From patchwork Wed May 13 19:52:59 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Benjamin Robin (Schneider Electric)"
 <benjamin.robin@bootlin.com>
X-Patchwork-Id: 88073
Return-Path: <benjamin.robin@bootlin.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9EF6ECD4F25
	for <webhook@archiver.kernel.org>; Wed, 13 May 2026 19:53:17 +0000 (UTC)
Received: from smtpout-02.galae.net (smtpout-02.galae.net [185.246.84.56])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.6019.1778701994796728912
 for <openembedded-core@lists.openembedded.org>;
 Wed, 13 May 2026 12:53:15 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@bootlin.com header.s=dkim header.b=Z7Q5kGk7;
 spf=pass (domain: bootlin.com, ip: 185.246.84.56,
 mailfrom: benjamin.robin@bootlin.com)
Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233])
	by smtpout-02.galae.net (Postfix) with ESMTPS id 9BB431A35A4
	for <openembedded-core@lists.openembedded.org>;
 Wed, 13 May 2026 19:53:12 +0000 (UTC)
Received: from mail.galae.net (mail.galae.net [212.83.136.155])
	by smtpout-01.galae.net (Postfix) with ESMTPS id 717285FE21;
	Wed, 13 May 2026 19:53:12 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon)
 with ESMTPSA id 69CFD11AF903E;
	Wed, 13 May 2026 21:53:10 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim;
	t=1778701991; h=from:subject:date:message-id:to:cc:mime-version:content-type:
	 content-transfer-encoding:in-reply-to:references;
	bh=+uAG8bM/hbx+pAzU5bFC48/b4T4g79uBCFc+yLu9WvA=;
	b=Z7Q5kGk7y4y6thGcQQvBBoVmDedvkzXz/EtAxHXJ9+7tbTKB73/VvmZh4qsu2++2eNdyBP
	5dy+GGasA9GxACu9PRF41O6wpD0BFr1LolzgcXwlaR+rlcNNbv2SydWZ1xC2+JDss9t54b
	WtwhRDxadhDmbKC59K10F8w/HII14vFdjcJPwQdF0/TSfUeOdlm8aW81wWx7NVwSK2a73O
	Wr/E3vSS6VtzQIRo1yNcxEWjT6vH37f/rmV4K3ywYM8DZtkl8st1133SrzCLa+7hRb2yD7
	v0A1HMX7kCh5EOcVfgtmf0Y5XcloW0vl7dauhhd5Y/NWqdhLyzMEi+UpgDIyVA==
From: "Benjamin Robin (Schneider Electric)" <benjamin.robin@bootlin.com>
Date: Wed, 13 May 2026 21:52:59 +0200
Subject: [wrynose][PATCH 1/3] python3-sbom-cve-check: Update to version
 1.3.1
MIME-Version: 1.0
Message-Id: 
 <20260513-update-sbom-cve-check-wrynose-v1-1-e6e368932274@bootlin.com>
References: 
 <20260513-update-sbom-cve-check-wrynose-v1-0-e6e368932274@bootlin.com>
In-Reply-To: 
 <20260513-update-sbom-cve-check-wrynose-v1-0-e6e368932274@bootlin.com>
To: openembedded-core@lists.openembedded.org
Cc: richard.purdie@linuxfoundation.org, ross.burton@arm.com,
 olivier.benjamin@bootlin.com, antonin.godard@bootlin.com,
 mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com,
 pascal.eberhard@se.com, wahid.essid@se.com,
 "Benjamin Robin (Schneider Electric)" <benjamin.robin@bootlin.com>
X-Mailer: b4 0.15.2
X-Last-TLS-Session-Version: TLSv1.3
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 13 May 2026 19:53:17 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/237003

For details on this new release which fixes various bugs, see:
https://github.com/bootlin/sbom-cve-check/releases/tag/v1.3.1

Also, update the LICENSE, which is now GPL-2.0-or-later instead of
GPL-2.0-only, to be compatible with the licence dependencies.

(cherry picked from commit 4f3a55803ff377dacac08c4131aa8a979e183886)
Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
---
 ...ython3-sbom-cve-check_1.3.0.bb => python3-sbom-cve-check_1.3.1.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/sbom-cve-check/python3-sbom-cve-check_1.3.0.bb b/meta/recipes-devtools/sbom-cve-check/python3-sbom-cve-check_1.3.1.bb
similarity index 76%
rename from meta/recipes-devtools/sbom-cve-check/python3-sbom-cve-check_1.3.0.bb
rename to meta/recipes-devtools/sbom-cve-check/python3-sbom-cve-check_1.3.1.bb
index 96fc167ecbc3..8120848a667d 100644
--- a/meta/recipes-devtools/sbom-cve-check/python3-sbom-cve-check_1.3.0.bb
+++ b/meta/recipes-devtools/sbom-cve-check/python3-sbom-cve-check_1.3.1.bb
@@ -1,11 +1,11 @@
 SUMMARY = "Lightweight SBOM CVE analysis tool"
 HOMEPAGE = "https://github.com/bootlin/sbom-cve-check"
 SECTION = "devel/python"
-LICENSE = "GPL-2.0-only"
+LICENSE = "GPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=570a9b3749dd0463a1778803b12a6dce"
 
 PYPI_PACKAGE = "sbom_cve_check"
-SRC_URI[sha256sum] = "dad6f9df848f6dd7b69922baef0ec187b66ad0847fe0cf62614529e27203e842"
+SRC_URI[sha256sum] = "675828b2f02f11620b7a229853a24d09264bf41161be5fbb80a92456f46a14e0"
 
 inherit pypi python_hatchling
 

From patchwork Wed May 13 19:53:00 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Benjamin Robin (Schneider Electric)"
 <benjamin.robin@bootlin.com>
X-Patchwork-Id: 88071
Return-Path: <benjamin.robin@bootlin.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 91ADECD37AC
	for <webhook@archiver.kernel.org>; Wed, 13 May 2026 19:53:17 +0000 (UTC)
Received: from smtpout-02.galae.net (smtpout-02.galae.net [185.246.84.56])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.5897.1778701995512046518
 for <openembedded-core@lists.openembedded.org>;
 Wed, 13 May 2026 12:53:16 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@bootlin.com header.s=dkim header.b=1vPDxN/s;
 spf=pass (domain: bootlin.com, ip: 185.246.84.56,
 mailfrom: benjamin.robin@bootlin.com)
Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233])
	by smtpout-02.galae.net (Postfix) with ESMTPS id E43D31A35A6;
	Wed, 13 May 2026 19:53:13 +0000 (UTC)
Received: from mail.galae.net (mail.galae.net [212.83.136.155])
	by smtpout-01.galae.net (Postfix) with ESMTPS id BAC2D5FE21;
	Wed, 13 May 2026 19:53:13 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon)
 with ESMTPSA id 0C71D11AF9040;
	Wed, 13 May 2026 21:53:11 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim;
	t=1778701992; h=from:subject:date:message-id:to:cc:mime-version:content-type:
	 content-transfer-encoding:in-reply-to:references;
	bh=RNH0ndtyBNa/6W8MZcaTxXiH6Gt2CSjN7jasVwAqGe4=;
	b=1vPDxN/s7SMJSLbqwsrqHUlpELyEacU2cuCBeQUijH/y6IIAc/SyDbnCqksbCnWWZ2aytE
	ah1pP/vC/sb59LJ609GTfObQd6/V7So4dG7YqNBa1i5cfCWCBo6bNMCYXBJXTJ+angD/3p
	msifNC1Xj4NGRGhhMIfyDydGSbFddyly/ZEfLjddJnQP5Rwnpy7TDPxM9wF0ioWKhqhop+
	XsQmc4GzXs0+80yt1JjaH2JlrjcZil9ZGbxdyBEOCMSampqsVfGXIvZal8YlJgKAiYKd3P
	jPo3nywe3EXHDsTEhbrGvMaeTXSzWymLql0MTfBTbtVH39w6iYJNRcv0K2hA8w==
From: "Benjamin Robin (Schneider Electric)" <benjamin.robin@bootlin.com>
Date: Wed, 13 May 2026 21:53:00 +0200
Subject: [wrynose][PATCH 2/3] sbom-cve-check-update-cvelist-native: Update
 source revision
MIME-Version: 1.0
Message-Id: 
 <20260513-update-sbom-cve-check-wrynose-v1-2-e6e368932274@bootlin.com>
References: 
 <20260513-update-sbom-cve-check-wrynose-v1-0-e6e368932274@bootlin.com>
In-Reply-To: 
 <20260513-update-sbom-cve-check-wrynose-v1-0-e6e368932274@bootlin.com>
To: openembedded-core@lists.openembedded.org
Cc: richard.purdie@linuxfoundation.org, ross.burton@arm.com,
 olivier.benjamin@bootlin.com, antonin.godard@bootlin.com,
 mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com,
 pascal.eberhard@se.com, wahid.essid@se.com,
 "Benjamin Robin (Schneider Electric)" <benjamin.robin@bootlin.com>
X-Mailer: b4 0.15.2
X-Last-TLS-Session-Version: TLSv1.3
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 13 May 2026 19:53:17 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/237004

Update source revision to cve_2026-05-07_1300Z

(cherry picked from commit 0c28104d4607513f4b6d4b7f845aabd2c9f1be61)
Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
---
 .../sbom-cve-check/sbom-cve-check-update-cvelist-native.bb            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-cvelist-native.bb b/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-cvelist-native.bb
index 338712216590..3763e7f21f7a 100644
--- a/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-cvelist-native.bb
+++ b/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-cvelist-native.bb
@@ -6,7 +6,7 @@ HOMEPAGE = "https://github.com/CVEProject/cvelistV5"
 SRC_URI = "git://github.com/CVEProject/cvelistV5.git;branch=main;protocol=https;destsuffix="
 SBOM_CVE_CHECK_DB_NAME = "cvelist"
 
-# 2026-03-19_baseline
-SRCREV = "ada54ee3cc8380820aa45e4996910bdc9dcb94e7"
+# cve_2026-05-07_1300Z
+SRCREV = "dd0e93c75034d0167498174c886a56729edc44de"
 
 require sbom-cve-check-update-db.inc

From patchwork Wed May 13 19:53:01 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Benjamin Robin (Schneider Electric)"
 <benjamin.robin@bootlin.com>
X-Patchwork-Id: 88072
Return-Path: <benjamin.robin@bootlin.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C72D7CD4F3F
	for <webhook@archiver.kernel.org>; Wed, 13 May 2026 19:53:17 +0000 (UTC)
Received: from smtpout-02.galae.net (smtpout-02.galae.net [185.246.84.56])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.5899.1778701996497520526
 for <openembedded-core@lists.openembedded.org>;
 Wed, 13 May 2026 12:53:16 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@bootlin.com header.s=dkim header.b=BP/CkvKc;
 spf=pass (domain: bootlin.com, ip: 185.246.84.56,
 mailfrom: benjamin.robin@bootlin.com)
Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233])
	by smtpout-02.galae.net (Postfix) with ESMTPS id E5B921A35A5;
	Wed, 13 May 2026 19:53:14 +0000 (UTC)
Received: from mail.galae.net (mail.galae.net [212.83.136.155])
	by smtpout-01.galae.net (Postfix) with ESMTPS id BADCA5FE21;
	Wed, 13 May 2026 19:53:14 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon)
 with ESMTPSA id 4617D11AF9038;
	Wed, 13 May 2026 21:53:13 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim;
	t=1778701994; h=from:subject:date:message-id:to:cc:mime-version:content-type:
	 content-transfer-encoding:in-reply-to:references;
	bh=3O5+LiRiUKJQlcdk24HEiemCLHeZ50SzDyQ16FcqjD8=;
	b=BP/CkvKcsxxtpESacPuoMnjaXNUjA5VHgv1OtT47wEcC+ZCYX/1CQ5WRoeOXEYAEiCzc3Z
	+mhWyXNewrXxREV+SLKbaLwylPQjub38L9E7LIRxOG6WhSinjO/N83WXG4yZ+9XI9PCRs7
	0RXWz2oliQOl+WBCVjBKaHSUKPuTxzQgdl/6b/OKSr8ktikEQeHXwmoSgP7pHP1v3EVci9
	N+g1KzR7KfdF1USdUNerp9uDhiCDIMulHpLG7DdY36Vi2aP6iOH2n4sQoYRgVj1hQl9z7B
	W+Vo8fhLQURsqzbCPpFZcamL6KJrPRVEVGTUtHDDmQUGJ66SCOJ88Qed8p5Dyw==
From: "Benjamin Robin (Schneider Electric)" <benjamin.robin@bootlin.com>
Date: Wed, 13 May 2026 21:53:01 +0200
Subject: [wrynose][PATCH 3/3] sbom-cve-check-update-nvd-native: Update
 source revision
MIME-Version: 1.0
Message-Id: 
 <20260513-update-sbom-cve-check-wrynose-v1-3-e6e368932274@bootlin.com>
References: 
 <20260513-update-sbom-cve-check-wrynose-v1-0-e6e368932274@bootlin.com>
In-Reply-To: 
 <20260513-update-sbom-cve-check-wrynose-v1-0-e6e368932274@bootlin.com>
To: openembedded-core@lists.openembedded.org
Cc: richard.purdie@linuxfoundation.org, ross.burton@arm.com,
 olivier.benjamin@bootlin.com, antonin.godard@bootlin.com,
 mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com,
 pascal.eberhard@se.com, wahid.essid@se.com,
 "Benjamin Robin (Schneider Electric)" <benjamin.robin@bootlin.com>
X-Mailer: b4 0.15.2
X-Last-TLS-Session-Version: TLSv1.3
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 13 May 2026 19:53:17 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/237005

Update source revision to v2026.05.07-000006

(cherry picked from commit 332514c320eff2e74246e41cd49592f6c3c5dc6c)
Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
---
 .../sbom-cve-check/sbom-cve-check-update-nvd-native.bb                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-nvd-native.bb b/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-nvd-native.bb
index c868ba09c18d..26a14e6eb169 100644
--- a/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-nvd-native.bb
+++ b/meta/recipes-devtools/sbom-cve-check/sbom-cve-check-update-nvd-native.bb
@@ -6,7 +6,7 @@ HOMEPAGE = "https://github.com/fkie-cad/nvd-json-data-feeds"
 SRC_URI = "git://github.com/fkie-cad/nvd-json-data-feeds.git;branch=main;protocol=https;destsuffix="
 SBOM_CVE_CHECK_DB_NAME = "nvd-fkie"
 
-# v2026.03.19-010002
-SRCREV = "49f8bbe1b0b0884e16bdc37ab68db997085570a7"
+# v2026.05.07-000006
+SRCREV = "72d8841c8ad9083ebf6723063f275444ea0d76f9"
 
 require sbom-cve-check-update-db.inc