.net [185.246.85.4]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.10185.1778233773158204408 for ; Fri, 08 May 2026 02:49:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=Wnqkpt7l; spf=pass (domain: bootlin.com, ip: 185.246.85.4, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-03.galae.net (Postfix) with ESMTPS id 8F6584E42C4E; Fri, 8 May 2026 09:49:31 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 64C1F606E9; Fri, 8 May 2026 09:49:31 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id D2B6C10819771; Fri, 8 May 2026 11:49:29 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1778233770; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=XXZGDV68p96Yr0Y/kCr8p3SSPVyk/EudlrYYpLK6FPs=; b=Wnqkpt7lXeIc8EixFgCc0ZOw8PnKu/9v0KWbFTn4KKlnwG32rpv/uKFPLzQU4Pc3m6lfUM o8P8Hh6tzp5sRYbqGYLDnSImL2xcl3YS3smCWsDhwnmp9M5+VbgbMWCSutsMj83q8gU2gc ahHnc7vb/oXVRjtf7hSd3CHAg58g2S5TflF3T+Qjx1v8DZm4ZmXG+ygnONlHfO8k8hIgto j15mQiILbmvu9ye7GdyknmdVQoMQSkA/BlcCFDcM9ieT6ip7G/G9jOKNPcWSc+yMTP/kRu mnr81DrVYnJ5CP8kFM2uRLpvCJAaAdWCBC9PNQav7nOtZGrLWzMJkDjImIxlFg== From: "Benjamin Robin (Schneider Electric)" Date: Fri, 08 May 2026 11:49:26 +0200 Subject: [PATCH v2 2/3] sbom-cve-check-update-cvelist-native: Update source revision MIME-Version: 1.0 Message-Id: <20260508-update-sbom-cve-check-v2-2-386df4c5e6a4@bootlin.com> References: <20260508-update-sbom-cve-check-v2-0-386df4c5e6a4@bootlin.com> In-Reply-To: <20260508-update-sbom-cve-check-v2-0-386df4c5e6a4@bootlin.com> To: openembedded-core@lists.openembedded.org Cc: richard.purdie@linuxfoundation.org, peter.marko@siemens.com, ross.burton@arm.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, pascal.eberhard@se.com, wahid.essid@se.com, "Benjamin Robin (Schneider Electric)" X-Mailer: b4 0.15.2 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 08 May 2026 09:49:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/236700 Update source revision to cve_2026-05-07_1300Z Signed-off-by: Benjamin Robin (Schneider Electric) --- .../sbom-cve-check/sbom-cve-check-update-cvelist-native.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-cvelist-native.bb b/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-cvelist-native.bb index 338712216590..3763e7f21f7a 100644 --- a/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-cvelist-native.bb +++ b/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-cvelist-native.bb @@ -6,7 +6,7 @@ HOMEPAGE = "https://github.com/CVEProject/cvelistV5" SRC_URI = "git://github.com/CVEProject/cvelistV5.git;branch=main;protocol=https;destsuffix=" SBOM_CVE_CHECK_DB_NAME = "cvelist" -# 2026-03-19_baseline -SRCREV = "ada54ee3cc8380820aa45e4996910bdc9dcb94e7" +# cve_2026-05-07_1300Z +SRCREV = "dd0e93c75034d0167498174c886a56729edc44de" require sbom-cve-check-update-db.inc From patchwork Fri May 8 09:49:27 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Benjamin Robin X-Patchwork-Id: 87742 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18FDFCD3436 for ; Fri, 8 May 2026 10:07:58 +0000 (UTC) Received: from smtpout-04.galae.net (smtpout-04.galae.net [185.171.202.116]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.10415.1778234872870389478 for ; Fri, 08 May 2026 03:07:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=uzr964qO; spf=pass (domain: bootlin.com, ip: 185.171.202.116, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-04.galae.net (Postfix) with ESMTPS id 8BFC4C5DC6F; Fri, 8 May 2026 10:08:38 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 5EEEC606FD; Fri, 8 May 2026 09:49:32 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id D859E10819772; Fri, 8 May 2026 11:49:30 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1778233771; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=q/3HsE7CHjHGLEBLMXWQBPxny9/te5X+NH3pwugR8Kw=; b=uzr964qO8ntDrmQVVlTGfDGgQ40hso4J/ZaP2hPE3scKL8zYtu4imMYMhTA8LKgepOOW1V T6WuvJMoiPprG/YB9N06eLANuCCEGxAxp/eH4TGCEDtwVkIUzNPnYjAWHh57Th/e0gxc/T nXApf6hTJr/g7QlIjV7mdDIAi+d1B9pG560gecyA4iN2Uwuj7u4suYoct1LTaRxb0kKNUN qYCzLP01N90f+gbE97RdaOaq4jl9PIXsDpdLEU1T/6oKuoZ1fLr+SdjcRQYFsr0T/1zGDt lrBW+L0XM4sJd9vfAIO5GAP32tqeNrcJDm5P872dQQdsNG3IzTkVIJ83L8W9Jg== From: "Benjamin Robin (Schneider Electric)" Date: Fri, 08 May 2026 11:49:27 +0200 Subject: [PATCH v2 3/3] sbom-cve-check-update-nvd-native: Update source revision MIME-Version: 1.0 Message-Id: <20260508-update-sbom-cve-check-v2-3-386df4c5e6a4@bootlin.com> References: <20260508-update-sbom-cve-check-v2-0-386df4c5e6a4@bootlin.com> In-Reply-To: <20260508-update-sbom-cve-check-v2-0-386df4c5e6a4@bootlin.com> To: openembedded-core@lists.openembedded.org Cc: richard.purdie@linuxfoundation.org, peter.marko@siemens.com, ross.burton@arm.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, pascal.eberhard@se.com, wahid.essid@se.com, "Benjamin Robin (Schneider Electric)" X-Mailer: b4 0.15.2 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 08 May 2026 10:07:58 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/236703 Update source revision to v2026.05.07-000006 Signed-off-by: Benjamin Robin (Schneider Electric) --- .../sbom-cve-check/sbom-cve-check-update-nvd-native.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-nvd-native.bb b/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-nvd-native.bb index c868ba09c18d..26a14e6eb169 100644 --- a/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-nvd-native.bb +++ b/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-nvd-native.bb @@ -6,7 +6,7 @@ HOMEPAGE = "https://github.com/fkie-cad/nvd-json-data-feeds" SRC_URI = "git://github.com/fkie-cad/nvd-json-data-feeds.git;branch=main;protocol=https;destsuffix=" SBOM_CVE_CHECK_DB_NAME = "nvd-fkie" -# v2026.03.19-010002 -SRCREV = "49f8bbe1b0b0884e16bdc37ab68db997085570a7" +# v2026.05.07-000006 +SRCREV = "72d8841c8ad9083ebf6723063f275444ea0d76f9" require sbom-cve-check-update-db.inc