From patchwork Fri Jun 5 22:33:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89410 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7288ECD6E7C for ; Fri, 5 Jun 2026 22:34:26 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6124.1780698855852560764 for ; Fri, 05 Jun 2026 15:34:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=r9Hi8VG4; spf=pass (domain: smile.fr, ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-490b915ded5so19810945e9.3 for ; Fri, 05 Jun 2026 15:34:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698854; x=1781303654; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=iyyGxuwdJ4dilDZ2ieho2TzhrR6a0xQSZi6yPGKnXmQ=; b=r9Hi8VG4XL7/Hka+WuSWchiRweslARPKbI8B5MoPQQq4/DiVXpj/wJh3lfbrKiJxiy 8hFRL6WDD/32LnjoN9FJ+jpOpPuys2Dta2EqAP3nYEkjda4aHfGLeAFhxGqW49BMJoNG zZuy2IyJZA3z/f+ia4Yod2dfrvSck/LuPS1PE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698854; x=1781303654; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=iyyGxuwdJ4dilDZ2ieho2TzhrR6a0xQSZi6yPGKnXmQ=; b=nn4ks+IJX401Uj4WHHZEWtOa5scPoooLBTzHVAZ0dINTBj8Lt9FKQn/EIG9nJC9yV+ RfgY2FYletrNoHUWOw55kPeYkxztJIu4ZH/eVbXdfHxK/UWsVOO7F7LRx99yCwij8pFN ZOWkwMqDA8L5r1nKIdv1+4pangAP3sbb6HLYfCUDbHNm2EyNFxizeq05bb1ZRD7R5Qc9 hhgNh7fgpeVmN9au4i7Q8pBq6igT7rk4gexVDp4jkAck9Mb9xzW114EvWHE2x567CgTo +jYERAw4Qx96eTozfCdOwDXDICeSVWCBMlfJve7beBMeS4KAQ6/bMZmMHuV3ZcaKYpa5 fQHg== X-Gm-Message-State: AOJu0YySjk2F20RW+05i6KXPBma4AHwSeTxkAqDk+E2Y0jEyOMcpWcUA VfJnyVEq2LO+qzPJ+El6qt1WSP0o0PmO6vgHClL3OYOTDc3+SpH9nNIp+CNj1v6NN9Oc/AiZd8S lTb3y X-Gm-Gg: Acq92OEI2lv42jIPXo/8pTn/pVevWB/8Dnd/cyL+raNb3U+LpjgyNYSBGTYwlZIprSD +qbyzq3xiZt51YIkpQJZJFqIbUMgEqVYH4VbHFtvjwSd9fLkBsdx6UXXuT/xPznEVuoT1romaPc VVmzF0RPuJm49HOZ+ceyKsxfQ3ujNL3Y4+sUgUwU/vuXO90XrL+gFnAXBS8wttCn1rJX97UOHDf 54ephboUzmXiv6BD7DMfPwdbr/DbNUSxkzPu9GRn+/LR4Z5gMEj2wlcozNbMOHt3JZV5IRm5JLf 29MkYS0CDcvWV06r0txFqSDXX+pbDh85HVg2CwMGH6RNwoqTG6cDQ7rnmmZW+93+LMSfARTiFFK NK0aOPG/wqtbe8F7ooCB855zQ8dhTba/caqyanBbdzc3QnX1dyJtgHrrSnbmNFHkXOic0VlS/J6 LnwH+xIT2TCo6AkEwey9dj85jV2LuHFdof3i5fr6PlEgajQIeKw2CatvxVXmSFlujna80aSbZkB Dakij9xSR8YumWbnbkiDLeg9zRJrP8lzkEPefg= X-Received: by 2002:a05:600c:818c:b0:490:b0e1:2161 with SMTP id 5b1f17b1804b1-490c25b39fdmr104447755e9.2.1780698854104; Fri, 05 Jun 2026 15:34:14 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:13 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 01/25] cargo: set CVE_PRODUCT Date: Sat, 6 Jun 2026 00:33:46 +0200 Message-ID: <98088c90b6e37ab27e7b4b2546abe9ecd863c02e.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238188 From: Peter Marko This removes mediawiki:cargo CVEs from CVE metrics. * CVE-2026-39837, CVE-2026-39839, CVE-2026-39840, CVE-2026-39841 Signed-off-by: Peter Marko Signed-off-by: Richard Purdie (cherry picked from commit a5cb71e7df95925a5c342c341e699e244b1b84f6) Signed-off-by: Himanshu Jadon Signed-off-by: Yoann Congal --- meta/recipes-devtools/rust/cargo_1.75.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/rust/cargo_1.75.0.bb b/meta/recipes-devtools/rust/cargo_1.75.0.bb index a6d3f1754bc..573430ef4e7 100644 --- a/meta/recipes-devtools/rust/cargo_1.75.0.bb +++ b/meta/recipes-devtools/rust/cargo_1.75.0.bb @@ -17,6 +17,8 @@ require rust-snapshot.inc S = "${RUSTSRC}/src/tools/cargo" CARGO_VENDORING_DIRECTORY = "${RUSTSRC}/vendor" +CVE_PRODUCT = "rust-lang:cargo" + inherit cargo pkgconfig DEBUG_PREFIX_MAP += "-fdebug-prefix-map=${RUSTSRC}/vendor=${TARGET_DBGSRC_DIR}" From patchwork Fri Jun 5 22:33:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89409 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 613F6CD8C91 for ; Fri, 5 Jun 2026 22:34:26 +0000 (UTC) Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6270.1780698856246052124 for ; Fri, 05 Jun 2026 15:34:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=2hz7OEgv; spf=pass (domain: smile.fr, ip: 209.85.221.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f41.google.com with SMTP id ffacd0b85a97d-45ef6565cfdso1170772f8f.0 for ; Fri, 05 Jun 2026 15:34:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698855; x=1781303655; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=SAmvLPkFhWnd5HXo8z71joFsBaF2cCC91SDOVLFaa3c=; b=2hz7OEgvFclJg3srpGxtU63qzAsBQgraTYVA3k4nIoDeslGXO7BENm84UWWkA7x6gC nzzG19fkLQyVWNDWH5u1QJFHvCcpSWV9CWkIYosAhB7nFsMmIf8tXyxkPVzCrNH3bP5r 2bGk8X7UYHw1dU8rq5ZCugxZZe2j2KV5SuPS8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698855; x=1781303655; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=SAmvLPkFhWnd5HXo8z71joFsBaF2cCC91SDOVLFaa3c=; b=tNj/GGQ05bWdINNHNwJZubIkqqvSOPZpVxURI4FkZ/CKFTUx5I/IDLJ/NNEBJJE/Tr 2baexFDtlkPwR1n4UddW0IOVXhduwsEzTT1l+zd33YkA5tjZBysoJMcvH1ZlPaMMiM0l cPAcB4idQOOXrzbvNh0/9uxjBplQIqNrKlgG1zcRhaB5t9i2QICFdtXVEBXO2qL7QgqY oBLjMgrhPSzjpMseZYuLM9owSN8GurLMCYHAOeqMPyCKfmgskFgp9s0DXTaDX1RNWbzs DspC2/GDWUH2QPb/IF+R/T2qFRdmmtVOEIWP1UYoaE/thYZ7zjfxdlave6zZt9Z1/fU3 SuLw== X-Gm-Message-State: AOJu0Ywuwh6ewPuZEacET296XQv38PDZ87keZcVBKTaCjeOr3GFNxRkD QyTiflbsJzOsqbXrNxXXeLCJQIA4QG4SMHRbJien+ozaNAegiKgp6wb53KQ299MqAIKvAmPpJmj r/oIO X-Gm-Gg: Acq92OFHudC067hWvo68BB437xAnncO31zyMSdBeZtAu7MFBe8liXuwKC1N0tGIFRkm ARqXu3BG8AN+2m/0MrMyoNvwUoXpMRSVl0oK6dZp+QrNHomZDV6OaXMNOpcONKjacXPfBayy1x3 3p2s6n0NcFfa8a1oTyOzG+fRi+yehNsBASSd/t0hZ+/r0G+QLJIaN6NrubErL5JxU6lWfPeSvMP n6Evb/krDuw8qDksb55PcbO56j2oCjZl3C9JxJ6Nb3jDoNUNdKWkE/FndDMEPKUouOhtv1WZhhy HxPmqKuACceODh7iwJyKohM0kohuqqnL/wLNtfQ1borwGA+ov6ES9aQNgw2PNGoq0aGbL86fECX s6m2IhlmAU78MRRnGPJYLtjGb4BvBIc+Wug4QQu4XTK57wAApChc4BdAt1qste0RmiX2jm3EOmn qeeeGIHS9JzHgGFWZBx7tppyTTbwB7gBm3e0JsxT0kvtQbuSbe4WsWmaI0DZvFJJn5tqnpoDulU 2PkPexnumva28jjD0cA3tgmHvH4JUsQm8ELqDY= X-Received: by 2002:a05:600c:4fc6:b0:488:aa33:dcbd with SMTP id 5b1f17b1804b1-490c2615bdemr93799705e9.26.1780698854592; Fri, 05 Jun 2026 15:34:14 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:14 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 02/25] python3-requests: backport fix for CVE-2026-25645 Date: Sat, 6 Jun 2026 00:33:47 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238189 From: Ross Burton When unpacking zip files requests uses predictable paths. Backport a fix to use randomly generated pathnames to mitigate injection attacks. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit fe846d71b647fb06e6a87cb45a2dd9b0889e2891) Signed-off-by: Deepak Rathore Signed-off-by: Yoann Congal --- .../python3-requests/CVE-2026-25645.patch | 46 +++++++++++++++++++ .../python/python3-requests_2.32.4.bb | 7 ++- 2 files changed, 49 insertions(+), 4 deletions(-) create mode 100644 meta/recipes-devtools/python/python3-requests/CVE-2026-25645.patch diff --git a/meta/recipes-devtools/python/python3-requests/CVE-2026-25645.patch b/meta/recipes-devtools/python/python3-requests/CVE-2026-25645.patch new file mode 100644 index 00000000000..3bebba65726 --- /dev/null +++ b/meta/recipes-devtools/python/python3-requests/CVE-2026-25645.patch @@ -0,0 +1,46 @@ +From 66d21cb07bd6255b1280291c4fafb71803cdb3b7 Mon Sep 17 00:00:00 2001 +From: Nate Prewitt +Date: Wed, 25 Mar 2026 08:57:56 -0600 +Subject: [PATCH] Merge commit from fork + +Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function +uses a predictable filename when extracting files from zip archives into the system +temporary directory. If the target file already exists, it is reused without validation. +A local attacker with write access to the temp directory could pre-create a malicious +file that would be loaded in place of the legitimate one. Standard usage of the Requests +library is not affected by this vulnerability. Only applications that call +`extract_zipped_paths()` directly are impacted. Starting in version 2.33.0, the library +extracts files to a non-deterministic location. If developers are unable to upgrade, +they can set `TMPDIR` in their environment to a directory with restricted write access. + +CVE: CVE-2026-25645 +Upstream-Status: Backport [https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7] +Signed-off-by: Ross Burton +--- + src/requests/utils.py | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/src/requests/utils.py b/src/requests/utils.py +index d8803e6e91..54959bb8ab 100644 +--- a/src/requests/utils.py ++++ b/src/requests/utils.py +@@ -282,12 +282,13 @@ def extract_zipped_paths(path): + return path + + # we have a valid zip archive and a valid member of that archive +- tmp = tempfile.gettempdir() +- extracted_path = os.path.join(tmp, member.split("/")[-1]) +- if not os.path.exists(extracted_path): +- # use read + write to avoid the creating nested folders, we only want the file, avoids mkdir racing condition +- with atomic_open(extracted_path) as file_handler: +- file_handler.write(zip_file.read(member)) ++ suffix = os.path.splitext(member.split("/")[-1])[-1] ++ fd, extracted_path = tempfile.mkstemp(suffix=suffix) ++ try: ++ os.write(fd, zip_file.read(member)) ++ finally: ++ os.close(fd) ++ + return extracted_path + + diff --git a/meta/recipes-devtools/python/python3-requests_2.32.4.bb b/meta/recipes-devtools/python/python3-requests_2.32.4.bb index b86ecfba52d..9ebdd4f08aa 100644 --- a/meta/recipes-devtools/python/python3-requests_2.32.4.bb +++ b/meta/recipes-devtools/python/python3-requests_2.32.4.bb @@ -3,13 +3,12 @@ HOMEPAGE = "https://requests.readthedocs.io" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658" -SRC_URI:append:class-nativesdk = " \ - file://environment.d-python3-requests.sh \ -" +inherit pypi python_setuptools_build_meta SRC_URI[sha256sum] = "27d0316682c8a29834d3264820024b62a36942083d52caf2f14c0591336d3422" -inherit pypi python_setuptools_build_meta +SRC_URI += "file://CVE-2026-25645.patch" +SRC_URI:append:class-nativesdk = " file://environment.d-python3-requests.sh" do_install:append:class-nativesdk() { mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d From patchwork Fri Jun 5 22:33:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89404 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BF901CD8C89 for ; Fri, 5 Jun 2026 22:34:25 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6125.1780698856666820676 for ; Fri, 05 Jun 2026 15:34:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=TkoDaKu7; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-490b8ac62baso23651855e9.0 for ; Fri, 05 Jun 2026 15:34:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698855; x=1781303655; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=SdVOObmFUlPt/MEVUe4jd2fc/5b72zzOjbc7XnhuZH0=; b=TkoDaKu7GDGYRNgMwNvA1f4xp35FjpHbcs1zBpk3l/WTyD7tDpR0onYYs1HeCaaQVv K+sAjeeJvViEJWF86983IrvK5eqEtGI1xL6xFDX8XF788DFY5y/FYTVBD2dM96U54UfU usE4UqXfDIock+eqCilpnjTAOPhBPr3KPUMbk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698855; x=1781303655; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=SdVOObmFUlPt/MEVUe4jd2fc/5b72zzOjbc7XnhuZH0=; b=T1XkTdtG4v6XSomEjlKGXU4TD7xdd+Kors3WLE86RuCeRnuMoOgiRiDyCQCTttNOGv Z6FTPrXTTXTkIPs72LSxLOgs/7QwBlqOtH/Z6LP9xufvr04ZUfPoRWO9fWT6ArUQ7QEB 1CWtt2SlCbbGfmCC+wmzEDS5SF613YsXxTKm0b246Ss/Hu4LaGnVWXWIAL2X/XO3Esis caLjN05Qgz8U+GP5hEhmOpB4+YpmHagD28a0Wz+XJje1zrOvWXBjLqqEB758sk/zU9J6 qJf5gEeoIlsGmW9gI4vpXJdsMuwgShnIQQiOBzBX0VlKV1TSkvji9INaI1yU5jsn8xuL lFuA== X-Gm-Message-State: AOJu0YwrOdGWSS9xqYedwJxnd0LmLGnd6gicTD13RD4v6UJoiVJcJ7pc iBa6471E2XlV5DQ1N/6v20IQENyqBww2Kc3veJWHUDRqMKhIk6pN4hUAf1GphHHry6p98PDt/9t H8VbM X-Gm-Gg: Acq92OGvyE/Lo/0aDTjAmQcOlTCrXmsYvlZ9L4ASNOAnN8Akszh9hqQ+FP9PuLMe8QF OXDJneYMtLloBwjia8F7ZI+oLyOwcURNyJv80PmoxR4Kn9a+TalVgu9z+/+RiKM8DBnX2CIICsY 5bCeneUr8mz7FFpXK3ZeU+ugB4E/lYTWp5EHMHBiENiER/uZuGf2sjXCTjDSmhYAhh1BmNcDOV+ KJXE2Xdf36tGvfuTr2JxrSKEMY2tpH3+Msq/7KJxpkDNBZNi8CFzBmGwhXKPg+Wb+Ox9fzplsUP +qLZd6W/04ssvUq8DvvWPB9IaMQr3i87tsqNGc1LF2kJ1Ym8ruqi0p73BQ0lUiLPeuYl8MkFeIy +alVv2eRRODy9LkEZMZ+szYyM6IzjU4Db+Ym0R1LCeAe8I9znPqBInYDUDts1xGvXryIvjDiWxY hwWgDq3BzrFukp4TbAKxygcPNWQRDngAhAvSaaQj2KrFG4AAyVh8qkpY2QUmWaTvdv/83xV3ury wzrdxpA61LroXnw6PsqX/jcZzJihmrp136UAZo= X-Received: by 2002:a05:600c:4857:b0:490:55d9:149a with SMTP id 5b1f17b1804b1-490c2d235c8mr50427385e9.18.1780698855071; Fri, 05 Jun 2026 15:34:15 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:14 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 03/25] libssh2: fix for CVE-2026-7598 Date: Sat, 6 Jun 2026 00:33:48 +0200 Message-ID: <84d6cca01c9d36ec112e5eb4104437f63ad2aee5.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238190 From: Hitendra Prajapati Pick patch from [1] also mentioned at NVD report in [2] [1] https://github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-7598 [3] https://security-tracker.debian.org/tracker/CVE-2026-7598 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../libssh2/libssh2/CVE-2026-7598.patch | 60 +++++++++++++++++++ .../recipes-support/libssh2/libssh2_1.11.1.bb | 1 + 2 files changed, 61 insertions(+) create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2026-7598.patch diff --git a/meta/recipes-support/libssh2/libssh2/CVE-2026-7598.patch b/meta/recipes-support/libssh2/libssh2/CVE-2026-7598.patch new file mode 100644 index 00000000000..6b89cb71bad --- /dev/null +++ b/meta/recipes-support/libssh2/libssh2/CVE-2026-7598.patch @@ -0,0 +1,60 @@ +From 256d04b60d80bf1190e96b0ad1e91b2174d744b1 Mon Sep 17 00:00:00 2001 +From: Will Cosgrove +Date: Mon, 13 Apr 2026 11:18:25 -0700 +Subject: [PATCH] userauth.c: username_len bounds checking (#1858) + +Return errors when username_len will exceed bounds, fix existing bounds +check. + +Credit: +[dapickle](https://github.com/dapickle) + + +CVE: CVE-2026-7598 +Upstream-Status: Backport [https://github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1] +Signed-off-by: Hitendra Prajapati +--- + src/userauth.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/src/userauth.c b/src/userauth.c +index 0040c3f..588b83f 100644 +--- a/src/userauth.c ++++ b/src/userauth.c +@@ -80,6 +80,12 @@ static char *userauth_list(LIBSSH2_SESSION *session, const char *username, + memset(&session->userauth_list_packet_requirev_state, 0, + sizeof(session->userauth_list_packet_requirev_state)); + ++ if(username_len > UINT32_MAX - 27) { ++ _libssh2_error(session, LIBSSH2_ERROR_PROTO, ++ "username_len out of bounds"); ++ return NULL; ++ } ++ + session->userauth_list_data_len = username_len + 27; + + s = session->userauth_list_data = +@@ -307,6 +313,11 @@ userauth_password(LIBSSH2_SESSION *session, + * 40 = packet_type(1) + username_len(4) + service_len(4) + + * service(14)"ssh-connection" + method_len(4) + method(8)"password" + + * chgpwdbool(1) + password_len(4) */ ++ if(username_len > UINT32_MAX - 40) { ++ return _libssh2_error(session, LIBSSH2_ERROR_PROTO, ++ "username_len out of bounds"); ++ } ++ + session->userauth_pswd_data_len = username_len + 40; + + session->userauth_pswd_data0 = +@@ -447,7 +458,7 @@ password_response: + } + + /* basic data_len + newpw_len(4) */ +- if(username_len + password_len + 44 <= UINT_MAX) { ++ if(username_len <= UINT32_MAX - password_len - 44) { + session->userauth_pswd_data_len = + username_len + password_len + 44; + s = session->userauth_pswd_data = +-- +2.50.1 + diff --git a/meta/recipes-support/libssh2/libssh2_1.11.1.bb b/meta/recipes-support/libssh2/libssh2_1.11.1.bb index 49da9698a32..2284d054b10 100644 --- a/meta/recipes-support/libssh2/libssh2_1.11.1.bb +++ b/meta/recipes-support/libssh2/libssh2_1.11.1.bb @@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=2fbf8f834408079bf1fcbadb9814b1bc" SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \ file://run-ptest \ file://0001-Return-error-if-user-KEX-methods-are-invalid.patch \ + file://CVE-2026-7598.patch \ " SRC_URI[sha256sum] = "d9ec76cbe34db98eec3539fe2c899d26b0c837cb3eb466a56b0f109cabf658f7" From patchwork Fri Jun 5 22:33:49 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89406 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2481FCD8C8F for ; Fri, 5 Jun 2026 22:34:26 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6126.1780698857138746666 for ; Fri, 05 Jun 2026 15:34:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=OqT/hpMH; spf=pass (domain: smile.fr, ip: 209.85.128.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-490b4a8e28bso19684005e9.1 for ; Fri, 05 Jun 2026 15:34:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698855; x=1781303655; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=oEv8NpQ/qwibSsYTKBX0Nvv3xvFl4LCRtXEk9djm7G4=; b=OqT/hpMHd6dvhXwoIYtRuECoc+PsKl92qPZXM6SSDmkOuQmk43w5Rii/b0vlagHDCL 3yHKLv7HpyZYuCeYkTsci3t4RVcJh1cxLwJfGQmJ66UlDXo7I7UQ51PCKD1eRXZm/eB3 zJkv0izWOOA3i8+y/OzxCOms7tSuOojRU33ms= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698855; x=1781303655; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=oEv8NpQ/qwibSsYTKBX0Nvv3xvFl4LCRtXEk9djm7G4=; b=VSqVAahVyZuucH6axKDIy2XlmNzufLOK7rKfBrnMqjufiXvrvE6Uad7QsWEGTdt6PI nzdMYPryz/TVHL2SH7pjx/siKE39JojZBwZVjwxhnmQxLRlmjs2E0kOPLSQ/TsoVIDdY otWEqkC6T/Qqhg6YOEHqED1i5ufoaWjxXMyC8waM5443MXRwDhGsWS5oYCB9s1LwipuR rNBv0D9ZN7ivTl3x/pd8I3uKVF4MIVzKj3NWWLw5YVk21Hozmz7ph+mWlPPaiMrDULWm Z5KlOw99zu0GegsmYmIJvNRAGKrS4+abZtGKboRN5rnlT+cGJXYqP8yRu+pRVcKsikVp ZxKw== X-Gm-Message-State: AOJu0YwHD/b3RoqohVlVr3yOfv1S2CyHcUuJAeABPm3IriIkcDAj3lFZ ZvfgC9T3ilstVWS6OgUExBCSw8rFc2ZH93vYGhgJFwIo90fQETvzKx11bCQoxqoczJp1cxx3j2I xkDjh X-Gm-Gg: Acq92OEj4TOxlcy64vlHlu5G5pueeDpYQ3czagd+AM5EMSZ/4Ls4wMjJiKrJJQNkCC9 izK66abxequ7kXrfER1DEgm+BcHgIZ/nVwVQlMsG9Ykky1co4AWx2NSCIVPTKlte4FW6I0l/DU/ wN1u38qzX+X3tM0vYQfvXFms+6Klr47twb7m1gmRaKf+wx7ZYGryQSJdWapikQK4ssqlwhOC/he RfuQeJeyDhxiZ23EuG9xmNAa7upwWuE8NasECnWV8zrUn8/EV1gC2rmC1Rn94AwYFwMcHVjTngQ Jm3TElmX3Uj0CEg24EJWLyB0KQEjYylRMSAUBGrHDN13d4RfSf+GkPm0K1DB5iYN7iylbnrSBb3 uhGRZy4qTfJnLqYuGisCuo78ZsT1CAkE30ByiLgzojO0IXoeK3YjZgCo2c+5pR9+UPdUdoF1rar q1kA+Rg2hQplzbwhd49QmchbKZlhF2VgqrmOno9uNbA0/0pZinOjBkiBU8QaQsmAtMAmh4JItHP cATFfAxpS+u/flsVpMFbE20R3lnGOu3Ci2QoSQ= X-Received: by 2002:a05:600c:19d3:b0:490:48df:2793 with SMTP id 5b1f17b1804b1-490c25fa410mr95231455e9.26.1780698855521; Fri, 05 Jun 2026 15:34:15 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:15 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 04/25] systemd: update musl specific patch to apply Date: Sat, 6 Jun 2026 00:33:49 +0200 Message-ID: <0e66eb22a34e17939cfdaf5cdad84361b7f18e6e.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238191 From: Martin Jansa It doesn't apply after udev-builtin-path_id.c was also updated by CVE-2026-40225-01.patch in https://git.openembedded.org/openembedded-core/commit/?h=scarthgap&id=fc2d33dbb2d5180b77c10865156db342f9d582da causing do_patch failure for scarthgap builds with musl: Hunk #1 FAILED at 39. 1 out of 1 hunk FAILED -- rejects in file src/udev/udev-builtin-net_id.c patching file src/udev/udev-builtin-path_id.c patching file src/udev/udev-event.c patching file src/udev/udev-rules.c Patch 0003-src-basic-missing.h-check-for-missing-strndupa.patch does not apply (enforce with -f) stderr: ') ERROR: Logfile of failure stored in: /OE/build/oe-core/tmp-musl/work/core2-64-oe-linux-musl/systemd/255.21/temp/log.do_patch.215528 ERROR: Task (/OE/build/oe-core/openembedded-core/meta/recipes-core/systemd/systemd_255.21.bb:do_patch) failed with exit code '1' Signed-off-by: Martin Jansa Signed-off-by: Yoann Congal --- .../0003-src-basic-missing.h-check-for-missing-strndupa.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch b/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch index 715a0c7ec83..41db643258b 100644 --- a/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch +++ b/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch @@ -655,10 +655,10 @@ diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c index 91b40088f4..f528a46b8e 100644 --- a/src/udev/udev-builtin-net_id.c +++ b/src/udev/udev-builtin-net_id.c -@@ -39,6 +39,7 @@ - #include "strv.h" +@@ -40,6 +40,7 @@ #include "strxcpyx.h" #include "udev-builtin.h" + #include "utf8.h" +#include "missing_stdlib.h" #define ONBOARD_14BIT_INDEX_MAX ((1U << 14) - 1) From patchwork Fri Jun 5 22:33:50 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89414 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73D0CCD8C90 for ; Fri, 5 Jun 2026 22:34:26 +0000 (UTC) Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6127.1780698857652095400 for ; Fri, 05 Jun 2026 15:34:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=UnRMP0/B; spf=pass (domain: smile.fr, ip: 209.85.221.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-45eea68dd6fso1269050f8f.2 for ; Fri, 05 Jun 2026 15:34:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698856; x=1781303656; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=3WKJQI6dfIZf3WHgLbBg0IdM6mCurlDlaa9hePjdGLs=; b=UnRMP0/BdOd6D4xnzFScCk/MybUVuL5CpQkaYOds0YKIJxmYjoCrVlDz+T9+KouF5+ q0pedyH/bgfz41awjDfBW1lWYCqnhnkzWpRpkaVG0CPN8vf9fkJP7JQ1cAbMBIthPT0G /aPJJQcuGlLoAG9QWqxc+0vtDbHtZiyd73COU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698856; x=1781303656; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=3WKJQI6dfIZf3WHgLbBg0IdM6mCurlDlaa9hePjdGLs=; b=frGZpUzv6c1GsIuxzEa8VV4D0piXo9rXZTBPDcItAOzYjK5HrijWcUC6kSgJConBht FCG8gFhdnNj+Z4xLD6f7FWlXqqac7/Z0hTtVcZDAFbkLLZxRzeABfVVxLlqilpT4NVHT tEbg28nsBYepn9QOXJ+LWxTwr1mwF1N1Pvm/fAZP6dESTwucLPDclF3imRWb5DZpOvH3 N1dVAwZadBY02qhoG1XAbHG4CHgDzy693X0nhqAuRVCFd7DDotB1IXpwGRLwAyugAdLv Gd9gSCEEp1rbxT8hLu5mMjGsXqJR716yE5Gpogpvby8kegw4J5RM6pN9cvM3/Hw2949Q uQ/g== X-Gm-Message-State: AOJu0YxLAZH9mkTtICcXyewZZg2YerbYX9wkO/V+2B+37pVmZyfpwK9D wilcgNHwlQMOYfKIKrKJnMEF6dqW0UOA7f9hFEuEP1PryoIbzgTw53McNd8krTO8BGdVn9kpJLa 3uKq/ X-Gm-Gg: Acq92OHkBG591x7mBpOHNbetAEdH3ZBuH9WCi1inP2IhVZecSMUZ1gbIs/jH+CRY8z3 n618fXgBcRj0paIR/xYOljOL37wtDIa67YnEJx2JfJbsFh8wkZuQuG+hXEx49HoIJJOBTYduhoR jnG1+2lrP7/aFcBzYaeFFn8S4sqFdsVBgrWR0CS2pHD0SlQAGWWpMwu/SWcSc2qhmAg3Z2P2kpA Ew9cTph9yFBvStElmu4KfLtYg0wmikpXOjvLuYeaVMBsXbbBMGJiKfaZse2sstU7WiDnKB1mGrh XX5JAmc+82yBvy6OtitmhmlZ7GzGhICOr6DOuXan2ziH7ISgI8RVRsOffpV94N1XcEQ/oZdPT9M wKcvblYGb4c9Cq259jZMMSgLo6fD1IFOHVwcWM67ucmUq+WCsO343a0ujloCiRD3EJtCep8UcVh T6ys8G/0YffSHjHfoR0CBvjc3fAZ92WwOwjy0GJJdFcXowwezt0f/gCan0jP7/vFlVFuJ0yIUZP 1gCGJ6d4f0CiJq+QUWg99o1BFCablwZwVALCCs= X-Received: by 2002:a05:6000:1284:b0:460:2d45:fe8c with SMTP id ffacd0b85a97d-4603063e7c4mr6676704f8f.38.1780698855978; Fri, 05 Jun 2026 15:34:15 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:15 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 05/25] go.bbclass: change GOTMPDIR to improve reproducibility Date: Sat, 6 Jun 2026 00:33:50 +0200 Message-ID: <1b08bf9296fb6583234933b22b67b851591610a8.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238192 From: Changqing Li When cgo is enabled, the Go toolchain writes temporary source files (*.c) under GOTMPDIR and compiles them there. when -trimpath is passed to go, Go passes options such as -ffile-prefix-map=$WORK/b387=/tmp/go-build internally to the GCC instance it invokes. The variable WORK is a temporary directory created under GOTMPDIR, refer the following log: [snip of compile log] WORK=/build/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/build-tmp/go-build377321751 cd $WORK/b387 TERM='dumb' x86_64-wrs-linux-gcc -m64 -march=x86-64-v3 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/recipe-sysroot -I /tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/sources/buildah-1.41.5/src/github.com/containers/buildah/vendor/github.com/proglottis/gpgme -fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=$WORK/b387=/tmp/go-build -gno-record-gcc-switches -v -D_FILE_OFFSET_BITS=64 -I $WORK/b387/ -O2 -g -ffile-prefix-map=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/sources/buildah-1.41.5=/usr/src/debug/buildah/1.41.5 -ffile-prefix-map=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/build=/usr/src/debug/buildah/1.41.5 -ffile-prefix-map=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/recipe-sysroot= -ffile-prefix-map=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/recipe-sysroot-native= -pipe -v -ffile-prefix-map=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/sources/buildah-1.41.5/src/github.com/containers/buildah/vendor=/_/vendor -frandom-seed=TZkSPVSBUvDMjg4wKjWS -o $WORK/b387/_x004.o -c unset_agent_info.cgo2.c [snip of compile log] OE also passes its own DEBUG_PREFIX_MAP to GCC(finally by CGO_CFLAGS), including -ffile-prefix-map=${B}=${TARGET_DBGSRC_DIR}, where B is ${WORKDIR}/build. Because GOTMPDIR defaults to ${WORKDIR}/build-tmp, the Go temporary directory looks like ${WORKDIR}/build-tmp/go-buildXYZ. Its prefix therefore begins with ${WORKDIR}/build, so GCC matches the DEBUG_PREFIX_MAP entry for ${B} first. As a result, a path such as ${WORKDIR}/build-tmp/go-buildXYZ is rewritten to ${TARGET_DBGSRC_DIR}-tmp/go-buildXYZ. This breaks the -ffile-prefix-map option that Go itself adds, because the original WORK path no longer matches the value Go expects. Since Go creates go-buildXYZ directories randomly and internally, this causes the build non-reproducible. This patch changes GOTMPDIR from ${WORKDIR}/build-tmp to ${WORKDIR}/tmp-go-build so that the path no longer matches ${B}. This prevents unintended replacements by OE's DEBUG_PREFIX_MAP and restores reproducibility. Note that pure go program like go-helloworld under OE will not have this issue since it doen't use cgo, it is reproducible without this fix Signed-off-by: Changqing Li Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (From OE-Core rev: 0642d2323072f561a4d0eeb9266213387b2997fc) Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/classes-recipe/go.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes-recipe/go.bbclass b/meta/classes-recipe/go.bbclass index d32509aa6d1..61b08a082f7 100644 --- a/meta/classes-recipe/go.bbclass +++ b/meta/classes-recipe/go.bbclass @@ -77,7 +77,7 @@ B = "${WORKDIR}/build" export GOPATH = "${B}" export GOENV = "off" export GOPROXY ??= "https://proxy.golang.org,direct" -export GOTMPDIR ?= "${WORKDIR}/build-tmp" +export GOTMPDIR ?= "${WORKDIR}/tmp-go-build" GOTMPDIR[vardepvalue] = "" python go_do_unpack() { From patchwork Fri Jun 5 22:33:51 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89405 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3627CD8C8C for ; Fri, 5 Jun 2026 22:34:25 +0000 (UTC) Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6128.1780698858113820525 for ; Fri, 05 Jun 2026 15:34:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=kUIp8Y3y; spf=pass (domain: smile.fr, ip: 209.85.221.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f47.google.com with SMTP id ffacd0b85a97d-45fe59255beso1248582f8f.1 for ; Fri, 05 Jun 2026 15:34:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698856; x=1781303656; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1b/RWT3CX6pFso51GLtSDgLZ131ZkGjJOMO4Ap/vdW4=; b=kUIp8Y3yHDpxT5/RMlbfrl3Y5AR9vZzAZuYadIbEyvq9e317txBDlLkR/iZlzmFu2G ESMwAk2VSIjsi8pRhoRUwSF2gqEYTOFM20aeCAtWuIrkED9Mm9IGR9y/gYwhnZ8jSyEh ABLtn+m9kou69ExyucHRv/eGsAOSzRLUIDf2s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698856; x=1781303656; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=1b/RWT3CX6pFso51GLtSDgLZ131ZkGjJOMO4Ap/vdW4=; b=KlqbUDpTanp/3v2kQ88/BgUS4WMQm9HaxHCV/TOl6lMFETf4sOwYeUM2kNRrUtD/la ++yTwTt0LJDK3PCJaHhoSzWnPt726NKItX1zymuYALqOs2dBxqTB3eNz7I3/KXQs6G9a MzKa7pZjB/PKPnUnwy7beUQwpjW4eX4dIcXosSg/TVNHMecFrWiz8nd7z7P8flNyS5bw 0JKrOp+i6jaSd+UMlo1ty6Akz7JXWhxCJeP11NYTYX634bfMktbpjS+DnuldukUbjA1r q9ayb/U5SVyswW3wdEHALuVjPs6GzPY28b4QLV/iHocGwZpZWhAU+PfR2Y3NEOohtI+P NHcw== X-Gm-Message-State: AOJu0Yzo5Ol1PDo5HdGNpcgy+QwHdPLoJlBUaxknSzSp1wXb5rDKDJ7S Emu3d6ZTCfaAFeQ/HNsHlAFKf6GlZVQBoxRC/sz6K9TU+kxIbgmqHR+G67R0JnA0Cgadq5j8R2M FrfNX X-Gm-Gg: Acq92OFSbFz5EZUae9RenrbpBxf3AZk3hL61tY5vNYA8ivW2XiPKg0DH9ndga8VEU+L 6Y9CYG4DAJm2KE4tgsfhHHx8+GAssUMd5/B4hgVGQVAONLZX2CXLqJfJ4LB10vnZIajreFt18bl QkmDIO19FQjwxo21oTt+Sd2Gyw4alD026uLyyOmIyG7X6tBjWVn/6ehY3wLW26qD3LiTHGib7Om +WdNtk2aHHrFadZJc07LVnB55kkPIqHBvJoT0een6IvPNMqNedVwtmKnZJckxNUbIKtP7/X73tZ w0sSnGcPma1js2kg/s//8EVGbOtl863PaQODMsZkXHM7dWAo1SUiPi9c4w37fumNEDIW8ohOXCJ PjD3gt8Xvu7xNong4JDOQ6+92sO9WzDm3VAW+xQC3F0aiDNTHqYzj4rUuh91h48O1YLRipcyLO4 eKonKBxwbYWx4pTqJZZEs9NWnQOtS1uvzfHGglBXUSrzhfG7TzsQItkDGkkysiTc6uFmQrxnHE4 X0N8e1BOMeuxTvizEs4Kr0/P0KOMOkDFxpWBYo= X-Received: by 2002:a05:6000:54f:b0:45e:8547:f21e with SMTP id ffacd0b85a97d-4603063c06amr7849205f8f.36.1780698856430; Fri, 05 Jun 2026 15:34:16 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:16 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 06/25] go.bbclass: disable workspaces Date: Sat, 6 Jun 2026 00:33:51 +0200 Message-ID: <9538bcefab6881805d60d9f362e0b70996b5e2f9.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238193 From: Peter Bergin go has a feature of workspaces [1]. If there is a file called go.work in your working directory on any of its parent directories that will be read and used during build. For OE where the builds shall be sandboxed this is bad as a workspace file outside of the build environment can be picked up. This commit wil disable that feature according to the instruction in [1]. This was found and introduced build failures when a file go.work was in the parent directory outside of OE build directory. [1] https://go.dev/ref/mod#workspaces Signed-off-by: Peter Bergin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (From OE-Core rev: c52c5e88626968b08510818f09829f2e1c9f94ae) Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/classes-recipe/go.bbclass | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/classes-recipe/go.bbclass b/meta/classes-recipe/go.bbclass index 61b08a082f7..36103e8eb0f 100644 --- a/meta/classes-recipe/go.bbclass +++ b/meta/classes-recipe/go.bbclass @@ -22,6 +22,7 @@ export GOARCH = "${TARGET_GOARCH}" export GOOS = "${TARGET_GOOS}" export GOHOSTARCH="${BUILD_GOARCH}" export GOHOSTOS="${BUILD_GOOS}" +export GOWORK = "off" GOARM[export] = "0" GOARM:arm:class-target = "${TARGET_GOARM}" From patchwork Fri Jun 5 22:33:52 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89401 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC41DCD8C8B for ; Fri, 5 Jun 2026 22:34:25 +0000 (UTC) Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6129.1780698858725687011 for ; Fri, 05 Jun 2026 15:34:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=TYRLyneu; spf=pass (domain: smile.fr, ip: 209.85.221.53, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-45f3cf907ceso1119646f8f.2 for ; Fri, 05 Jun 2026 15:34:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698857; x=1781303657; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=qn5pM0pvCd+jTHAsFALwTqtFiTQj65/tBKpG0bHFZUE=; b=TYRLyneuM02uChJqkNgzCERHwZWbxFgVaJQbVVOyfrFfkzh5s6Pd8fzpsR4PNXZgW9 Vm6KxSxzo1t6RX9eexjkDAMsmU6DHZGI5z5lJefoS+5L5L9m5XdZKQqyRF4aVfyTkBQC Z4gyxCcLXujz9K3glxheOc8OXxbSjsCkV9VyQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698857; x=1781303657; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=qn5pM0pvCd+jTHAsFALwTqtFiTQj65/tBKpG0bHFZUE=; b=E5OlulxdFSY58BHWhqK1BnM+GjpLjKHOrGrfsoF5Mz3RcuaIipCMab6D0orQTSf6Ee qtwUgCNOgHiuCeD0VbtDmsdZPRstdqRVkrpOyiFHFw3ruCuZ8Odnklgi9oW9QR90zb4I nySSpfhoieoAlAlf9iul7zoWAOYtEgIp9DSWVkk3jna62hbVBcvMMtDUY0+jEzO533ei 4abutpqKtrm3tb6ZjXlPz5eVoC3s0/PsNhX91pCxgDVpsPkCud7zHCCitetRoHopvhRe 8ha2XzWXo7Rtsj8J4cPVeJXphqe7umSxeW+JIfGAYMyimzK7ACNkjmMFSolysgBRMdiv vjpA== X-Gm-Message-State: AOJu0Yx4FYhIUIApYT/PfPkeqTbIjnsteIgtAh1UmUOQLcCNIuKwa1iE tFPHPPBhpFqR4/+omVJHWXqeEycnlLFqR/myDJYT6laEr+4sis+v1Ai/a/B+nHSVB0T1ULmt3qY Zh43m X-Gm-Gg: Acq92OG+p//BLIgPRQ35vK41nxWeg0I7zhmDZ9b9hxJ3Cnb7DBEivR7hHoM8lEOA1G4 glkJznbAkweWxwbsqkVJbVpoAodI3VHcL8gGrZmj7ytnwzoghp1GekNxvM53gykF3Owe6NwGQhY RqsqjYg9EyONKdoczVUMQifegMxT7tIAIB53ls4I2Q+a1VxEyladmPDYDvXBqWyJxeyXrP0OTCz PTfi+50ycA/2ewfeaFyHx+I3elTBNtlzDmr2W8qjhbYnEXpSE7+EH8FaDEF/ZndInA+VaHLqjZm YRHPRjWRT5QoETZL+fP00GE8PVyuHoUM6Miou3S/1XtRyxIUsSS6fCwCK8lQpxV3hl33VDAorgw oXpW8QgPE+oEIfL+QcGIJYhoqkcEt6vl520sH+glXvMXk6J/8dTWIE4nqGdq88UWiTCnH7l7F1L 3hjWQSEbMTumb4w6e1vyXhlsypxAd7DJSOLDnSnqxvzjnzKIU5AvMH6xwMoW8dLS5jz6ik6F6cN xse2hfIBSOy9DuojGVuZ0ezQ8iSWgsvhUWxWWc= X-Received: by 2002:a5d:4688:0:b0:45e:da9b:97d6 with SMTP id ffacd0b85a97d-4603061e47amr6814852f8f.27.1780698857044; Fri, 05 Jun 2026 15:34:17 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:16 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 07/25] oeqa: runtime: go: Increase test_go_compile/test_go_module timeout Date: Sat, 6 Jun 2026 00:33:52 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238194 From: Mathieu Dubois-Briand These tests tend do take a bit of time, and this is probably why they have been seen failing a few times in the past months. Rising the timeout from 5 to 10 minutes appears to help. Fixes [YOCTO #15999] Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (From OE-Core rev: 998ebfc77db4c8d7567d82560595e0994a310ae0) Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/lib/oeqa/runtime/cases/go.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/lib/oeqa/runtime/cases/go.py b/meta/lib/oeqa/runtime/cases/go.py index d4b69438a56..0c9c4ff4cd3 100644 --- a/meta/lib/oeqa/runtime/cases/go.py +++ b/meta/lib/oeqa/runtime/cases/go.py @@ -35,7 +35,7 @@ class GoCompileTest(OERuntimeTestCase): self.skipTest('go command not found, output: %s' % output) # Compile the simple Go program - status, output = self.target.run('go build -o /tmp/test /tmp/test.go') + status, output = self.target.run('go build -o /tmp/test /tmp/test.go', 600) msg = 'go compile failed, output: %s' % output self.assertEqual(status, 0, msg=msg) @@ -65,7 +65,7 @@ class GoCompileTest(OERuntimeTestCase): self.assertEqual(status, 0, msg=msg) # Build the module - status, output = self.target.run('cd /tmp/hello-go && go build -o hello main.go') + status, output = self.target.run('cd /tmp/hello-go && go build -o hello main.go', 600) msg = 'go build failed, output: %s' % output self.assertEqual(status, 0, msg=msg) From patchwork Fri Jun 5 22:33:53 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89400 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6D02CD8C8A for ; Fri, 5 Jun 2026 22:34:25 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6271.1780698859340924576 for ; Fri, 05 Jun 2026 15:34:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=qpVA+ntU; spf=pass (domain: smile.fr, ip: 209.85.128.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-490a76757e5so16059825e9.2 for ; Fri, 05 Jun 2026 15:34:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698858; x=1781303658; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=2ooRbKafcxzqlxsY+jhqg4Ulxsi3BhhTNMuP+9StfRo=; b=qpVA+ntUGveKztlLf1pOqxInY/Ss0x9B4K0aLNlrrO+DYMhOlIq7vp/5Cn5RGgeETV 0hRqe1E/8A+LDpdP2qYrpSeKPz+tfZyxoFo8TrY0PIeB/H3rPudN0v8XqKGbOLjYJGd9 R/E9xGMbsK/O0y4V13OivwTEnvR+QEOnAS0wg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698858; x=1781303658; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=2ooRbKafcxzqlxsY+jhqg4Ulxsi3BhhTNMuP+9StfRo=; b=joUmAjLfM+cwmqzA1lvVtSUvzjtPaj2teWzt32m8X3GHtRJVmJz1OBSlhhaWY91ejH wNXi8WZX5Nwz9xgYTmTs78Qyw2kdFGwKZTi11IcEERO0ShrLgg5ZZSRDn6KOTFwBEhv4 upHbxoZMTCxYVd3EU22ZSp3WUSwHnRIqq5q4iRbllTCUN12/nzVmh5/GZbxwC7foCACQ ZxQRfB6K9idYTdeQr3XkuwfwPlQljYhkpnipiUzACMhhrQD0V2GV4Z8Sww9oPS23YcZ1 193UAPxvoOFiUnBodUSJ8gZvFOi+NaVfh72T0n2Db0ClsoX1o8IfKUBGRgCN9SxAST7A 2MaQ== X-Gm-Message-State: AOJu0YyjKdbYX8SPCIaEHLcEyBP8FNlYNxIHpE1SBK0F6S8dMIpVQC+/ IOMl5Or/cGu6xHN/EVL3xohh32certY1tHSFTa6KdKCUB7YDZC3lvf5Gy7ocKXhxTTULrIqawhx blzEi X-Gm-Gg: Acq92OHcXTBcnskE22byxXwVyxqupnnYM1uNT8SouB0baxh5G4JNN7q0+HcxnImnz1S C1l+30UM+Yka1U4kdeckp5l5Mawt9oNm1piR47C+o+piGK3PW/VaoQyf/EXQ6RC1McmZ0W6cd7S AXZamL5bVs8Btc6ta+PrWSb6yxvuGF7G5nz40hz2xFMm/mRMq4ZZ9iuUMS1FROXrFSZKk1B3v9Q K+3VbPXw7e6cSOIUoo2EdqRoXDLmt27uKu0s4ws8IzvHW1XxwtcT2b4KhqV1+xITR8m2BxAnQ+Z R4r/x5h7BJixNTpOsdNpJsL/qQCwA4+WF/ZmoAFu/23nEwf97ShTiFbc/y7s0tKaVeqdorCc14N UdR/HsXiNxYUdbUrxCZTE/oKlLlEus3T2WLjwGbWtXKcKJzVWVF6i5WFqKcVfz1IvUohaYwsQj9 w7XNcvqXYNH75UvfgrYArXwxtLD6wDwwjSmVLCmkAZJTqYrBrChGN5mWL1RCTlt4nulExFkYaT/ Wwa/2TBd/NmY8YXc9TbFxNT+8yFEfEq/TjuHW0= X-Received: by 2002:a05:600c:4fc6:b0:490:51e9:deba with SMTP id 5b1f17b1804b1-490c2615a5cmr90028815e9.27.1780698857722; Fri, 05 Jun 2026 15:34:17 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:17 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 08/25] lz4: Remove a reference to the rejected CVE-2025-62813 Date: Sat, 6 Jun 2026 00:33:53 +0200 Message-ID: <99706716626324605c049a9130f705f2090a9f91.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238195 From: Benjamin Robin (Schneider Electric) The CVE-2025-62813 is rejected so do not reference it anymore. So keep the patch but without referencing the CVE identifier. The CVE database indicates the following reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Signed-off-by: Benjamin Robin (Schneider Electric) Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 9c840a69b62a5fdffb3679a44d68dd5630b2916c) Signed-off-by: Deepak Rathore Signed-off-by: Yoann Congal --- .../{CVE-2025-62813.patch => fix-null-error-handling.patch} | 1 - meta/recipes-support/lz4/lz4_1.9.4.bb | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) rename meta/recipes-support/lz4/files/{CVE-2025-62813.patch => fix-null-error-handling.patch} (99%) diff --git a/meta/recipes-support/lz4/files/CVE-2025-62813.patch b/meta/recipes-support/lz4/files/fix-null-error-handling.patch similarity index 99% rename from meta/recipes-support/lz4/files/CVE-2025-62813.patch rename to meta/recipes-support/lz4/files/fix-null-error-handling.patch index bbd0f74541a..14019360343 100644 --- a/meta/recipes-support/lz4/files/CVE-2025-62813.patch +++ b/meta/recipes-support/lz4/files/fix-null-error-handling.patch @@ -8,7 +8,6 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upstream-Status: Backport [Upstream commit https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82] -CVE: CVE-2025-62813 Signed-off-by: David Nyström --- diff --git a/meta/recipes-support/lz4/lz4_1.9.4.bb b/meta/recipes-support/lz4/lz4_1.9.4.bb index 8c96f9bab42..a8ce3cec090 100644 --- a/meta/recipes-support/lz4/lz4_1.9.4.bb +++ b/meta/recipes-support/lz4/lz4_1.9.4.bb @@ -14,8 +14,8 @@ SRCREV = "5ff839680134437dbf4678f3d0c7b371d84f4964" SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \ file://run-ptest \ - file://CVE-2025-62813.patch \ - " + file://fix-null-error-handling.patch \ +" UPSTREAM_CHECK_GITTAGREGEX = "v(?P.*)" S = "${WORKDIR}/git" From patchwork Fri Jun 5 22:33:54 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89408 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8161CD8C8D for ; Fri, 5 Jun 2026 22:34:25 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6131.1780698860014996954 for ; Fri, 05 Jun 2026 15:34:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=MSdNI+08; spf=pass (domain: smile.fr, ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-490b43e2b95so19845115e9.0 for ; Fri, 05 Jun 2026 15:34:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698858; x=1781303658; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CzrB7tTF/l+zWrGvBK/zJ9ARoMXlFIkZL0ZaVrGEDws=; b=MSdNI+085PsYVSBBZOcNxU26C3iYUok7DE6rOCVtoq/TpdBZzt9Y+COJW5hQHQGhJT 0IjkZ/rKSeqnOZPQ8D8xvAmGcx9eurcWcGAsDWnAgwT0bwuk4zB2UtHCeZNk+Cs6eEr1 020hrsinyDgM6W1kQQiO77IZY4WL7uF+D4t5k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698858; x=1781303658; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=CzrB7tTF/l+zWrGvBK/zJ9ARoMXlFIkZL0ZaVrGEDws=; b=lQGqijw8g7TnJaNB9llC8A1XuXjLadvhZwX2paSeVbVNTkbUS9RAceeI1QtOQ6WAvH f7chGVhBMDC4Toqi6QwGT7x5mKP8yiHD7ptFOpD/+tiTovh0O/QPy1esZsQNO9RjkAgc BIqQLqCkno1+WE0derRHbdU1c8Qs5zZnSdBQSvh1z6HD0QQDtm8LLux4p92z3jL1lnxU 0rlSI56XNXtLufLtSuCppwSY3ioS/sn0xvSkIRB3DPoyCTZWgGmJbM4fK+oQOspU2hD8 Y2K5VnrH8Cawl/riCD+TnEygFtD1E1328beaK2wbwYgCE2xt9KZEd4ZKnTvTm2fC5l80 bRNA== X-Gm-Message-State: AOJu0YxHgMCRlbwGMN4FUsZgqO2FGW+Qact3qlRB97O3tAPrtqU6E1PS Pzm0xx46ATKfI52VcdrjF7qhep3AaLv01WcQj+KecRErNlcOLoPjhRdvGBWGfuL6JXw/9ZXc5LG Pxa1f X-Gm-Gg: Acq92OGLqZLsiYuyDz9BLD+N3cFBElKf+LAFbfX7nC7gl8jQlaO6saCRyMcqQYlGbco FaSpq/5c1V4VISDX2l22W1OuCbwxh6sWpBOVLq2yvuMSY4JBOnx9YRj4JbgqSyzvlbngPVYw9Aa XN5ISYesZF4/IRZUzOCacjFjqV6v0+qra0JG3RW2Jd2WNyq5dkx5ag3llkvasktPMqRAd/Nkfq8 cFbdvHRrb2zOXhGGhp6pKQArjnbZcIZ/db3P8SAgNmWSCXm1uQ5ko6HdF6+Z3vKIpPY0Zgg827c COxtAGXVkHvvc50xVv0v9nmGfymzIXRiQcRIy1VhaUDIm+wARC4pojLxs9dZ0h4lSpragw5FBws ysKKHaPCZkaMOExXQuImIcVd9W9KUmSxailq+O3sjZtZhlAA5nZKZY1DeFaT+McO9lMv6g1VO+9 r08exyYH8Z3FYc82N6nOo9bx4mt+lNNEbv0eLdCS5lUPhJJs8aeW+Z3++MXTsOkcb0bX0/Aa/VG j8ULiBSpTmKQLsWjZlPWHxIkDbpJzukeaObonBCfYRb6jfeOQ== X-Received: by 2002:a05:600c:6219:b0:490:388f:1c0d with SMTP id 5b1f17b1804b1-490c2591fe3mr89897475e9.5.1780698858254; Fri, 05 Jun 2026 15:34:18 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:17 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 09/25] libexif: fix for CVE-2026-32775 Date: Sat, 6 Jun 2026 00:33:54 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238196 From: Hitendra Prajapati Pick patch from [1] also mentioned at NVD report in [2] [1] https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-32775 [3] https://security-tracker.debian.org/tracker/CVE-2026-32775 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../libexif/libexif/CVE-2026-32775.patch | 86 +++++++++++++++++++ .../recipes-support/libexif/libexif_0.6.24.bb | 1 + 2 files changed, 87 insertions(+) create mode 100644 meta/recipes-support/libexif/libexif/CVE-2026-32775.patch diff --git a/meta/recipes-support/libexif/libexif/CVE-2026-32775.patch b/meta/recipes-support/libexif/libexif/CVE-2026-32775.patch new file mode 100644 index 00000000000..24935884430 --- /dev/null +++ b/meta/recipes-support/libexif/libexif/CVE-2026-32775.patch @@ -0,0 +1,86 @@ +From 7df372e9d31d7c993a22b913c813a5f7ec4f3692 Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Mon, 9 Mar 2026 10:02:53 +0100 +Subject: [PATCH] check maxlen to be at least 1 + +maxlen-- on 0 will become a high value. + +Fixes https://github.com/libexif/libexif/issues/247 + +CVE: CVE-2026-32775 +Upstream-Status: Backport from [https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692] +Signed-off-by: Hitendra Prajapati +--- + libexif/apple/mnote-apple-entry.c | 2 ++ + libexif/canon/mnote-canon-entry.c | 2 ++ + libexif/fuji/mnote-fuji-entry.c | 1 + + libexif/olympus/mnote-olympus-entry.c | 2 ++ + libexif/pentax/mnote-pentax-entry.c | 1 + + 5 files changed, 8 insertions(+) + +diff --git a/libexif/apple/mnote-apple-entry.c b/libexif/apple/mnote-apple-entry.c +index 6740d8e..337e51b 100644 +--- a/libexif/apple/mnote-apple-entry.c ++++ b/libexif/apple/mnote-apple-entry.c +@@ -43,6 +43,8 @@ mnote_apple_entry_get_value(MnoteAppleEntry *entry, char *v, unsigned int maxlen + + if (!entry) + return NULL; ++ if (maxlen < 1) ++ return NULL; + + memset(v, 0, maxlen); + maxlen--; +diff --git a/libexif/canon/mnote-canon-entry.c b/libexif/canon/mnote-canon-entry.c +index 52a7077..372fcdf 100644 +--- a/libexif/canon/mnote-canon-entry.c ++++ b/libexif/canon/mnote-canon-entry.c +@@ -559,6 +559,8 @@ mnote_canon_entry_get_value (const MnoteCanonEntry *entry, unsigned int t, char + + if (!entry) + return NULL; ++ if (maxlen < 1) ++ return NULL; + + data = entry->data; + size = entry->size; +diff --git a/libexif/fuji/mnote-fuji-entry.c b/libexif/fuji/mnote-fuji-entry.c +index add7086..dd33900 100644 +--- a/libexif/fuji/mnote-fuji-entry.c ++++ b/libexif/fuji/mnote-fuji-entry.c +@@ -199,6 +199,7 @@ mnote_fuji_entry_get_value (MnoteFujiEntry *entry, + int i, j; + + if (!entry) return (NULL); ++ if (maxlen < 1) return NULL; + + memset (val, 0, maxlen); + maxlen--; +diff --git a/libexif/olympus/mnote-olympus-entry.c b/libexif/olympus/mnote-olympus-entry.c +index 679fb50..d5eb60e 100644 +--- a/libexif/olympus/mnote-olympus-entry.c ++++ b/libexif/olympus/mnote-olympus-entry.c +@@ -284,6 +284,8 @@ mnote_olympus_entry_get_value (MnoteOlympusEntry *entry, char *v, unsigned int m + + if (!entry) + return (NULL); ++ if (maxlen < 1) ++ return NULL; + + memset (v, 0, maxlen); + maxlen--; +diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c +index 32b537b..d3c96f8 100644 +--- a/libexif/pentax/mnote-pentax-entry.c ++++ b/libexif/pentax/mnote-pentax-entry.c +@@ -315,6 +315,7 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, + int i = 0, j = 0; + + if (!entry) return (NULL); ++ if (maxlen < 1) return (NULL); + + memset (val, 0, maxlen); + maxlen--; +-- +2.50.1 + diff --git a/meta/recipes-support/libexif/libexif_0.6.24.bb b/meta/recipes-support/libexif/libexif_0.6.24.bb index b407ee52de0..b3ee15a37f9 100644 --- a/meta/recipes-support/libexif/libexif_0.6.24.bb +++ b/meta/recipes-support/libexif/libexif_0.6.24.bb @@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/libexif-${PV}.tar.bz2 \ file://0001-Add-serial-tests-config-needed-by-ptest.patch \ file://run-ptest \ + file://CVE-2026-32775.patch \ " SRC_URI[sha256sum] = "d47564c433b733d83b6704c70477e0a4067811d184ec565258ac563d8223f6ae" From patchwork Fri Jun 5 22:33:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89402 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7038ACD8C88 for ; Fri, 5 Jun 2026 22:34:25 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6272.1780698860396246477 for ; Fri, 05 Jun 2026 15:34:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=3IC4BYUB; spf=pass (domain: smile.fr, ip: 209.85.128.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-490af320e2aso27619365e9.2 for ; Fri, 05 Jun 2026 15:34:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698859; x=1781303659; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=JsVM+GRR4zqA0MzNZFGLZJN5mpft0FN+JPRFIYOJMiQ=; b=3IC4BYUBnpixlrI5Pr24rNRSrxHjT4FcSAediIvCM52vKtgpaXxk05ujDlwOT1v4lc HCXa8CM3P/bQJTLwi7C4XP+mD/29OsonGJFOPyWzEG09SoUDKO7igrSspwqBJDCW2C47 BRxVAgyRHRlF+RrbHtnwuCbfOvgR7vLEI/gqk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698859; x=1781303659; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=JsVM+GRR4zqA0MzNZFGLZJN5mpft0FN+JPRFIYOJMiQ=; b=qBDgEUMxesvtOczGZ4usSkAh615MkJwBdGx0KKbsHVQs9MvmnJBmwGnT9iuR5kU3m8 HuMYiQE5OIwBdFbrBI9fRLGnM+OhDiPOXDx0pmYQWt895IIc3gOJI+cwfsIkYY3xZT6i kDhUWkhcefXdg2s3QgZjEBlGwSSWtYnvUY2z1Onoz80Rj091wQcYFdP5W5ITwFdxYS84 N450CMzVsgTs5HgbcE2usr0EAZccaCYw2RrMsa8EgKfT6EIgtrNMPQ50BLcuNQdJn3xd K548/IowYJ/q29pXi4RE3Zgttb2dpR9b5c14IesxSYUADEhd0hM40BlrOmHLj/3vJsHD p1Mw== X-Gm-Message-State: AOJu0YywtSjbhS+yUPJblAHP57OYOuECIe1W44DbahxLyvG2KrbjbOUK EQL9btpdT9IP6RtOOVGvEsjh9xLwIPlW5Sj6ZqDlnFHJHa19/KOijYc5QpwT8sZl40kMWmamlaq L9+OK X-Gm-Gg: Acq92OHLds9wN1/xIcY4YjH8wJQVULCt5LfUHS+GfnwVH2pbuOgAf8cQbYt0k91+kl7 5+dfRemCymJjRaMslw5T0txS2VQh53qp4WGNu+cHyNK/fieurkZrgsB2K/TXJDaTY0j8KFJ0t6K XNSOa42WDlQXD2cdVWGdAEGA0vM3Omc1Wnmdf+m9epRehGzWb6m1Jr0ZvChgoKcRE/Rg43H+OXN ZkOolXzQycOBB7DdWoYsEj3HI9zVjO+gT17BVM1SighM7WwtqBNqlHijxJ5uv0qjO9IdFg7qjxG VcF03NopBMQH0wyIG8V2Sbq1Sal2J7WMkoHmBGtYRxO9L/4QpaV52ijOb7FlSIwoozFLCcGQAfk kZKytehe/TTzc9JtNes3YZC1htjOsMa9MNYnoIPYEymTuzLORTNUH9BwpKb1Y26MXc2vZlv56fT RVo0GZbEny2oiPWyC1pCLG7l1CBG3cTN2wEzjGHRBtQojay5nr9kFMxbaP9zOhD8eXlT5TMnPMJ BIBH/KHZwiX0To2aoNGStPqnkEkgQq3OBERu2A= X-Received: by 2002:a05:600c:3e0a:b0:490:b724:dbe3 with SMTP id 5b1f17b1804b1-490c25a07c4mr89260935e9.8.1780698858737; Fri, 05 Jun 2026 15:34:18 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:18 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 10/25] libexif: fix for CVE-2026-40385, CVE-2026-40386 Date: Sat, 6 Jun 2026 00:33:55 +0200 Message-ID: <9175f776404a1f4536e0320495c446e80a281172.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238197 From: Hitendra Prajapati Pick patch from [1] & [2] also mentioned at Debian report in [3] & [4] [1] https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58 [2] https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b [3] https://nvd.nist.gov/vuln/detail/CVE-2026-40385 [4] https://nvd.nist.gov/vuln/detail/CVE-2026-40386 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../libexif/libexif/CVE-2026-40385.patch | 35 ++++++++++++++ .../libexif/libexif/CVE-2026-40386.patch | 46 +++++++++++++++++++ .../recipes-support/libexif/libexif_0.6.24.bb | 2 + 3 files changed, 83 insertions(+) create mode 100644 meta/recipes-support/libexif/libexif/CVE-2026-40385.patch create mode 100644 meta/recipes-support/libexif/libexif/CVE-2026-40386.patch diff --git a/meta/recipes-support/libexif/libexif/CVE-2026-40385.patch b/meta/recipes-support/libexif/libexif/CVE-2026-40385.patch new file mode 100644 index 00000000000..75f7fea6e4f --- /dev/null +++ b/meta/recipes-support/libexif/libexif/CVE-2026-40385.patch @@ -0,0 +1,35 @@ +From 93003b93e50b3d259bd2227d8775b73a53c35d58 Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Fri, 3 Apr 2026 11:18:47 +0200 +Subject: [PATCH] Avoid overflow on 32bit system when reading Nikon MakerNotes + +The addition o2 = datao + exif_get_long(buf + o2, n->order) +could have overflowed on systems with 32bit unsigned int size_t. + +This could have caused out of bound reads of data, leading to +misparsing of exif / crashes. + +Reported-By: Kerwin + +CVE: CVE-2026-40385 +Upstream-Status: Backport from [https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58] +Signed-off-by: Hitendra Prajapati +--- + libexif/olympus/exif-mnote-data-olympus.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libexif/olympus/exif-mnote-data-olympus.c b/libexif/olympus/exif-mnote-data-olympus.c +index 3dbe1d3..a5ed7ad 100644 +--- a/libexif/olympus/exif-mnote-data-olympus.c ++++ b/libexif/olympus/exif-mnote-data-olympus.c +@@ -382,6 +382,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en, + o2 += 2; + + /* Go to where the number of entries is. */ ++ if (CHECKOVERFLOW(o2,buf_size,exif_get_long (buf + o2, n->order))) return; + o2 = datao + exif_get_long (buf + o2, n->order); + break; + +-- +2.50.1 + diff --git a/meta/recipes-support/libexif/libexif/CVE-2026-40386.patch b/meta/recipes-support/libexif/libexif/CVE-2026-40386.patch new file mode 100644 index 00000000000..3792aa02a6e --- /dev/null +++ b/meta/recipes-support/libexif/libexif/CVE-2026-40386.patch @@ -0,0 +1,46 @@ +From dc6eac6e9655d14d0779d99e82d0f5f442d2f34b Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Thu, 2 Apr 2026 13:26:31 +0200 +Subject: [PATCH] fixed 2 unsigned integer underflows + +this could cause crashes or data leaks. + +Reported-by: Kerwin + +CVE: CVE-2026-40386 +Upstream-Status: Backport from [https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b] +Signed-off-by: Hitendra Prajapati +--- + libexif/fuji/exif-mnote-data-fuji.c | 2 +- + libexif/olympus/exif-mnote-data-olympus.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libexif/fuji/exif-mnote-data-fuji.c b/libexif/fuji/exif-mnote-data-fuji.c +index e3af4e1..3f295d3 100644 +--- a/libexif/fuji/exif-mnote-data-fuji.c ++++ b/libexif/fuji/exif-mnote-data-fuji.c +@@ -68,7 +68,7 @@ exif_mnote_data_fuji_get_value (ExifMnoteData *d, unsigned int i, char *val, uns + ExifMnoteDataFuji *n = (ExifMnoteDataFuji *) d; + + if (!d || !val) return NULL; +- if (i > n->count -1) return NULL; ++ if (i >= n->count) return NULL; + /* + exif_log (d->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataFuji", + "Querying value for tag '%s'...", +diff --git a/libexif/olympus/exif-mnote-data-olympus.c b/libexif/olympus/exif-mnote-data-olympus.c +index a5ed7ad..bdeb5a9 100644 +--- a/libexif/olympus/exif-mnote-data-olympus.c ++++ b/libexif/olympus/exif-mnote-data-olympus.c +@@ -76,7 +76,7 @@ exif_mnote_data_olympus_get_value (ExifMnoteData *d, unsigned int i, char *val, + ExifMnoteDataOlympus *n = (ExifMnoteDataOlympus *) d; + + if (!d || !val) return NULL; +- if (i > n->count -1) return NULL; ++ if (i >= n->count) return NULL; + /* + exif_log (d->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus", + "Querying value for tag '%s'...", +-- +2.50.1 + diff --git a/meta/recipes-support/libexif/libexif_0.6.24.bb b/meta/recipes-support/libexif/libexif_0.6.24.bb index b3ee15a37f9..8418b72c522 100644 --- a/meta/recipes-support/libexif/libexif_0.6.24.bb +++ b/meta/recipes-support/libexif/libexif_0.6.24.bb @@ -11,6 +11,8 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/libexif-${PV}.tar.bz2 \ file://0001-Add-serial-tests-config-needed-by-ptest.patch \ file://run-ptest \ file://CVE-2026-32775.patch \ + file://CVE-2026-40385.patch \ + file://CVE-2026-40386.patch \ " SRC_URI[sha256sum] = "d47564c433b733d83b6704c70477e0a4067811d184ec565258ac563d8223f6ae" From patchwork Fri Jun 5 22:33:56 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89398 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F961CD8C87 for ; Fri, 5 Jun 2026 22:34:25 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6274.1780698860931741064 for ; Fri, 05 Jun 2026 15:34:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=neLx2WXu; spf=pass (domain: smile.fr, ip: 209.85.128.54, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-490af320e2aso27619395e9.2 for ; Fri, 05 Jun 2026 15:34:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698859; x=1781303659; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DgUDffPDovmzrLg4j5BfQ5VdkeluuQ4qlhllb3K93OU=; b=neLx2WXuWigmaejM8mZlC/J1gFp3CuSkFU8oWCn4nU9fd5kKl/dn4611sykC/d4SL/ yINFeZ6dFgjdxd+R3D9hjXkt+FeJJQWOe2l/OAJOJFwnYBzdTqfTNpgTTzX6rwpQfEAw LHKn7UF2OMPNhzZ+2U7BwuhZm7I2pF2p3grmQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698859; x=1781303659; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=DgUDffPDovmzrLg4j5BfQ5VdkeluuQ4qlhllb3K93OU=; b=POjVel1JgYy1QnLuS1aepbYL008wiVrik1oRv/3+4eDZKML9u64MIXQMwPUJ9T4j3/ 87NlmIVTMWG5n99IMeG2XS/IQc11Xw77R8tCp0lW3LwgBv3+mIDq6njVRjAXShWWv5+Y gnsvFTl8lUBvsXrDLG7g0SNM112MmxJTU7VEaZx8zmmRFJNvdd/kEQ5fIg8eON2aCjiF U/lPMRn1rFEo2diP24peRl8DDw2V3FUzYiXmvcJEdBHONlep3s74iRYsFQ79XAMLOGrT SG5IPa2oKsVIUmWqFvOXX5Oyp0c0/LD9yeCzmJ/a6BL8MsATlUrUir5Mr48VIvj4qJLN mAbw== X-Gm-Message-State: AOJu0YzrVhSqXjasUUG05m46gGzetgMlYL9P114eFqqFqufyjCn2Q/x9 OFVDwprhIL9DqIyyPnwo9yz6+9t8jD/Dme0VaZ3q9QF+CvEfNy8qDyN2m3XqFHu5/ZPepTxZEji ctNgY X-Gm-Gg: Acq92OHv+Pd35Dvmdb/lw01OlsQZBn1tBJyImOWDubaf2sAfJh36OSJ41djyg+BGrg3 /bQ6Q0919gDaC8QfYgFg82jkkXsXk4iLCveG7iEH5lUGZU2VAvrYMMfUMbhFv4+T/EW5sdQdjd0 3ldSf8ppxCA2cfJzDxMHrM4kJelvHLoKuqyjRHmJoN1h7dwBZbBGEu5ShSWvpGUX+HpA4qdltF7 uIuaSO2K4nzcKXXkuOTeZwKIDW4nUWPWItHY3aNzC+B2bX5/D69LuSVgyEjOTd2csKqso6yFIwk VAups+jYlJEvJ8gv/62KWWEXlYc0HKlMkUoGz5wDtMB1vyWi43WX/5Lu5ggQ+DAesBAVR1KAiPn YVJBxQh4a1qeAwvGJpBOGn0WjTnfnj/ctZoku8OBvtK/GWTwl1y7ItZOZnUM1AlGRgBCx4fUr9E 1boYwo+/oiakagZLM1mOWlw1viY+gypdmwQQ6gv1vcXOUxAaPIIwTDhHGE9Dd4/H1UZ8mFZ/GPZ NRm96h+SOBtdsEcFxgve/klNmq1nLxBvSBcyPM= X-Received: by 2002:a05:600c:3515:b0:490:b409:94f4 with SMTP id 5b1f17b1804b1-490c2602a24mr94020495e9.28.1780698859285; Fri, 05 Jun 2026 15:34:19 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:18 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 11/25] perl: link to the system zlib instead of a vendored copy Date: Sat, 6 Jun 2026 00:33:56 +0200 Message-ID: <6e83e5520f415fc6ca9029a8aaa0af31cd832a90.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238198 From: Ross Burton The perl module Compress-Raw-Zlib defaults to using a vendored copy of the zlib sources which has a number of CVEs. A newer version of perl updates this to zlib 1.3.2 to resolve them, but we should be linking to our zlib recipe instead of the vendored code. This mitigates CVE-2026-4176 so mark it as not appropriate. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit bf515229043685d4f00c965eb3e0236c37b6b403) Signed-off-by: Sudhir Dumbhare Signed-off-by: Yoann Congal --- meta/recipes-devtools/perl/perl_5.38.4.bb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta/recipes-devtools/perl/perl_5.38.4.bb b/meta/recipes-devtools/perl/perl_5.38.4.bb index e59022e2bdf..5ab49ed3d77 100644 --- a/meta/recipes-devtools/perl/perl_5.38.4.bb +++ b/meta/recipes-devtools/perl/perl_5.38.4.bb @@ -49,6 +49,11 @@ export ENC2XS_NO_COMMENTS = "1" CFLAGS += "-D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" +# Link Compress-Raw-Zlib to the system zlib instead of a vendored copy +EXTRA_OEMAKE += "BUILD_ZLIB=False ZLIB_INCLUDE=${STAGING_INCDIR} ZLIB_LIB=${STAGING_LIBDIR}" + +CVE_STATUS[CVE-2026-4176] = "not-applicable-config: we do not use the vendorered zlib" + do_configure:prepend() { rm -rf ${B} cp -rfp ${S} ${B} From patchwork Fri Jun 5 22:33:57 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89403 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9F20CD8C86 for ; Fri, 5 Jun 2026 22:34:24 +0000 (UTC) Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6132.1780698861573220706 for ; Fri, 05 Jun 2026 15:34:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=fdWhLD40; spf=pass (domain: smile.fr, ip: 209.85.221.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f41.google.com with SMTP id ffacd0b85a97d-45ef5146b56so2245790f8f.0 for ; Fri, 05 Jun 2026 15:34:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698860; x=1781303660; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uNlwVcnnXqPCxnrl4lx5X3qfw6/hMg/y7cny0y9R9GA=; b=fdWhLD40/iW60a239jv7JWWWsMetzPJKjFkzR2HSBb5hYxwUp7PxdG36eInGP1GajH +HO1X/KiQc/Q0cXAPgcy+bEfNuGLaDBfq94o3UqW6ckqKmN4azWvUwaExCtY2QATRm0H /cI1J5GHZX9O697ZEoChm2/YZ1d2MJf6V2chE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698860; x=1781303660; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=uNlwVcnnXqPCxnrl4lx5X3qfw6/hMg/y7cny0y9R9GA=; b=LhRMoSfNZJjnEF4L0KGlFSIN79WxRu3hVZKh06GKjds9CKAwPFwvyBFqrhu6FKF2xf +OTHRc69DRAurWaOBL6m/1sMOROGIMmfKrXhgB5ZxAEOdVSYbR8SZIWIwk/7l0Uhk6H9 hVnnrMoogAWHavZEDXKvZJfzZh/vC6ypEt7Ygyt2Csfz7LFdtxZYfegO7Rc4l306Czms /vz0MqSz9ZVnkFc7fXCt45zOl/cWdX40PuTLLBbrxRZMeOwdeVOzxVm3u71OsVkpUNJM hLiuXO8iJpLoJBCZvGvwahnfcgXi5LfY4lR6+V24TX6AaXz/Z1TWlPSqyBMCaLoqCwXh fssA== X-Gm-Message-State: AOJu0YwZR/i/BjOpB50Zg3qFzfHcUJE0abRLydggyWQXfdpgK4i2Iybe yPdopmIvHDNaerUnENkv7Nc83xx5bm7CLdcMJFM1kiJHOaineCwRyHs8S5kTclj/6JllSXEWiEn nYVSi X-Gm-Gg: Acq92OEJDTUWoOpPvyWe1qOw/7a/HtldJjA5m/ZHpk7aMdocy0Falk31KC636eTo8It xVJ8xp05+8DSArdfH46v7XUyZdLFTwum6DtveG1Mwm7VEVVbIGU8w2XXxp7FHtUSxfbDfJNAZE8 Y++G+Frhmq6IzBUKwDD+QfHtUGRn+SiSgGlASrgBL1Cffxh6u9kTiSDvBjK1p6vy+3sNp/WKLkg tEsyEfnQ3FblI11AltM6PmOB5Q5AyqpYHzOYzl0XC9yhEWJz8I2dwlj1WKDmyPM0YLXIxA3WW68 QweZcZeXKjY/7LjJm5QyP4ti7EhFFzldTeU9sPt3FtH49dNG9F2nlDN/A2KXpMZBM/TycduU9Ji PXjFL1ruLBhTn4dypT9AuSuW9VvjX5rljLF3wu7L3IvD+HXYDGxMha+725O7BBTSArDt8RK9ZNn 3KQto06Gl0Kyrw/SwNFjnWtI2DcC69TWy45CuWq5ZCX+X6KhBW5JTu2FrLjgY/F9JrxnSpGaIKM tq8XLSuQOGfIeEBX0h1s1wmrwlghXym/49RSxM= X-Received: by 2002:a5d:5d83:0:b0:460:2d57:6923 with SMTP id ffacd0b85a97d-46032da2329mr6976645f8f.10.1780698859812; Fri, 05 Jun 2026 15:34:19 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:19 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 12/25] gnupg: upgrade 2.4.8 -> 2.4.9 Date: Sat, 6 Jun 2026 00:33:57 +0200 Message-ID: <5eb2cd21ac86805f5f90ea149da7de6e41342299.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238199 From: Guðni Már Gilbert Drop one patch since change is included in the release. Upgrade was performed using devtool Full changelog: https://github.com/gpg/gnupg/compare/gnupg-2.4.8...gnupg-2.4.9 Noteworthy changes in version 2.4.9 (2025-12-30) ------------------------------------------------ * gpg: Fix possible memory corruption in the armor parser. [T7906] * gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures. [rGddb012be7f] * gpg: Error out on unverified output for non-detached signatures. [rG9d302f978b] * gpg: Do not allow compressed key packets on import. [T7014] * scd: Fix a harmless read buffer over-read in a function used by PKCS#15 cards. [T7662] * dirmngr: Do not require a keyserver for "gpg --fetch-key". [T7693] * agent: Fix ssh-agent's request_identities for skipped Brainpool keys. [rG6bf5696c85] Release-info: https://dev.gnupg.org/T8001 Signed-off-by: Guðni Már Gilbert Signed-off-by: Yoann Congal --- ...erride-init-is-not-needed-with-gcc-9.patch | 7 +- ...-a-custom-value-for-the-location-of-.patch | 5 +- ...use-pkgconfig-instead-of-npth-config.patch | 3 +- ...h-fix-find-version-for-beta-checking.patch | 3 +- .../gnupg/gnupg/CVE-2025-68973.patch | 108 ------------------ .../gnupg/gnupg/CVE-2026-24882-0001.patch | 7 +- .../gnupg/gnupg/CVE-2026-24882-0002.patch | 7 +- .../gnupg/gnupg/relocate.patch | 19 ++- .../gnupg/{gnupg_2.4.8.bb => gnupg_2.4.9.bb} | 3 +- 9 files changed, 20 insertions(+), 142 deletions(-) delete mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch rename meta/recipes-support/gnupg/{gnupg_2.4.8.bb => gnupg_2.4.9.bb} (96%) diff --git a/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch b/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch index 83195b5bd4d..f4c6f1452ae 100644 --- a/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch +++ b/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch @@ -1,4 +1,4 @@ -From e3adc816d2d56dd929016073937ba24e01e03cb8 Mon Sep 17 00:00:00 2001 +From 0d5c3389fae260c7eac3f37c1b62f16f6d149613 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Thu, 20 Dec 2018 17:37:48 -0800 Subject: [PATCH] Woverride-init is not needed with gcc 9 @@ -17,7 +17,7 @@ Signed-off-by: Khem Raj 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dirmngr/dns.h b/dirmngr/dns.h -index 024d6dcc8..c6e141e16 100644 +index 1f647e1..334acb6 100644 --- a/dirmngr/dns.h +++ b/dirmngr/dns.h @@ -139,7 +139,7 @@ DNS_PUBLIC int *dns_debug_p(void); @@ -29,6 +29,3 @@ index 024d6dcc8..c6e141e16 100644 #define DNS_PRAGMA_PUSH _Pragma("GCC diagnostic push") #define DNS_PRAGMA_QUIET _Pragma("GCC diagnostic ignored \"-Woverride-init\"") #define DNS_PRAGMA_POP _Pragma("GCC diagnostic pop") --- -2.17.1 - diff --git a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch index f957f6b55ec..3873af5ec5b 100644 --- a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch +++ b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch @@ -1,4 +1,4 @@ -From 6b581c43bd01f815db78a410fd3814fc5994171e Mon Sep 17 00:00:00 2001 +From 9ca764edb7673e7e607f6bd57655a60e769781de Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Mon, 22 Jan 2018 18:00:21 +0200 Subject: [PATCH] configure.ac: use a custom value for the location of @@ -8,13 +8,12 @@ This should avoid clashes with the host gpg-agent observed on autobuilders. Upstream-Status: Inappropriate [oe-core specific, and only for -native] Signed-off-by: Alexander Kanavin - --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 26d7f7b..e953c2e 100644 +index 94bc805..503979e 100644 --- a/configure.ac +++ b/configure.ac @@ -1921,7 +1921,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", diff --git a/meta/recipes-support/gnupg/gnupg/0002-use-pkgconfig-instead-of-npth-config.patch b/meta/recipes-support/gnupg/gnupg/0002-use-pkgconfig-instead-of-npth-config.patch index 0e58fd4c4db..4d705ed37d1 100644 --- a/meta/recipes-support/gnupg/gnupg/0002-use-pkgconfig-instead-of-npth-config.patch +++ b/meta/recipes-support/gnupg/gnupg/0002-use-pkgconfig-instead-of-npth-config.patch @@ -1,4 +1,4 @@ -From d9048788d906774b1475c3bb1b17e22455c2add4 Mon Sep 17 00:00:00 2001 +From 6899557f13de1cb1c4e32a3fae5a4832e85b8499 Mon Sep 17 00:00:00 2001 From: Saul Wold Date: Wed, 16 Aug 2017 11:16:30 +0800 Subject: [PATCH] use pkgconfig instead of npth config @@ -9,7 +9,6 @@ Signed-off-by: Saul Wold Rebase to 2.1.23 Signed-off-by: Hongxu Jia - --- m4/npth.m4 | 53 ++++++++--------------------------------------------- 1 file changed, 8 insertions(+), 45 deletions(-) diff --git a/meta/recipes-support/gnupg/gnupg/0004-autogen.sh-fix-find-version-for-beta-checking.patch b/meta/recipes-support/gnupg/gnupg/0004-autogen.sh-fix-find-version-for-beta-checking.patch index d664c36a1bc..e29ffcfa59d 100644 --- a/meta/recipes-support/gnupg/gnupg/0004-autogen.sh-fix-find-version-for-beta-checking.patch +++ b/meta/recipes-support/gnupg/gnupg/0004-autogen.sh-fix-find-version-for-beta-checking.patch @@ -1,4 +1,4 @@ -From 6a7f9b71d936847dcaeeac7d1b69d8299be4dd85 Mon Sep 17 00:00:00 2001 +From 85fa969022df651e78346b38718515a4b32d8187 Mon Sep 17 00:00:00 2001 From: Wenzong Fan Date: Wed, 16 Aug 2017 11:23:22 +0800 Subject: [PATCH] autogen.sh: fix find-version for beta checking @@ -13,7 +13,6 @@ Signed-off-by: Wenzong Fan Rebase to 2.1.23 Signed-off-by: Hongxu Jia - --- autogen.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch b/meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch deleted file mode 100644 index 4eaf7cdb386..00000000000 --- a/meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 4ecc5122f20e10c17172ed72f4fa46c784b5fb48 Mon Sep 17 00:00:00 2001 -From: Werner Koch -Date: Thu, 23 Oct 2025 11:36:04 +0200 -Subject: [PATCH] gpg: Fix possible memory corruption in the armor parser. - -* g10/armor.c (armor_filter): Fix faulty double increment. - -* common/iobuf.c (underflow_target): Assert that the filter -implementations behave well. --- - -This fixes a bug in a code path which can only be reached with special -crafted input data and would then error out at an upper layer due to -corrupt input (every second byte in the buffer is unitialized -garbage). No fuzzing has yet hit this case and we don't have a test -case for this code path. However memory corruption can never be -tolerated as it always has the protential for remode code execution. - -Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a -Fixes-commit: c27c7416d5148865a513e007fb6f0a34993a6073 -which fixed -Fixes-commit: 7d0efec7cf5ae110c99511abc32587ff0c45b14f -Backported-from-master: 115d138ba599328005c5321c0ef9f00355838ca9 - -The bug was introduced on 1999-01-07 by me: -* armor.c: Rewrote large parts. -which I fixed on 1999-03-02 but missed to fix the other case: -* armor.c (armor_filter): Fixed armor bypassing. - -Below is base64+gzipped test data which can be used with valgrind to -show access to uninitalized memory in write(2) in the unpatched code. - ---8<---------------cut here---------------start------------->8--- -H4sICIDd+WgCA3h4AO3QMQ6CQBCG0djOKbY3G05gscYFSRAJt/AExp6Di0cQG0ze -a//MV0zOq3Pt+jFN3ZTKfLvP9ZLafqifJUe8juOjeZbVtSkbRPmRgICAgICAgICA -gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA -gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA -gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA -gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA -gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA -gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA -gICAgICAgICAgICAgICAgICAgICAgICAgMCXF6dYDgAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7E14AAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwZ94aieId3+8EAA== ---8<---------------cut here---------------end--------------->8--- - -CVE: CVE-2025-68973 -Upstream-Status: Backport [https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48] -Signed-off-by: Peter Marko ---- - common/iobuf.c | 8 +++++++- - g10/armor.c | 4 ++-- - 2 files changed, 9 insertions(+), 3 deletions(-) - -diff --git a/common/iobuf.c b/common/iobuf.c -index 748e6935d..2497713c1 100644 ---- a/common/iobuf.c -+++ b/common/iobuf.c -@@ -2043,6 +2043,8 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target) - rc = 0; - else - { -+ size_t tmplen; -+ - /* If no buffered data and drain buffer has been setup, and drain - * buffer is largish, read data directly to drain buffer. */ - if (a->d.len == 0 -@@ -2055,8 +2057,10 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target) - log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes, to external drain)\n", - a->no, a->subno, (ulong)len); - -- rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain, -+ tmplen = len; /* Used to check for bugs in the filter. */ -+ rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain, - a->e_d.buf, &len); -+ log_assert (len <= tmplen); - a->e_d.used = len; - len = 0; - } -@@ -2066,8 +2070,10 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target) - log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes)\n", - a->no, a->subno, (ulong)len); - -+ tmplen = len; /* Used to check for bugs in the filter. */ - rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain, - &a->d.buf[a->d.len], &len); -+ log_assert (len <= tmplen); - } - } - a->d.len += len; -diff --git a/g10/armor.c b/g10/armor.c -index 81af15339..f8cfa86db 100644 ---- a/g10/armor.c -+++ b/g10/armor.c -@@ -1302,8 +1302,8 @@ armor_filter( void *opaque, int control, - n = 0; - if( afx->buffer_len ) { - /* Copy the data from AFX->BUFFER to BUF. */ -- for(; n < size && afx->buffer_pos < afx->buffer_len; n++ ) -- buf[n++] = afx->buffer[afx->buffer_pos++]; -+ for(; n < size && afx->buffer_pos < afx->buffer_len;) -+ buf[n++] = afx->buffer[afx->buffer_pos++]; - if( afx->buffer_pos >= afx->buffer_len ) - afx->buffer_len = 0; - } diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2026-24882-0001.patch b/meta/recipes-support/gnupg/gnupg/CVE-2026-24882-0001.patch index 6e6d44c3729..d0bb89222f8 100644 --- a/meta/recipes-support/gnupg/gnupg/CVE-2026-24882-0001.patch +++ b/meta/recipes-support/gnupg/gnupg/CVE-2026-24882-0001.patch @@ -1,7 +1,7 @@ -From d07e2f19134129d59014fe181642cd122dc2e29f Mon Sep 17 00:00:00 2001 +From 4e70ef4af04b48b1b91c3b6862978106b8dfdf01 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 26 Jan 2026 11:13:44 +0100 -Subject: [PATCH 1/2] tpm: Fix possible buffer overflow in PKDECRYPT +Subject: [PATCH] tpm: Fix possible buffer overflow in PKDECRYPT * tpm2d/tpm2.c (tpm2_ecc_decrypt): Bail out on too long CIPHERTEXT. (tpm2_rsa_decrypt): Ditto. @@ -65,6 +65,3 @@ index 3e908dd..cd0347c 100644 inScheme.scheme = TPM_ALG_RSAES; /* * apparent gcrypt error: occasionally rsa ciphertext will --- -2.34.1 - diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2026-24882-0002.patch b/meta/recipes-support/gnupg/gnupg/CVE-2026-24882-0002.patch index 2e872ea491f..15abe64b859 100644 --- a/meta/recipes-support/gnupg/gnupg/CVE-2026-24882-0002.patch +++ b/meta/recipes-support/gnupg/gnupg/CVE-2026-24882-0002.patch @@ -1,7 +1,7 @@ -From e8eaa9bf018d3276d613f371207c91c1ffa3e16c Mon Sep 17 00:00:00 2001 +From ae9db1f2e5745bf34fea5ad0e8ed9adbd2165c2a Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Thu, 12 Feb 2026 11:51:17 +0900 -Subject: [PATCH 2/2] agent: Fix the regression in pkdecrypt with TPM RSA. +Subject: [PATCH] agent: Fix the regression in pkdecrypt with TPM RSA. * agent/divert-tpm2.c (divert_tpm2_pkdecrypt): Care about additional 0x00. @@ -42,6 +42,3 @@ index 2496d09..5b5bd14 100644 } else if (smatch (&s, n, "ecdh")) { --- -2.34.1 - diff --git a/meta/recipes-support/gnupg/gnupg/relocate.patch b/meta/recipes-support/gnupg/gnupg/relocate.patch index ea0252026aa..0501d182a5f 100644 --- a/meta/recipes-support/gnupg/gnupg/relocate.patch +++ b/meta/recipes-support/gnupg/gnupg/relocate.patch @@ -1,4 +1,4 @@ -From c50d0a95fcf8f96c272fadd4ba85f3eeac39fcaf Mon Sep 17 00:00:00 2001 +From 922a17cd375a72c59ce09a77923bb47df69e4c08 Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Wed, 19 Sep 2018 14:44:40 +0100 Subject: [PATCH] Allow the environment to override where gnupg looks for its @@ -8,16 +8,15 @@ Upstream-Status: Inappropriate [OE-specific] Signed-off-by: Ross Burton Signed-off-by: Alexander Kanavin - --- common/homedir.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/common/homedir.c b/common/homedir.c -index 6f99f3e..f22aa9e 100644 +index 9fcb90b..fe91dcb 100644 --- a/common/homedir.c +++ b/common/homedir.c -@@ -1284,7 +1284,7 @@ gnupg_socketdir (void) +@@ -1294,7 +1294,7 @@ gnupg_socketdir (void) if (!name) { unsigned int dummy; @@ -26,7 +25,7 @@ index 6f99f3e..f22aa9e 100644 gpgrt_annotate_leaked_object (name); } -@@ -1316,7 +1316,7 @@ gnupg_sysconfdir (void) +@@ -1326,7 +1326,7 @@ gnupg_sysconfdir (void) if (dir) return dir; else @@ -35,7 +34,7 @@ index 6f99f3e..f22aa9e 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -1352,7 +1352,7 @@ gnupg_bindir (void) +@@ -1362,7 +1362,7 @@ gnupg_bindir (void) return name; } else @@ -44,7 +43,7 @@ index 6f99f3e..f22aa9e 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -1379,7 +1379,7 @@ gnupg_libexecdir (void) +@@ -1389,7 +1389,7 @@ gnupg_libexecdir (void) return name; } else @@ -53,7 +52,7 @@ index 6f99f3e..f22aa9e 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -1409,7 +1409,7 @@ gnupg_libdir (void) +@@ -1419,7 +1419,7 @@ gnupg_libdir (void) return name; } else @@ -62,7 +61,7 @@ index 6f99f3e..f22aa9e 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -1440,7 +1440,7 @@ gnupg_datadir (void) +@@ -1450,7 +1450,7 @@ gnupg_datadir (void) return name; } else @@ -71,7 +70,7 @@ index 6f99f3e..f22aa9e 100644 #endif /*!HAVE_W32_SYSTEM*/ } -@@ -1472,7 +1472,7 @@ gnupg_localedir (void) +@@ -1482,7 +1482,7 @@ gnupg_localedir (void) return name; } else diff --git a/meta/recipes-support/gnupg/gnupg_2.4.8.bb b/meta/recipes-support/gnupg/gnupg_2.4.9.bb similarity index 96% rename from meta/recipes-support/gnupg/gnupg_2.4.8.bb rename to meta/recipes-support/gnupg/gnupg_2.4.9.bb index 6a865ed57d9..c85de6047fe 100644 --- a/meta/recipes-support/gnupg/gnupg_2.4.8.bb +++ b/meta/recipes-support/gnupg/gnupg_2.4.9.bb @@ -18,7 +18,6 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0002-use-pkgconfig-instead-of-npth-config.patch \ file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \ file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \ - file://CVE-2025-68973.patch \ file://CVE-2026-24882-0001.patch \ file://CVE-2026-24882-0002.patch \ " @@ -26,7 +25,7 @@ SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for- file://relocate.patch" SRC_URI:append:class-nativesdk = " file://relocate.patch" -SRC_URI[sha256sum] = "b58c80d79b04d3243ff49c1c3fc6b5f83138eb3784689563bcdd060595318616" +SRC_URI[sha256sum] = "dd17ab2e9a04fd79d39d853f599cbc852062ddb9ab52a4ddeb4176fd8b302964" EXTRA_OECONF = "--disable-ldap \ --disable-ccid-driver \ From patchwork Fri Jun 5 22:33:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89407 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B433CD8C8E for ; Fri, 5 Jun 2026 22:34:26 +0000 (UTC) Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6133.1780698862051745118 for ; Fri, 05 Jun 2026 15:34:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=RVTbFIc/; spf=pass (domain: smile.fr, ip: 209.85.221.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-4600ddc4017so1863613f8f.0 for ; Fri, 05 Jun 2026 15:34:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698860; x=1781303660; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=GX2HkIAeN6+P6NJDa+VcSOqb89EPzCvSyhLttXVqluU=; b=RVTbFIc/Y6Biw4/OvTIu3DPwLsG1K1GayKtQM8HsD4mqhKQSEqpR/+8Wg+OXgXfQK0 4Ebr9WjlDddQaob2GVs+VeQJQHriY9/Z7cQG4Wb2HXb46mqUHubmsJYOj8WYTfCbJKgK 2r7evfGhEMi5AdxXZ02R2tEW64TdFLxu3P+7o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698860; x=1781303660; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=GX2HkIAeN6+P6NJDa+VcSOqb89EPzCvSyhLttXVqluU=; b=Ma+83Hf6C+M85kQjPWFdtmRfQynnPZNQQIaYaiO+ivoCCNoH2vDXIbyQOFJouq8lTG g28gGFdERxEp+ctjlQhR/wRNFtXOv2HzpM9bSrQTziA/+XVnxluDQpmfxrdRgSsr9YYs t49vqy7hBilk2E+vbb1THafQ1i5zOHIo7idDNmEoyRy8clmuiCKA759psa0kkKSTJnLd 5jpdjMmooQ2Q44SL8XOLimDB37hjID4OjvH1m4u0oFSQMBqz2239B5h4WsUbyX2dh3hO 19weTEyqI6Y0xURViO7dqooemLhCQZnUkyHNd/GL+TxXf7bEj6qO4cGpMkCj7MU3WwjJ d07g== X-Gm-Message-State: AOJu0Ywp3mg31RNylczg3yPpcn9F6tS0q8FfOhjMgBOCfrinAOjsWTYS sxEeWYxeSY26ij8fRosvMfJTcWCD/DWBAw3bXSzoEyy94d8vNd6rcp38fxj6Kxme7GIrrmH301G XFX6u X-Gm-Gg: Acq92OHQ//MrJTb8J3i0auoWVNx4hjeHi/fcbpVprg/LPJGVTrTj+QoSTspdnhWI+uP JHLct8hcOLsvsWR9GS0a/6MWtl1T61g5JnXfFrBWzFwbdRN5WNbfjZELulzjYi4jA4jhVAvZKY3 bIQd183qi7kiGt0biQaFCQzQ4G6qVUHxcYV6ePrRXFwRvkHDVUw1Nyag0rMz/5J/sK24D/K4NeG SMWdQT6f3XeZ3j426yc12oVfcww0ssG+8I1Wpue5BC9yAifStHOKt2tqPxoHwyoRvVIX9uqr0mD +YmfPmHWrAWlZepZ2Exd0dKmj7g5iRv0C1nWTGAM3b6LoPT0pH+DicNRDGoYA/+KW+ns1zN/byf ATa0lSvWlMvW8BR1aNuRnOVkKmdCOnG/PMHC6DpsoXhl7Rzh7LW5b50NXkTobiKZCUD8WRfJEiZ qoAT5/LtjB3/Dpv8X9qcWIveeEtm3ytfGNinG1VgFUrcLbnkgOmfMxM8071tuCYX9VZ0UdX0t3r ezVm+mOxybLOhrWH0QHKUKpew9S0KPLpO/Yx/k= X-Received: by 2002:a05:6000:4708:b0:455:7d77:1d25 with SMTP id ffacd0b85a97d-460305124cfmr10041807f8f.27.1780698860411; Fri, 05 Jun 2026 15:34:20 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:19 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 13/25] openssh: patch CVE-2026-35385 Date: Sat, 6 Jun 2026 00:33:58 +0200 Message-ID: <8a5742fdc3d60e8ab0da2e1f1401995105b742b9.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238200 From: Theo Gaige (Schneider Electric) Backport patch from [1] matching CVE description in [2] and change described in release note [3]. [1] https://github.com/openssh/openssh-portable/commit/487e8ac146f7d6616f65c125d5edb210519b833a [2] https://security-tracker.debian.org/tracker/CVE-2026-35385 [3] https://www.openssh.org/releasenotes.html#10.3p1 Signed-off-by: Theo Gaige (Schneider Electric) Reviewed-by: Bruno Vernay Signed-off-by: Yoann Congal --- .../openssh/openssh/CVE-2026-35385.patch | 47 +++++++++++++++++++ .../openssh/openssh_9.6p1.bb | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2026-35385.patch diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2026-35385.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2026-35385.patch new file mode 100644 index 00000000000..4fc19a60620 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2026-35385.patch @@ -0,0 +1,47 @@ +From 9df287221ad61f6b05b3e80bc57bdaacfa5ab243 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Thu, 2 Apr 2026 07:42:16 +0000 +Subject: [PATCH] upstream: when downloading files as root in legacy (-O) mode + and + +without the -p (preserve modes) flag set, clear setuid/setgid bits from +downloaded files as one might expect. + +AFAIK this bug dates back to the original Berkeley rcp program. + +Reported by Christos Papakonstantinou of Cantina and Spearbit. + +OpenBSD-Commit-ID: 49e902fca8dd933a92a9b547ab31f63e86729fa1 + +CVE: CVE-2026-35385 +Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/487e8ac146f7d6616f65c125d5edb210519b833a] +Signed-off-by: Theo Gaige (Schneider Electric) +--- + scp.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/scp.c b/scp.c +index 492dace12..2c21fa19a 100644 +--- a/scp.c ++++ b/scp.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: scp.c,v 1.260 2023/10/11 05:42:08 djm Exp $ */ ++/* $OpenBSD: scp.c,v 1.273 2026/04/02 07:42:16 djm Exp $ */ + /* + * scp - secure remote copy. This is basically patched BSD rcp which + * uses ssh to do the data transfer (instead of using rcmd). +@@ -1682,8 +1682,10 @@ sink(int argc, char **argv, const char *src) + + setimes = targisdir = 0; + mask = umask(0); +- if (!pflag) ++ if (!pflag) { ++ mask |= 07000; + (void) umask(mask); ++ } + if (argc != 1) { + run_err("ambiguous target"); + exit(1); +-- +2.43.0 + diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb index 1cdd888ccb2..3a9010a7a4d 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb @@ -34,6 +34,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://CVE-2025-32728.patch \ file://CVE-2025-61985.patch \ file://CVE-2025-61984.patch \ + file://CVE-2026-35385.patch \ " SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c" From patchwork Fri Jun 5 22:33:59 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89397 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF481CD6E7E for ; Fri, 5 Jun 2026 22:34:23 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6135.1780698862640048632 for ; Fri, 05 Jun 2026 15:34:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=JB2BZjXp; spf=pass (domain: smile.fr, ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-490b64c8311so27499115e9.3 for ; Fri, 05 Jun 2026 15:34:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698861; x=1781303661; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1wkHdl9mvQRedNcraJeZixJKRViEfhwUojeNCz1SS1c=; b=JB2BZjXpLzRN9E/kXEhilnFDQRuTzMHAyF6d3YS+CvThU4cvcZ1wbW4Tr0EH/Dawmx xK6rqgSru8YsLBuO9g0A8KKGBNSfpfrVPa+4hc9wR/Txs77hK6I+XU/rLraE1xNJUOuM RY1L0KWFOHfyCYgwGM5pBFfuYv4ImW8ZroFjE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698861; x=1781303661; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=1wkHdl9mvQRedNcraJeZixJKRViEfhwUojeNCz1SS1c=; b=SMbu8kfhQCsVX7CY0Zi+E+AKDi3PsZPz7GbJaGZEAVewYktmjkV0dvHElJIjlsAdXs eQ8Q5f+jmsAPdfT0OtBJ6QkIzO3KnvrC9zsokhHC0pO+XmwdtDKpYyLZRYc1Ue9T1S0R Ry2pv2akoz99zyUmJJN7hvoSXLfR7l13hWiplLLPv5f1nJrYgD7WENu9tx3uxf6nBVO4 L2xLsQjSV8O4o2XIeVg8dXUkTRsPXz7JCgfPhxnlBl3vEQXvzK6wFlXVuv4nKVrTqOeT yYXMG9roH2+4F27Ml2H4w0njUpg5PspnLhCJRwDXUSZDAFT1xTXXlpaAsUw8JeCRZfEX x+lg== X-Gm-Message-State: AOJu0YwQRi7uMHkBPIrX9IYkiWvOhmB1DdrrSt+9nXrakb+wxb0YgMN0 Rbi4IhXQYoJL4x4TaSvubYmejiRScCzyPW+fVny3R8zMdopg/j9tq2iMIUBBNH0AXU6WNROjN56 a0T/d X-Gm-Gg: Acq92OGvGvdwu/Qx8IbzhhrCVGWxVljsDs8Tes139MKrelS6h7C5jJMXpDi17mYyIxJ HT93hCgpF6rNJT5+NOGeSL9bAdePTxNpMlOMTqgoFQypMbmSLMMZ1rJ5ZemFo2mZOfp+SUoAYdF YBmCSC9nwp/8HIDsZ0ucPD1tp0XxPF2PaovTj/cCGc+yF391UposLPKHeSgwtWSLwFaR7JyEGJY Mtb0m4Tmml1lqLAlvWB3j23dwERdjSg6Opt6Us35B3CLSilUMI2ID2ETC3Ngce7xiNtQMhAptLU HU25Fjm9NZpfEqVknluiPz1ZPwxOoJZqSyr1yeI301HsAPHHSriXX1O7mvLeldtxC9e8/FNxKPQ RCubYdx9BJi/vFgZR9EGx5YzkLxOFKtFMzpmcS3lWCpY0Blyzlh5seklq28AhtCDu+mFxNMXpKO IpE8VPqM8hMFFEwbDffXEu+I1+hCKI4ULUT5r1pfMA/ed24SL7I65pAO7sLxfTAi9m7t0bF9Iuk m0Ykqp9XP83EuIejYc1u2OvXJrr2iOjXTnGmSA= X-Received: by 2002:a05:600c:4fce:b0:490:5cd8:d21c with SMTP id 5b1f17b1804b1-490c25b3556mr100448795e9.14.1780698860956; Fri, 05 Jun 2026 15:34:20 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:20 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 14/25] openssh: patch CVE-2026-35387 Date: Sat, 6 Jun 2026 00:33:59 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238201 From: Theo Gaige (Schneider Electric) Backport patch from [1] matching CVE description in [2] and change described in release note [3]. [1] https://github.com/openssh/openssh-portable/commit/fd1c7e131f331942d20f42f31e79912d570081fa [2] https://security-tracker.debian.org/tracker/CVE-2026-35387 [3] https://www.openssh.org/releasenotes.html#10.3p1 Signed-off-by: Theo Gaige (Schneider Electric) Reviewed-by: Bruno Vernay Signed-off-by: Yoann Congal --- .../openssh/openssh/CVE-2026-35387.patch | 205 ++++++++++++++++++ .../openssh/openssh_9.6p1.bb | 1 + 2 files changed, 206 insertions(+) create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2026-35387.patch diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2026-35387.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2026-35387.patch new file mode 100644 index 00000000000..c4806bd9935 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2026-35387.patch @@ -0,0 +1,205 @@ +From faaf123656513f16994853379c388ad8cc850f8c Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Thu, 2 Apr 2026 07:48:13 +0000 +Subject: [PATCH] upstream: correctly match ECDSA signature algorithms against + +algorithm allowlists: HostKeyAlgorithms, PubkeyAcceptedAlgorithms and +HostbasedAcceptedAlgorithms. + +Previously, if any ECDSA type (say "ecdsa-sha2-nistp521") was +present in one of these lists, then all ECDSA algorithms would +be permitted. + +Reported by Christos Papakonstantinou of Cantina and Spearbit. + +OpenBSD-Commit-ID: c790e2687c35989ae34a00e709be935c55b16a86 + +CVE: CVE-2026-35387 +Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/fd1c7e131f331942d20f42f31e79912d570081fa] +Signed-off-by: Theo Gaige (Schneider Electric) +--- + auth2-hostbased.c | 9 +++++---- + auth2-pubkey.c | 9 +++++---- + auth2-pubkeyfile.c | 26 +++++++++++++++----------- + sshconnect2.c | 28 ++++++++++++++++++---------- + 4 files changed, 43 insertions(+), 29 deletions(-) + +diff --git a/auth2-hostbased.c b/auth2-hostbased.c +index 06bb464ff..02eeed3f0 100644 +--- a/auth2-hostbased.c ++++ b/auth2-hostbased.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: auth2-hostbased.c,v 1.52 2023/03/05 05:34:09 dtucker Exp $ */ ++/* $OpenBSD: auth2-hostbased.c,v 1.57 2026/04/02 07:48:13 djm Exp $ */ + /* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * +@@ -95,9 +95,10 @@ userauth_hostbased(struct ssh *ssh, const char *method) + error_f("cannot decode key: %s", pkalg); + goto done; + } +- if (key->type != pktype) { +- error_f("type mismatch for decoded key " +- "(received %d, expected %d)", key->type, pktype); ++ if (key->type != pktype || (sshkey_type_plain(pktype) == KEY_ECDSA && ++ sshkey_ecdsa_nid_from_name(pkalg) != key->ecdsa_nid)) { ++ error_f("key type mismatch for decoded key " ++ "(received %s, expected %s)", sshkey_ssh_name(key), pkalg); + goto done; + } + if (match_pattern_list(pkalg, options.hostbased_accepted_algos, 0) != 1) { +diff --git a/auth2-pubkey.c b/auth2-pubkey.c +index 3f49e1df3..1e07ff74e 100644 +--- a/auth2-pubkey.c ++++ b/auth2-pubkey.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: auth2-pubkey.c,v 1.119 2023/07/27 22:25:17 djm Exp $ */ ++/* $OpenBSD: auth2-pubkey.c,v 1.126 2026/04/02 07:48:13 djm Exp $ */ + /* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2010 Damien Miller. All rights reserved. +@@ -148,9 +148,10 @@ userauth_pubkey(struct ssh *ssh, const char *method) + error_f("cannot decode key: %s", pkalg); + goto done; + } +- if (key->type != pktype) { +- error_f("type mismatch for decoded key " +- "(received %d, expected %d)", key->type, pktype); ++ if (key->type != pktype || (sshkey_type_plain(pktype) == KEY_ECDSA && ++ sshkey_ecdsa_nid_from_name(pkalg) != key->ecdsa_nid)) { ++ error_f("key type mismatch for decoded key " ++ "(received %s, expected %s)", sshkey_ssh_name(key), pkalg); + goto done; + } + if (auth2_key_already_used(authctxt, key)) { +diff --git a/auth2-pubkeyfile.c b/auth2-pubkeyfile.c +index 31e7481fb..869c8e055 100644 +--- a/auth2-pubkeyfile.c ++++ b/auth2-pubkeyfile.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: auth2-pubkeyfile.c,v 1.4 2023/03/05 05:34:09 dtucker Exp $ */ ++/* $OpenBSD: auth2-pubkeyfile.c,v 1.8 2026/04/02 07:48:13 djm Exp $ */ + /* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2010 Damien Miller. All rights reserved. +@@ -50,6 +50,7 @@ + #include "authfile.h" + #include "match.h" + #include "ssherr.h" ++#include "xmalloc.h" + + int + auth_authorise_keyopts(struct passwd *pw, struct sshauthopt *opts, +@@ -146,20 +147,23 @@ auth_authorise_keyopts(struct passwd *pw, struct sshauthopt *opts, + static int + match_principals_option(const char *principal_list, struct sshkey_cert *cert) + { +- char *result; ++ char *list, *olist, *entry; + u_int i; + +- /* XXX percent_expand() sequences for authorized_principals? */ +- +- for (i = 0; i < cert->nprincipals; i++) { +- if ((result = match_list(cert->principals[i], +- principal_list, NULL)) != NULL) { +- debug3("matched principal from key options \"%.100s\"", +- result); +- free(result); +- return 1; ++ olist = list = xstrdup(principal_list); ++ for (;;) { ++ if ((entry = strsep(&list, ",")) == NULL || *entry == '\0') ++ break; ++ for (i = 0; i < cert->nprincipals; i++) { ++ if (strcmp(entry, cert->principals[i]) == 0) { ++ debug3("matched principal from key i" ++ "options \"%.100s\"", entry); ++ free(olist); ++ return 1; ++ } + } + } ++ free(olist); + return 0; + } + +diff --git a/sshconnect2.c b/sshconnect2.c +index a5f92f04c..a296c9b8c 100644 +--- a/sshconnect2.c ++++ b/sshconnect2.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: sshconnect2.c,v 1.371 2023/12/18 14:45:49 djm Exp $ */ ++/* $OpenBSD: sshconnect2.c,v 1.385 2026/04/02 07:48:13 djm Exp $ */ + /* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2008 Damien Miller. All rights reserved. +@@ -91,6 +91,7 @@ extern Options options; + static char *xxx_host; + static struct sockaddr *xxx_hostaddr; + static const struct ssh_conn_info *xxx_conn_info; ++static int key_type_allowed(struct sshkey *, const char *); + + static int + verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) +@@ -100,6 +101,10 @@ verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) + if ((r = sshkey_check_rsa_length(hostkey, + options.required_rsa_size)) != 0) + fatal_r(r, "Bad server host key"); ++ if (!key_type_allowed(hostkey, options.hostkeyalgorithms)) { ++ fatal("Server host key %s not in HostKeyAlgorithms", ++ sshkey_ssh_name(hostkey)); ++ } + if (verify_host_key(xxx_host, xxx_hostaddr, hostkey, + xxx_conn_info) != 0) + fatal("Host key verification failed."); +@@ -1608,34 +1613,37 @@ load_identity_file(Identity *id) + } + + static int +-key_type_allowed_by_config(struct sshkey *key) ++key_type_allowed(struct sshkey *key, const char *allowlist) + { +- if (match_pattern_list(sshkey_ssh_name(key), +- options.pubkey_accepted_algos, 0) == 1) ++ if (match_pattern_list(sshkey_ssh_name(key), allowlist, 0) == 1) + return 1; + + /* RSA keys/certs might be allowed by alternate signature types */ + switch (key->type) { + case KEY_RSA: +- if (match_pattern_list("rsa-sha2-512", +- options.pubkey_accepted_algos, 0) == 1) ++ if (match_pattern_list("rsa-sha2-512", allowlist, 0) == 1) + return 1; +- if (match_pattern_list("rsa-sha2-256", +- options.pubkey_accepted_algos, 0) == 1) ++ if (match_pattern_list("rsa-sha2-256", allowlist, 0) == 1) + return 1; + break; + case KEY_RSA_CERT: + if (match_pattern_list("rsa-sha2-512-cert-v01@openssh.com", +- options.pubkey_accepted_algos, 0) == 1) ++ allowlist, 0) == 1) + return 1; + if (match_pattern_list("rsa-sha2-256-cert-v01@openssh.com", +- options.pubkey_accepted_algos, 0) == 1) ++ allowlist, 0) == 1) + return 1; + break; + } + return 0; + } + ++static int ++key_type_allowed_by_config(struct sshkey *key) ++{ ++ return key_type_allowed(key, options.pubkey_accepted_algos); ++} ++ + /* obtain a list of keys from the agent */ + static int + get_agent_identities(struct ssh *ssh, int *agent_fdp, +-- +2.43.0 + diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb index 3a9010a7a4d..9267bbd2c94 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb @@ -35,6 +35,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://CVE-2025-61985.patch \ file://CVE-2025-61984.patch \ file://CVE-2026-35385.patch \ + file://CVE-2026-35387.patch \ " SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c" From patchwork Fri Jun 5 22:34:00 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89396 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6FF5CD6E7C for ; Fri, 5 Jun 2026 22:34:23 +0000 (UTC) Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6136.1780698863078199412 for ; Fri, 05 Jun 2026 15:34:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=dBovAclJ; spf=pass (domain: smile.fr, ip: 209.85.221.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f47.google.com with SMTP id ffacd0b85a97d-45fd461e4a5so1658825f8f.0 for ; Fri, 05 Jun 2026 15:34:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698861; x=1781303661; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=tKW4QvfOlDZrOt49jEMnrue6YQnB2qAOj3zUSwmrJ20=; b=dBovAclJudNYquik68IfS9IBpfw8dwjk7vWb06F+dKGkU+U/ferJLho3DcUVRfF0NY M2ysUMSqok19OHFUKx6wDL/bggO7KuPc1eEGlaO5gSNckgYB14l/D/NAnPfkb9nwKYtx rzPl4KFRxFoe+TB9huS6aasYmVarm/OBW9ws0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698861; x=1781303661; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=tKW4QvfOlDZrOt49jEMnrue6YQnB2qAOj3zUSwmrJ20=; b=b4TDKPTvPxQPA5BQSRs24sDA6/iqiWfKfJXuMsEQeExH7K4+ylGVyAx901BThog+6i m442SRk0nN8HOJXR/P1oEvw8wfgBQEMddFerXOgbVXTYTADnfFjA5l5+HUGxWcPVWAvE LRYv/6doPa45mCe6CSumujubTzgF+uirbjJgAVPQpajfNHoRuYTkBksFJv8d3aJVYRgI I4VKx+GdiDWiFUYrh2AygiioKnSLEVPd7B/QgZZi6NMNnJH2IDAxSAjyAst+BfsCq/qs iVHjg/fGz4Sa0gHsc2pUHABDcTfjKQtNmq7DrS6Fowgik6M/EAuoRRsW8wAxg6PUBBt+ PMIA== X-Gm-Message-State: AOJu0YwvdMlAcPWlHzlRpr59Flu14ffC/f7nxEVFCS4qByoTEVBWzL34 X1+H69z7ByOLtSMzbO8qST+mO5LMDTgkS6ST/+CxmJPOXWhlc3p6i9udv37b0rV0h+m4Sklff/9 sBk73 X-Gm-Gg: Acq92OEe7J6MOvy8zHVSRklM4OJBIcSPSfETwfTOOUWE2DXM338oDyKjxwknKi91waj jB74iZQWVLXY/Hd6w1s7cEU1WmR7wF5bjuZ+6m4jX3XPB2uVkvPiAMhrBWpTYHq7165v2B2jvPE AIP8OpGTEig0Ss2nxqmnPlB4gBfH9YZMJP5ZM44P2uubrGkFoKTaDliCNUgiY95lST1YwP9uf9i TlusanavVl8T51zYfCYgt1AnG3cuy6tYG/eknWCWdNh3e4kRMbSJei+hKlC0VnaSe5F4wa0gx2Z KGC3Bc4Wzp7fUJPL0xMkzLyOiSmdJeCdkiTPS9VHOjsywI8rLGOg71XJZcgezp5xDQfPBtGIWVy NnSYNUGJaIbdu6lfs/c7Z+SczHxdpmJa+gGLpeB33Lb0PMEo3UfwdorncW0DMEw1oit3sq3SYvz iIUWVFdiJ0Qz/YBixJ6Oe3PYhi6vG/Iff8rG0t845tHTlCrpolK+JixCS63WPz1JRsns0ief/zz CUzeL5g67HJVM8uwLdUKRHEh6I4AeHFgGyNNjA= X-Received: by 2002:a05:6000:54f:b0:45e:b21e:f840 with SMTP id ffacd0b85a97d-460304ec0e8mr7892994f8f.8.1780698861491; Fri, 05 Jun 2026 15:34:21 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:21 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 15/25] openssh: patch CVE-2026-35388 Date: Sat, 6 Jun 2026 00:34:00 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238202 From: Theo Gaige (Schneider Electric) Backport patch from [1] matching CVE description in [2] and change described in release note [3]. [1] https://github.com/openssh/openssh-portable/commit/c805b97b67c774e0bf922ffb29dfbcda9d7b5add [2] https://security-tracker.debian.org/tracker/CVE-2026-35388 [3] https://www.openssh.org/releasenotes.html#10.3p1 Signed-off-by: Theo Gaige (Schneider Electric) Reviewed-by: Bruno Vernay Signed-off-by: Yoann Congal --- .../openssh/openssh/CVE-2026-35388.patch | 47 +++++++++++++++++++ .../openssh/openssh_9.6p1.bb | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2026-35388.patch diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2026-35388.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2026-35388.patch new file mode 100644 index 00000000000..d5afe2538f9 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2026-35388.patch @@ -0,0 +1,47 @@ +From be42fe5ce64f2798048161a891083ef12780ca2a Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Thu, 2 Apr 2026 07:39:57 +0000 +Subject: [PATCH] upstream: add missing askpass check when using + +ControlMaster=ask/autoask and "ssh -O proxy ..."; reported by Michalis +Vasileiadis + +OpenBSD-Commit-ID: 8dd7b9b96534e9a8726916b96d36bed466d3836a + +CVE: CVE-2026-35388 +Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/c805b97b67c774e0bf922ffb29dfbcda9d7b5add] +Signed-off-by: Theo Gaige (Schneider Electric) +--- + mux.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/mux.c b/mux.c +index d598a17e2..c841feb79 100644 +--- a/mux.c ++++ b/mux.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: mux.c,v 1.101 2023/11/23 03:37:05 dtucker Exp $ */ ++/* $OpenBSD: mux.c,v 1.113 2026/04/02 07:39:57 djm Exp $ */ + /* + * Copyright (c) 2002-2008 Damien Miller + * +@@ -1137,6 +1137,16 @@ mux_master_process_proxy(struct ssh *ssh, u_int rid, + + debug_f("channel %d: proxy request", c->self); + ++ if (options.control_master == SSHCTL_MASTER_ASK || ++ options.control_master == SSHCTL_MASTER_AUTO_ASK) { ++ if (!ask_permission("Allow multiplex proxy connection?")) { ++ debug2_f("proxy refused by user"); ++ reply_error(reply, MUX_S_PERMISSION_DENIED, rid, ++ "Permission denied"); ++ return 0; ++ } ++ } ++ + c->mux_rcb = channel_proxy_downstream; + if ((r = sshbuf_put_u32(reply, MUX_S_PROXY)) != 0 || + (r = sshbuf_put_u32(reply, rid)) != 0) +-- +2.43.0 + diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb index 9267bbd2c94..a1b5d4a5535 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb @@ -36,6 +36,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://CVE-2025-61984.patch \ file://CVE-2026-35385.patch \ file://CVE-2026-35387.patch \ + file://CVE-2026-35388.patch \ " SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c" From patchwork Fri Jun 5 22:34:01 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89411 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E02DCD8C92 for ; Fri, 5 Jun 2026 22:34:26 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6137.1780698863661323686 for ; Fri, 05 Jun 2026 15:34:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=kUxdiKfZ; spf=pass (domain: smile.fr, ip: 209.85.128.53, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-490b3e03939so20525995e9.1 for ; Fri, 05 Jun 2026 15:34:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698862; x=1781303662; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=h6C72SQXjCUm3gFLuaqrBa8FeoKvznO3Fvblxr1f9C4=; b=kUxdiKfZ7BqiZw638WkDGaiC986M2Wg6z4xDfH3mjWOdWz0fcWisDwnqrIa6KKbFLn mER/fAJMW78XYdgkJ0ScZoDLMQR+BDN+h/6kKCjoVywHHQEtnuxn9abqKUrE6r3uGKCc 5tPfumUxj5IeAGUPmyagop35iw9M5634Wgdkg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698862; x=1781303662; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=h6C72SQXjCUm3gFLuaqrBa8FeoKvznO3Fvblxr1f9C4=; b=GFo5MhdTG9Y6Pya6cFVzA1Q0aSE3DseiNy4JLBiBZSFr3Lai134pcoIpELEK+9qNkH RaC+Bxyi7V3Yv7gD2uCAenixXRDGCnf30kDGD/NCVnd4lZ2seHI1hMjpTUl+79Ay/hw+ mZ/ij5VkdWX0kMx1wv1nOkc2hbDaYuUqOhULOrSwuSdsUB1NgZXx8USM+K310AdOhoPJ ZdyuqZFFlwFpogmvD/KMZRh0W9l9mKGBYlZGD7wXqZcLLt49BK8fF43MqcElnA/dins1 pFL6EydCmxBWcx+KoWb06LVG36Rqn6JyZjcpNDKhDms2bwH+bvju9/QFwDe3jAmZyS/A iTOQ== X-Gm-Message-State: AOJu0YwWRyo9i+9U/j6wRXnWUB9Hw7TJ74S8huTMOPSvNikbcVLgmBk7 0rvolWzC7A+MzOKQCyqQcxoAXcbKqyFHH2TQQy6joG2Ndj9lLDDwc+tHi9VaNCtPS2jzor61cGr IHn7X X-Gm-Gg: Acq92OFD27fi9WDnI8dRMIUc1+l1+1FXxJI+/OSmUznpJbmrY+DJVeINQRqMkHPBCsc g3dvIGQG8AmC0HmreYU+udFrTf7nezZ8PIsKuwv9fO5RiVUw/2QUWPG12RjflEc22Od9jOIR6w+ Nm7xuiAwTP0OUsp2zcHolxXx2JERABimyXWNiUWCFF2iEZBrMKNzKFmCQHltEauBZ/lX1lnezO4 c2sBo6/t2YJO7nu6LBC7NsZSL6bRvXca3soytvFALpxaNI1ZTReabc/KWeUAlLaC/GmUrBSMwGw I7EdKraySfYdds0infLAiqSKlzXF+6lMac12+y1Yjxv2ZTidpb5w8PJZ0k3o9m5zMI3EYvgjWks xn1mVXHEuayn8XbRkJQlvCK2QnUWRc7GgPGnmaNDipLhm8muhduR7jORdJKGVMSMYdQ7U9XAqC+ 92su3Ry56Nmpi/1u/ONiq55xXOOYQVN6pWV4if47Z3U4rWKt+r/82gEH1gnpPV3gtHlp99dl4s/ Aw0i6olTWJEq1C9Nn/S2eVnRFt/hAuoY+sqjRA= X-Received: by 2002:a05:600c:1986:b0:489:32b:ac0b with SMTP id 5b1f17b1804b1-490c2cc27bdmr72114905e9.6.1780698861954; Fri, 05 Jun 2026 15:34:21 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:21 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 16/25] libarchive: Fix CVE-2026-4424 Date: Sat, 6 Jun 2026 00:34:01 +0200 Message-ID: <7fa280872275e194152cc2d355ad39c81a477d50.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238203 From: Hugo SIMELIERE (Schneider Electric) Pick patches from [1] and [2] as mentioned in Debian report in [3]. [1] https://github.com/libarchive/libarchive/commit/d379dc0b2976b7207d1ad78f5ed3eb99a5b6d375 [2] https://github.com/libarchive/libarchive/commit/e1907c5832b6489c7b4198b0825f857c93a03c10 [3] https://security-tracker.debian.org/tracker/CVE-2026-4424 Signed-off-by: Hugo SIMELIERE (Schneider Electric) Reviewed-by: Bruno VERNAY Signed-off-by: Yoann Congal --- .../libarchive/CVE-2026-4424-1.patch | 61 +++++++++++++++++++ .../libarchive/CVE-2026-4424-2.patch | 28 +++++++++ .../libarchive/libarchive_3.7.9.bb | 2 + 3 files changed, 91 insertions(+) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4424-1.patch create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4424-2.patch diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2026-4424-1.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4424-1.patch new file mode 100644 index 00000000000..c8050927465 --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4424-1.patch @@ -0,0 +1,61 @@ +From fa32110f851b121a3e1c19fda347e86396fde2bd Mon Sep 17 00:00:00 2001 +From: elhananhaenel +Date: Sat, 7 Mar 2026 22:32:09 +0200 +Subject: [PATCH 1/2] rar: fix LZSS window size mismatch after PPMd block + +When a PPMd-compressed block updates dictionary_size, the LZSS window +from a prior block is not reallocated. The allocation guard only checks +if dictionary_size is zero or the window pointer is NULL, not whether +the existing window is large enough. This allows copy_from_lzss_window() +to read past the allocated buffer. + +Fix the guard to also check whether the current window is undersized. +Add bounds checks in copy_from_lzss_window() and parse_filter() as +defense in depth. + +CVE: CVE-2026-4424 +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/d379dc0b2976b7207d1ad78f5ed3eb99a5b6d375] +Signed-off-by: Hugo SIMELIERE (Schneider Electric) +--- + libarchive/archive_read_support_format_rar.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c +index 88eab627..b23be937 100644 +--- a/libarchive/archive_read_support_format_rar.c ++++ b/libarchive/archive_read_support_format_rar.c +@@ -2503,7 +2503,8 @@ parse_codes(struct archive_read *a) + return (r); + } + +- if (!rar->dictionary_size || !rar->lzss.window) ++ if (!rar->dictionary_size || !rar->lzss.window || ++ (rar->lzss.mask + 1) < rar->dictionary_size) + { + /* Seems as though dictionary sizes are not used. Even so, minimize + * memory usage as much as possible. +@@ -3104,6 +3105,11 @@ copy_from_lzss_window(struct archive_read *a, uint8_t *buffer, + + windowoffs = lzss_offset_for_position(&rar->lzss, startpos); + firstpart = lzss_size(&rar->lzss) - windowoffs; ++ if (length > lzss_size(&rar->lzss)) { ++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ++ "Bad RAR file data"); ++ return (ARCHIVE_FATAL); ++ } + if (firstpart < 0) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Bad RAR file data"); +@@ -3266,7 +3272,8 @@ parse_filter(struct archive_read *a, const uint8_t *bytes, uint16_t length, uint + else + blocklength = prog ? prog->oldfilterlength : 0; + +- if (blocklength > rar->dictionary_size) ++ if (blocklength > rar->dictionary_size || ++ blocklength > (uint32_t)(rar->lzss.mask + 1)) + return 0; + + registers[3] = PROGRAM_SYSTEM_GLOBAL_ADDRESS; +-- +2.43.0 + diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2026-4424-2.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4424-2.patch new file mode 100644 index 00000000000..a5c6ba2d2bf --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2026-4424-2.patch @@ -0,0 +1,28 @@ +From d696008467844efca026bf198a8814a8647ec2d2 Mon Sep 17 00:00:00 2001 +From: elhananhaenel +Date: Sun, 8 Mar 2026 15:29:46 +0200 +Subject: [PATCH 2/2] Fix -Wsign-compare: cast mask+1 to unsigned int + +CVE: CVE-2026-4424 +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/e1907c5832b6489c7b4198b0825f857c93a03c10] +Signed-off-by: Hugo SIMELIERE (Schneider Electric) +--- + libarchive/archive_read_support_format_rar.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c +index b23be937..a28a6cba 100644 +--- a/libarchive/archive_read_support_format_rar.c ++++ b/libarchive/archive_read_support_format_rar.c +@@ -2504,7 +2504,7 @@ parse_codes(struct archive_read *a) + } + + if (!rar->dictionary_size || !rar->lzss.window || +- (rar->lzss.mask + 1) < rar->dictionary_size) ++ (unsigned int)(rar->lzss.mask + 1) < rar->dictionary_size) + { + /* Seems as though dictionary sizes are not used. Even so, minimize + * memory usage as much as possible. +-- +2.43.0 + diff --git a/meta/recipes-extended/libarchive/libarchive_3.7.9.bb b/meta/recipes-extended/libarchive/libarchive_3.7.9.bb index de9682400a8..c167b164b4b 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.7.9.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.7.9.bb @@ -47,6 +47,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ file://CVE-2026-4111-1.patch \ file://CVE-2026-4111-2.patch \ file://CVE-2026-4426.patch \ + file://CVE-2026-4424-1.patch \ + file://CVE-2026-4424-2.patch \ " UPSTREAM_CHECK_URI = "http://libarchive.org/" From patchwork Fri Jun 5 22:34:02 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89412 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C08E5CD8C95 for ; Fri, 5 Jun 2026 22:34:26 +0000 (UTC) Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6138.1780698864150073563 for ; Fri, 05 Jun 2026 15:34:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=oi4OIvTk; spf=pass (domain: smile.fr, ip: 209.85.221.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-45fd464d51fso1378706f8f.3 for ; Fri, 05 Jun 2026 15:34:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698862; x=1781303662; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=8XUav2G762Z+sFuoS7GNyo2+T0H4U2IiIes5mb9rwlY=; b=oi4OIvTkwt3PiYolN9LJrPIPo45qTJco0tkXEDvYi/gnNeRtNf3aclKUULYfz6Njno 1A4SKilv99UFF3bHxRYLeGyhu+oQsJkez9vGP9K0ZHUdJjohsr447GkSnlVtADbU9Sx9 T45OkLUYo/o84d3LNbg27FbIOg7dqY9PPGcwU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698862; x=1781303662; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=8XUav2G762Z+sFuoS7GNyo2+T0H4U2IiIes5mb9rwlY=; b=bsaqeFMtQNHgc1ifkmg2HSZuwzuA810ZHeKX+bwGoxM5I1aLO9rgHA334t2mp3k8J6 gnN5nG5AWRnPa/4TZ2evJz/vVq+ZVxypPxH1R1kcNeAZpcAxdeN/mVI56j5nWaghAksw W2OpD5iBGq4lEOPpeV/iCNTZi6sdS0J2TOh47ALPHic5fdrjRosanh6HxPnLnrTApwxP No03ruOoy0S54nsFVR6Yprf8nraUP/Jaa1vMNooFaCYx9WemECQvHBKDZubnGjHijneW rdr/VMD1J7vDl+/p1wXjmiguplB4TzAeTXnjqqCHEH2f/OP3LO1JWed5WfKiFduZbzcf e1jg== X-Gm-Message-State: AOJu0YysiyI/jZGoxkResAwtxuenYdlS6iTBNO7TvVaRyE2vuhFw/Ov4 mqlJHGCS6/tfHkUE0yR5XLSyknkIRxaNv8koQ9qs1QD6wMReihGJIHE9LipXrz+xWUmD/l1oADy APENz X-Gm-Gg: Acq92OHnIOU+N87rg1aI+EqkZKLNdo2AjuT4aBPLEbhrn2VB+DyXcC6PMh9EiIQVA1C EDuN6Xx1CoBcl/bvRPjuc/tZvuktK61tQCYhhQMI8+zxkW1a5JBzH7xQ3mSUauX1gmsJUf7aE4Q nVcLtCsHwSouT6OmQJNXnKZMXSSi8cPTgw4kSyTfPQisX1yuwHh7zUxn3JzBoH7CAzBbNP3BuWc DBq/RvCtVHyPwHnrHFTV9rK8Kqbgos+B1LNy3FvVOhIaQnGYs8L1rItbpZcAWHEGs9hV3MdT+r9 Nmq4wfO8ZRTVNhkyVvC12i+ygfENjRCvybdyA4XXRwsKBx1qiHpScHyJs+Cc/BfOhT6k/Afm8Q7 hwMusxhHvV9natnaMEsqkNZRAuL1pbbXN5rpaoMtPWg2B1M93RbzPiHU8ICyReqR8sPhzff2cFV +8ZiHRLx2ucRSSz47sshFaCfFvPFrtz1/TI3A1UPOp71YYFmMmIiC+ADWExC91E1JxE5kKHBeHe XT4B6qAt5djvMxTcc435Nh6xFi8kgsiLB61DXI= X-Received: by 2002:adf:e011:0:10b0:43c:ef4f:79e4 with SMTP id ffacd0b85a97d-4603063a15cmr6732092f8f.37.1780698862558; Fri, 05 Jun 2026 15:34:22 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:22 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 17/25] scripts/install-buildtools: Update to 5.0.18 Date: Sat, 6 Jun 2026 00:34:02 +0200 Message-ID: <7b2955ae65d4060aaa8f3eda9f3583750606a646.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238204 From: Yoann Congal Update to the 5.0.18 release of the 5.0 series for buildtools Signed-off-by: Yoann Congal --- scripts/install-buildtools | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install-buildtools b/scripts/install-buildtools index c874494f4ab..24cb3099453 100755 --- a/scripts/install-buildtools +++ b/scripts/install-buildtools @@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout) DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools') DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto' -DEFAULT_RELEASE = 'yocto-5.0.15' -DEFAULT_INSTALLER_VERSION = '5.0.15' +DEFAULT_RELEASE = 'yocto-5.0.18' +DEFAULT_INSTALLER_VERSION = '5.0.18' DEFAULT_BUILDDATE = '202110XX' # Python version sanity check From patchwork Fri Jun 5 22:34:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89413 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9B6C3CD8C93 for ; Fri, 5 Jun 2026 22:34:26 +0000 (UTC) Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6275.1780698865453226901 for ; Fri, 05 Jun 2026 15:34:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=sK84iewo; spf=pass (domain: smile.fr, ip: 209.85.221.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-46019b190b6so1799729f8f.3 for ; Fri, 05 Jun 2026 15:34:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698864; x=1781303664; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=C0vwozuwuhb1uDc7JL6rQIb9wjaxVfxZpbKvHgjG0js=; b=sK84iewor5CBo1/TTQnljaEgen+qwjuQ52LIBTHG/liKecd9PrAExuR/mlvLnlMuJn BzVbBhWdf2tbFVn/7zwmznVALcwZIHulfCnm3okfOsyXmKNM4+2i1aqMA6VWKGG2+/cf 8oTHnjFnHX7uew8x0BBPsEbeWnWBLyJdoCBRg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698864; x=1781303664; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=C0vwozuwuhb1uDc7JL6rQIb9wjaxVfxZpbKvHgjG0js=; b=i2rF7boRFjqXkEVsuxR5ZkoGlFMNL5vJn9efJbGYab5kuJdh4352fC9xH13kFlOnRc uP1VwLJDrsVy3VojFNqt6xdxJfR9ogtAnsvMIyQWS2dnMkQOhxGU9AfRCLGGI/fCHN4H 4Hd7TA7L6XkO6c+TxLNxAbcmEZ6T3CQGtVtVR87Wp6GdRG64s4+z3zSA/giWLLn4O+lb MKjWJiK2+513sd0uaMGIPQvwdfZVch0LKJU6tdyC+3tXxJlfYSjXr7LlXKjh0135jHbu Wmqqx5TAHYNMZouMs5mHhd00POIfy8W89vYogsp63kY4kFIzJb3Mh4PobLVtlcHcj+O/ bmXA== X-Gm-Message-State: AOJu0YzMSPZ7yZpDpMe0BWXZKl5K0U4ajW1pzZhuLNgljdqbZG99bREW z44uTxTDIwIrI2GZcfQft1BGliQ4b9Ka5Q2KtuqU1I3bPynRPcPhajvL/fiVECbUpNK5gj++o+Q JtAn2 X-Gm-Gg: Acq92OEzwQkayMa2ULz8MRxI/g9cdljKEyFn3iDw5WGYAOVjtY5CInqGR5qepy2jQfe TxZ1QQnhxZQmHR3ekgONK0A09q2fladzau8BOA1X8Hs/pV9IyfKh/h1t1LGpqKHnJS9QkcuxjkU myLl7vD8IRS919QYMZYn0aI1QE5Ov08hThDhYBYJiSMukaTV2/FMxYfSdxSB0FjcYm/E1vpqMLv HruLt2KwjVFyuwgf68nbomCTPEPbs2U8NRMD0+Kdyq4Ze+I+RF3gIC0WcSosN7NDRDpOZ2MSRdZ 8AoeP9T9llOM6kfQHX1L8vUN9eh6iGUUHUNUFiIrlExD/KYASphIhKQsjUf8t2k6QgvR1r3NgMY GKaKljOqObKLjyoJFTPFPSQM8PmQwkQOMd/vnDZ2MIYTd4t/QzoatV51K+mxSHZxENL8CeDVS+l LT+VSueO+wNhRjbCLJtRq3btT/WvQ2fGL9ZdO5FZezQ4rEXnb1D3oeqk81uWBr8i5uMpLkRz0d0 mhVLtikg2YLW+FsBPCzqREvEKm12VdDeEB2P3g= X-Received: by 2002:adf:f90f:0:b0:45e:f867:39bd with SMTP id ffacd0b85a97d-4603063d402mr7134822f8f.36.1780698863841; Fri, 05 Jun 2026 15:34:23 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:22 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 18/25] classes/base: prefer gnu-prefixed HOSTTOOLS Date: Sat, 6 Jun 2026 00:34:03 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238205 From: Ross Burton Ubuntu 25.10 has changed the default coreutils implementation from GNU coreutils to uutils/coreutils. Unfortunately this causes build problems: couldn't allocate absolute path for 'null'. tail: cannot open 'standard input' for reading: No such file or directory install: failed to chown '...': Invalid argument (os error 22) Clear build failures happen in 'install' and 'tail', but there may be further breakage. Luckily, Ubuntu also installs GNU coreutils with a binary prefix of 'gnu', so whilst these issues are root-caused and fixed in either pseudo or uutils we can prefer the gnu-prefixed binaries where they are present. [ YOCTO #16028 ] Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 16f2684ebeffa72b5d90525cf9102751b68c298e) Signed-off-by: Yoann Congal --- meta/classes-global/base.bbclass | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass index ecf0fd711f7..edf2149e6f1 100644 --- a/meta/classes-global/base.bbclass +++ b/meta/classes-global/base.bbclass @@ -111,7 +111,11 @@ def setup_hosttools_dir(dest, toolsvar, d, fatal=True): # clean up dead symlink if os.path.islink(desttool): os.unlink(desttool) - srctool = bb.utils.which(path, tool, executable=True) + + # Prefer gnu-prefixed binaries, if available + srctool = (bb.utils.which(path, "gnu" + tool, executable=True) or + bb.utils.which(path, tool, executable=True)) + # gcc/g++ may link to ccache on some hosts, e.g., # /usr/local/bin/ccache/gcc -> /usr/bin/ccache, then which(gcc) # would return /usr/local/bin/ccache/gcc, but what we need is From patchwork Fri Jun 5 22:34:04 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89415 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DEB57CD8C96 for ; Fri, 5 Jun 2026 22:34:26 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6139.1780698866300708884 for ; Fri, 05 Jun 2026 15:34:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=afSY4ku2; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-490b43e2b95so19845665e9.0 for ; Fri, 05 Jun 2026 15:34:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698865; x=1781303665; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Rl4Rx9j44OGxMBVWl2z1S/8m1/MNjd3KuYgtfWo6G3w=; b=afSY4ku28OEUwbU2uJiSGYKbSyU7QhXWI903HBIokdJQPB6PXqP4HSi/ST6hFdvPNs LGPzgBcezcgOxYW3YHSD/Ui0YyTKwdXwpDjtccms0iWP71D0bHO0JviiabtVK3CU8dZj v6JDaxFnGTU9S/Fjsjl79qMi/FW+Ofnfsh9kg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698865; x=1781303665; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Rl4Rx9j44OGxMBVWl2z1S/8m1/MNjd3KuYgtfWo6G3w=; b=N/K8ILz2R3h1AQ0mmEpGYYzjXFj2AXgFxWHQKCOUaEiyTcfZ7ie+o0ReTfacMQ+Lwm gcPbMsKC9eatZxwPwluHRrIpi7fy+QnSaf6t8VeltxwmJ6jQLgU4LLoHXo+/DOJR8ZLU JAi8SY206iL73Gafer+cpyY6ERZDgfp/dUiANQfmck/LNTRqwbpcAHiN/0sqqBfMoREn FyPW5tho/7rqB2o7CXAKxwz6ke508jc9bCtYoVxnGgWZunV0cXjrKjOrC+YfG+bws71w JyU6aS6ZuJmFRlmWV6uVooKw59BbVCE6chaNcNWIsOlex9dyQLhwT57sVwYuAyGB1Mmi Bk5w== X-Gm-Message-State: AOJu0Yy+r159UbVsYCgqXMs/f7JOjcU9VbGAat1b6pBHuFOqmpWxdwKY I5wkdWuTChj+PhpJi5hP09MKSXebo6PWzwnXk+f59VsOHnyUwsgPidhuZUZF9hutq7w+tS1pnsR dc3K9 X-Gm-Gg: Acq92OGJQwfxTB81vfL425npL+DMpbV1ZXeNtgIJc2ohGqEg/3pRayRr1YkyIIJioEr 0jMieEco1OHrzM2Nl78G2ps+IFDqsDM7P1Sj6jZN0ZdHpugb3yOoxpKulggDRSaMiRey9UfjktT iRDi1QN9pc1CM0EtNEeDWhZlq3u94XxLlchUGe+GW1izV8/Ca9mGSPwg/I/iBMFccqBU8gLsi9o HWfDwnRLlisOrnHD2BReyAZsy6NY5ifGtO9C+XH5lBhC1OmQ3R0xQ8Ad71ikevqphRZvDLyX+KM +PSPiTvvHDnU1P0ACEDwfSuywGceHtT5jdaY9Cb7fV8Vw35qgQKt3JBu0UC9WbGkHAKwe92J2wQ tPTfrSKHV1W9KatR3LcKK22CAx2l2buugdvZj52LBniczWzg7PHr+38xI0HHHKVPSieJ8MPcX3A sO6jFXXjb8wFL9wOpYEcZaclpcy2zHqC+aYz6DOrsM55yjtH8m5vqfVShc6eZw6W08bDTUC5rxN voyY9rYiOouZSCtzpSjoqX4ZdX3gHD/08cmA30= X-Received: by 2002:a05:600c:45d1:b0:490:6869:46c3 with SMTP id 5b1f17b1804b1-490c26053a6mr84257265e9.30.1780698864648; Fri, 05 Jun 2026 15:34:24 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:24 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 19/25] wic: filemap: use separate fd for SEEK_HOLE probes Date: Sat, 6 Jun 2026 00:34:04 +0200 Message-ID: <37a45219dd204b07bad40576fefccb2cf85b255c.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238206 From: Trevor Woerner While working on splitting-out wic from oe-core, on my openSUSE Leap 16.0 machine, the moment I split wic out, 2 oe-selftests always failed with 100% reproducibility: - wic.ModifyTests.test_wic_cp_ext - wic.Wic2.test_expand_mbr_image In both cases the symptom is the same: the filesystem has inode tables that are completely zeroed out. Both issues are linked together to the same underlying fault. FilemapSeek._get_ranges() is a generator. Due to the nature of finding each hole/data extent one at a time using the lseek() system call, it calls os.lseek() on a raw file descriptor, then yields, then the caller, sparse_copy(), calls file.seek() + file.read() on a Python BufferedReader wrapping that same fd — then the generator resumes and calls os.lseek() again. This interleaving of raw os.lseek() and buffered I/O on the same fd is undefined behaviour from Python's perspective. The BufferedReader tracks its own idea of the fd's position and buffer contents; os.lseek() changes the position behind its back. This can corrupt its internal state and cause read() to return stale/zero data. This code, however, has existed in wic since it was written, so why was it not noticed before? It turns out this bug was being masked by a number of implementation details that changed, especially when wic was split out for oe-core. These changes conspired together to cause the bug to be triggered. One of the root causes of this bug is that Python 3.14 increased the default buffer size from 8KB to 128KB[1]. With 8 KB buffers, read()s either go through the direct-read path leaving the buffer empty, or if it fills in 8KB chunks the buffer is fully drained. Either way, with a small buffer, read()s do a real raw seek. No fast path. No corruption. With a 128KB buffer, however, a much larger window exists where BufferedReader.seek() can take the fast-path after the raw file descriptor has already been repositioned by os.lseek() in the generator. With the smaller buffer, this window was too narrow to hit in practice. This is fixed by opening a second file object in FilemapSeek.__init__() dedicated to SEEK_DATA/SEEK_HOLE probes, leaving the data-reading handle (self._f_image) untouched. This explains why the corruption is deterministic and tied to specific block boundaries, why it only manifests with the split-out version using Python 3.14 (on systems that are using Python versions less than 3.14 on the host), and why using a separate file descriptor for reading bypasses the issue entirely. This is not an intermittent bug. For a more detailed explanation including log files, in-depth analysis, and a standalone Python reproducer, please see the linked bugzilla entry. Fixes: [YOCTO #16197] [1] https://github.com/python/cpython/commit/b1b4f9625c5f2a6b2c32bc5ee91c9fef3894b5e6 b1b4f9625c5f ("gh-117151: IO performance improvement, increase io.DEFAULT_BUFFER_SIZE to 128k (GH-118144)") AI-Generated: codex/claude-opus-4.6 (xhigh) Signed-off-by: Trevor Woerner Signed-off-by: Richard Purdie (cherry picked from commit 481969844385f2fa40a1230ca50253ec4ff516cd) Signed-off-by: Yoann Congal --- scripts/lib/wic/filemap.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/scripts/lib/wic/filemap.py b/scripts/lib/wic/filemap.py index 85b39d5d743..2554e8312cc 100644 --- a/scripts/lib/wic/filemap.py +++ b/scripts/lib/wic/filemap.py @@ -201,6 +201,13 @@ class FilemapSeek(_FilemapBase): _FilemapBase.__init__(self, image, log) self._log.debug("FilemapSeek: initializing") + # Open a separate file handle for SEEK_DATA/SEEK_HOLE probes so + # that the lseek() calls do not disturb the BufferedReader state + # of self._f_image, which sparse_copy() uses for data reading. + # Sharing a single fd between os.lseek() and buffered read() + # has the potential to cause data corruption. + self._f_seek = open(self._image_path, 'rb') + self._probe_seek_hole() def _probe_seek_hole(self): @@ -244,7 +251,7 @@ class FilemapSeek(_FilemapBase): def block_is_mapped(self, block): """Refer the '_FilemapBase' class for the documentation.""" - offs = _lseek(self._f_image, block * self.block_size, _SEEK_DATA) + offs = _lseek(self._f_seek, block * self.block_size, _SEEK_DATA) if offs == -1: result = False else: @@ -265,11 +272,11 @@ class FilemapSeek(_FilemapBase): limit = end + count * self.block_size while True: - start = _lseek(self._f_image, end, whence1) + start = _lseek(self._f_seek, end, whence1) if start == -1 or start >= limit or start == self.image_size: break - end = _lseek(self._f_image, start, whence2) + end = _lseek(self._f_seek, start, whence2) if end == -1 or end == self.image_size: end = self.blocks_cnt * self.block_size if end > limit: From patchwork Fri Jun 5 22:34:05 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89421 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 264B5CD8C86 for ; Fri, 5 Jun 2026 22:34:37 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6277.1780698868222730199 for ; Fri, 05 Jun 2026 15:34:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=dFulITTx; spf=pass (domain: smile.fr, ip: 209.85.128.54, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-490aaeabdb4so14461385e9.1 for ; Fri, 05 Jun 2026 15:34:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698867; x=1781303667; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=EwbSHCK5td8n7pfTEyZNHKO7l0efTvnHhz/SN/zvTZ8=; b=dFulITTxO0xO8B1JOUJbWVya4hRyYG64qpD76j1vQZiD78/0eY8r7N9lw149XEcpsI 0XiYdiD+TGl6uMLncRSObjhDWjEMTNvL6PVJrJTCZiyYNjeq4kaI3303pkU/W5DkI5mA i9ZCMZ7MJ+7GGgDuHaMwy03ohH3MM3lvIJejI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698867; x=1781303667; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=EwbSHCK5td8n7pfTEyZNHKO7l0efTvnHhz/SN/zvTZ8=; b=lEh0yjqk3bH85Zfq5Vxq7HlM80/O01lXtbcPBsLWmHS9o7LtAnKmwdVGeV+3zjIjij icLYityo/3KDUt1ER2WnLM0pZI8Y/AFLfNxhm76PmvOOJTJSoJ3prgM3Wo8FnLG75hwW 8wodgCMSCAHQMJj1JXRGrdTs7AG8qz42aLlx8M72UjTjpgmqAAAeWPlMAjCMaT1ExcfJ zBnEZ+5blwP73VHUMUfj3tlI7AQRcPBvdjMvpvbrbH64E2OVAAFRobsQr8/px5YFJQhl OG6+BtnPsMe/QS1AUbVUHRfPwuxtRbDuGjvsvJ7+58DvydY7pzTnhIJrZPNuHALMZj/o 63uw== X-Gm-Message-State: AOJu0YyHj3uDEH/TTAaCtGWia/xgHrCjYTMoF/64zy/5ANFXqt6btM/5 /3nNGW/HkUMukWW020DTw1f8xZp1R7ayQg5YnERlxHEBKGGqQa+xWDC8+dJC0OsjQMRlMTEfqUE cWJY2 X-Gm-Gg: Acq92OFuD4+09NlrTQNo83gpm3ekHTFJqWIVgE9z3UhOwPmCls1kRF6r2JjI3Q1oRQU 9ZgdZMCVaqdiIiAMqlUwQJ//WWM2E72thZrgJ00wutkExUjLDC4087i399VU4RWX+KVRpjWSFiH 6v1V44ayq5pWrOQLg6fL33cOjTOFLECrV6MW7HVcvX0WlQGJ4Iqiry+m3W/f6xR/IqYTQFdwfdH ap2CqD8YEC88aszicBz6vDgg4jpqS6uII1xdgpAjRvhc7for0JJQDXzgjHcWgCz1gev+6FcH1EJ JgsFmyfYXiXq/9rbo8GvYN/DkBU97iJWfp4dZQfMOnsN9JgSxp7E8sgLJPz/wdtR7P7H5tOpzeI ZJfFSef3snhbzlCUnTLyxSnGzDWL1kveJ8L9ZYgbnBFV8Ypd7OwBkpTA0MsplwLGEUReTim6Cn/ LG1DJuvHzO0GTVoMhGN+l/H+A7B0S4U5kd9ZIdhgyGlgx8BBTvNqGR+FNhd0gv7mCvmQUzRti4b 47zJDoGFsVvKuX+EGgddQ9igp8i6ro0cQ07fZw= X-Received: by 2002:a05:600c:3486:b0:490:b2a6:8c2a with SMTP id 5b1f17b1804b1-490c258f419mr87624765e9.5.1780698865471; Fri, 05 Jun 2026 15:34:25 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:24 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 20/25] linux-yocto/6.6: update CVE exclusions (6.6.127) Date: Sat, 6 Jun 2026 00:34:05 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238209 From: Yoann Congal Regenerated to fix this warning: WARNING: linux-yocto-6.6.127+git-r0 do_cve_check: Kernel CVE status needs updating: generated for 6.6.123 but kernel is 6.6.127 $ ./meta/recipes-kernel/linux/generate-cve-exclusions.py .../cvelistV5/ 6.6.127 > meta/recipes-kernel/linux/cve-exclusion_6.6.inc Generated at 2026-05-27 12:02:49.732909+00:00 for kernel version 6.6.127 From cvelistV5 cve_2026-05-27_0900Z Signed-off-by: Yoann Congal --- .../linux/cve-exclusion_6.6.inc | 2462 +++++++++++++++-- 1 file changed, 2208 insertions(+), 254 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc index 99f4ebcdd9f..fcd38c56aed 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc @@ -1,11 +1,11 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2026-04-03 09:30:32.247568+00:00 for kernel version 6.6.123 -# From cvelistV5 cve_2026-04-03_0700Z +# Generated at 2026-05-27 12:02:49.732909+00:00 for kernel version 6.6.127 +# From cvelistV5 cve_2026-05-27_0900Z python check_kernel_cve_status_version() { - this_version = "6.6.123" + this_version = "6.6.127" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -6634,7 +6634,7 @@ CVE_STATUS[CVE-2023-52918] = "cpe-stable-backport: Backported in 6.6.48" CVE_STATUS[CVE-2023-52919] = "fixed-version: Fixed from version 6.6" -CVE_STATUS[CVE-2023-52920] = "cpe-stable-backport: Backported in 6.6.70" +# CVE-2023-52920 may need backporting (fixed from 6.6.140) CVE_STATUS[CVE-2023-52921] = "fixed-version: Fixed from version 6.5" @@ -6752,7 +6752,7 @@ CVE_STATUS[CVE-2023-53010] = "fixed-version: Fixed from version 6.2" CVE_STATUS[CVE-2023-53011] = "fixed-version: Fixed from version 6.2" -# CVE-2023-53012 has no known resolution +CVE_STATUS[CVE-2023-53012] = "fixed-version: Fixed from version 6.1" CVE_STATUS[CVE-2023-53013] = "fixed-version: Fixed from version 6.2" @@ -7064,7 +7064,7 @@ CVE_STATUS[CVE-2023-53185] = "fixed-version: Fixed from version 6.5" CVE_STATUS[CVE-2023-53186] = "fixed-version: Fixed from version 6.3" -# CVE-2023-53187 has no known resolution +CVE_STATUS[CVE-2023-53187] = "fixed-version: Fixed from version 5.16" CVE_STATUS[CVE-2023-53188] = "fixed-version: Fixed from version 6.3" @@ -9030,7 +9030,7 @@ CVE_STATUS[CVE-2023-54326] = "fixed-version: Fixed from version 6.5" CVE_STATUS[CVE-2023-7324] = "fixed-version: Fixed from version 6.3" -# CVE-2024-14027 may need backporting (fixed from 6.6.131) +# CVE-2024-14027 may need backporting (fixed from 6.6.133) CVE_STATUS[CVE-2024-26581] = "cpe-stable-backport: Backported in 6.6.17" @@ -9732,7 +9732,7 @@ CVE_STATUS[CVE-2024-26947] = "cpe-stable-backport: Backported in 6.6.24" # CVE-2024-26948 needs backporting (fixed from 6.9) -CVE_STATUS[CVE-2024-26949] = "fixed-version: only affects 6.7 onwards" +CVE_STATUS[CVE-2024-26949] = "fixed-version: only affects 6.7.9 onwards" CVE_STATUS[CVE-2024-26950] = "cpe-stable-backport: Backported in 6.6.24" @@ -9758,7 +9758,7 @@ CVE_STATUS[CVE-2024-26960] = "cpe-stable-backport: Backported in 6.6.24" CVE_STATUS[CVE-2024-26961] = "cpe-stable-backport: Backported in 6.6.24" -CVE_STATUS[CVE-2024-26962] = "fixed-version: only affects 6.7 onwards" +# CVE-2024-26962 may need backporting (fixed from 6.7) CVE_STATUS[CVE-2024-26963] = "cpe-stable-backport: Backported in 6.6.24" @@ -9824,7 +9824,7 @@ CVE_STATUS[CVE-2024-26995] = "fixed-version: only affects 6.8 onwards" CVE_STATUS[CVE-2024-26996] = "cpe-stable-backport: Backported in 6.6.29" -CVE_STATUS[CVE-2024-26997] = "cpe-stable-backport: Backported in 6.6.29" +CVE_STATUS[CVE-2024-26997] = "fixed-version: only affects 6.7.12 onwards" CVE_STATUS[CVE-2024-26998] = "cpe-stable-backport: Backported in 6.6.29" @@ -9874,7 +9874,7 @@ CVE_STATUS[CVE-2024-27020] = "cpe-stable-backport: Backported in 6.6.29" CVE_STATUS[CVE-2024-27021] = "fixed-version: only affects 6.8 onwards" -# CVE-2024-27022 needs backporting (fixed from 6.9) +# CVE-2024-27022 may need backporting (fixed from 6.6.134) CVE_STATUS[CVE-2024-27023] = "cpe-stable-backport: Backported in 6.6.19" @@ -10460,7 +10460,7 @@ CVE_STATUS[CVE-2024-35981] = "cpe-stable-backport: Backported in 6.6.29" CVE_STATUS[CVE-2024-35982] = "cpe-stable-backport: Backported in 6.6.28" -CVE_STATUS[CVE-2024-35983] = "cpe-stable-backport: Backported in 6.6.30" +CVE_STATUS[CVE-2024-35983] = "fixed-version: only affects 6.7.12 onwards" CVE_STATUS[CVE-2024-35984] = "cpe-stable-backport: Backported in 6.6.30" @@ -10498,7 +10498,7 @@ CVE_STATUS[CVE-2024-36000] = "cpe-stable-backport: Backported in 6.6.30" CVE_STATUS[CVE-2024-36001] = "fixed-version: only affects 6.8 onwards" -CVE_STATUS[CVE-2024-36002] = "fixed-version: only affects 6.8.2 onwards" +CVE_STATUS[CVE-2024-36002] = "fixed-version: only affects 6.7.11 onwards" CVE_STATUS[CVE-2024-36003] = "cpe-stable-backport: Backported in 6.6.30" @@ -10568,7 +10568,7 @@ CVE_STATUS[CVE-2024-36281] = "cpe-stable-backport: Backported in 6.6.33" CVE_STATUS[CVE-2024-36286] = "cpe-stable-backport: Backported in 6.6.33" -CVE_STATUS[CVE-2024-36288] = "fixed-version: only affects 6.9.3 onwards" +CVE_STATUS[CVE-2024-36288] = "fixed-version: only affects 6.8.12 onwards" CVE_STATUS[CVE-2024-36476] = "cpe-stable-backport: Backported in 6.6.70" @@ -10806,7 +10806,7 @@ CVE_STATUS[CVE-2024-38540] = "cpe-stable-backport: Backported in 6.6.33" CVE_STATUS[CVE-2024-38541] = "cpe-stable-backport: Backported in 6.6.33" -CVE_STATUS[CVE-2024-38542] = "fixed-version: only affects 6.8 onwards" +CVE_STATUS[CVE-2024-38542] = "fixed-version: only affects 6.8.2 onwards" CVE_STATUS[CVE-2024-38543] = "cpe-stable-backport: Backported in 6.6.33" @@ -10912,7 +10912,7 @@ CVE_STATUS[CVE-2024-38593] = "cpe-stable-backport: Backported in 6.6.33" CVE_STATUS[CVE-2024-38594] = "cpe-stable-backport: Backported in 6.6.55" -CVE_STATUS[CVE-2024-38595] = "fixed-version: only affects 6.8 onwards" +CVE_STATUS[CVE-2024-38595] = "fixed-version: only affects 6.8.7 onwards" CVE_STATUS[CVE-2024-38596] = "cpe-stable-backport: Backported in 6.6.33" @@ -11172,9 +11172,9 @@ CVE_STATUS[CVE-2024-40918] = "cpe-stable-backport: Backported in 6.6.35" CVE_STATUS[CVE-2024-40919] = "cpe-stable-backport: Backported in 6.6.35" -CVE_STATUS[CVE-2024-40920] = "cpe-stable-backport: Backported in 6.6.35" +CVE_STATUS[CVE-2024-40920] = "fixed-version: only affects 6.8.12 onwards" -CVE_STATUS[CVE-2024-40921] = "cpe-stable-backport: Backported in 6.6.35" +CVE_STATUS[CVE-2024-40921] = "fixed-version: only affects 6.8.12 onwards" CVE_STATUS[CVE-2024-40922] = "cpe-stable-backport: Backported in 6.6.35" @@ -11300,7 +11300,7 @@ CVE_STATUS[CVE-2024-40984] = "cpe-stable-backport: Backported in 6.6.36" CVE_STATUS[CVE-2024-40985] = "fixed-version: only affects 6.7 onwards" -CVE_STATUS[CVE-2024-40986] = "fixed-version: only affects 6.9 onwards" +CVE_STATUS[CVE-2024-40986] = "fixed-version: only affects 6.8.9 onwards" CVE_STATUS[CVE-2024-40987] = "cpe-stable-backport: Backported in 6.6.36" @@ -11624,9 +11624,9 @@ CVE_STATUS[CVE-2024-42109] = "cpe-stable-backport: Backported in 6.6.39" CVE_STATUS[CVE-2024-42110] = "cpe-stable-backport: Backported in 6.6.39" -CVE_STATUS[CVE-2024-42111] = "fixed-version: only affects 6.9 onwards" +CVE_STATUS[CVE-2024-42111] = "fixed-version: only affects 6.8.10 onwards" -CVE_STATUS[CVE-2024-42112] = "fixed-version: only affects 6.9 onwards" +CVE_STATUS[CVE-2024-42112] = "fixed-version: only affects 6.8.12 onwards" CVE_STATUS[CVE-2024-42113] = "cpe-stable-backport: Backported in 6.6.39" @@ -11696,7 +11696,7 @@ CVE_STATUS[CVE-2024-42148] = "cpe-stable-backport: Backported in 6.6.39" CVE_STATUS[CVE-2024-42149] = "fixed-version: only affects 6.8 onwards" -CVE_STATUS[CVE-2024-42150] = "fixed-version: only affects 6.9 onwards" +CVE_STATUS[CVE-2024-42150] = "fixed-version: only affects 6.8.12 onwards" CVE_STATUS[CVE-2024-42151] = "fixed-version: only affects 6.8 onwards" @@ -11930,7 +11930,7 @@ CVE_STATUS[CVE-2024-43818] = "cpe-stable-backport: Backported in 6.6.44" # CVE-2024-43819 needs backporting (fixed from 6.11) -CVE_STATUS[CVE-2024-43820] = "fixed-version: only affects 6.9 onwards" +CVE_STATUS[CVE-2024-43820] = "fixed-version: only affects 6.7.12 onwards" CVE_STATUS[CVE-2024-43821] = "cpe-stable-backport: Backported in 6.6.44" @@ -11966,7 +11966,7 @@ CVE_STATUS[CVE-2024-43836] = "fixed-version: only affects 6.10 onwards" CVE_STATUS[CVE-2024-43837] = "cpe-stable-backport: Backported in 6.6.44" -CVE_STATUS[CVE-2024-43838] = "fixed-version: only affects 6.10 onwards" +CVE_STATUS[CVE-2024-43838] = "fixed-version: only affects 6.9.8 onwards" CVE_STATUS[CVE-2024-43839] = "cpe-stable-backport: Backported in 6.6.44" @@ -12152,7 +12152,7 @@ CVE_STATUS[CVE-2024-44949] = "cpe-stable-backport: Backported in 6.6.46" CVE_STATUS[CVE-2024-44950] = "cpe-stable-backport: Backported in 6.6.64" -CVE_STATUS[CVE-2024-44951] = "fixed-version: only affects 6.8 onwards" +# CVE-2024-44951 may need backporting (fixed from 6.7) CVE_STATUS[CVE-2024-44953] = "fixed-version: only affects 6.8 onwards" @@ -12810,7 +12810,7 @@ CVE_STATUS[CVE-2024-47709] = "cpe-stable-backport: Backported in 6.6.54" CVE_STATUS[CVE-2024-47710] = "cpe-stable-backport: Backported in 6.6.54" -CVE_STATUS[CVE-2024-47711] = "fixed-version: only affects 6.10 onwards" +CVE_STATUS[CVE-2024-47711] = "fixed-version: only affects 6.9.8 onwards" CVE_STATUS[CVE-2024-47712] = "cpe-stable-backport: Backported in 6.6.54" @@ -12928,7 +12928,7 @@ CVE_STATUS[CVE-2024-49852] = "cpe-stable-backport: Backported in 6.6.54" CVE_STATUS[CVE-2024-49853] = "cpe-stable-backport: Backported in 6.6.54" -# CVE-2024-49854 has no known resolution +CVE_STATUS[CVE-2024-49854] = "fixed-version: Fixed from version 5.11" CVE_STATUS[CVE-2024-49855] = "cpe-stable-backport: Backported in 6.6.54" @@ -13292,7 +13292,7 @@ CVE_STATUS[CVE-2024-50040] = "cpe-stable-backport: Backported in 6.6.57" CVE_STATUS[CVE-2024-50041] = "cpe-stable-backport: Backported in 6.6.57" -CVE_STATUS[CVE-2024-50042] = "fixed-version: only affects 6.8 onwards" +CVE_STATUS[CVE-2024-50042] = "fixed-version: only affects 6.7.10 onwards" CVE_STATUS[CVE-2024-50043] = "fixed-version: only affects 6.9 onwards" @@ -13392,7 +13392,7 @@ CVE_STATUS[CVE-2024-50095] = "cpe-stable-backport: Backported in 6.6.57" CVE_STATUS[CVE-2024-50096] = "cpe-stable-backport: Backported in 6.6.57" -CVE_STATUS[CVE-2024-50097] = "cpe-stable-backport: Backported in 6.6.57" +CVE_STATUS[CVE-2024-50097] = "fixed-version: only affects 6.10.14 onwards" CVE_STATUS[CVE-2024-50098] = "cpe-stable-backport: Backported in 6.6.58" @@ -13602,13 +13602,13 @@ CVE_STATUS[CVE-2024-50201] = "cpe-stable-backport: Backported in 6.6.58" CVE_STATUS[CVE-2024-50202] = "cpe-stable-backport: Backported in 6.6.58" -CVE_STATUS[CVE-2024-50203] = "fixed-version: only affects 6.11 onwards" +CVE_STATUS[CVE-2024-50203] = "fixed-version: only affects 6.10.3 onwards" CVE_STATUS[CVE-2024-50204] = "fixed-version: only affects 6.11 onwards" CVE_STATUS[CVE-2024-50205] = "cpe-stable-backport: Backported in 6.6.59" -CVE_STATUS[CVE-2024-50206] = "fixed-version: only affects 6.10 onwards" +CVE_STATUS[CVE-2024-50206] = "fixed-version: only affects 6.9.6 onwards" CVE_STATUS[CVE-2024-50207] = "fixed-version: only affects 6.8 onwards" @@ -13668,13 +13668,13 @@ CVE_STATUS[CVE-2024-50236] = "cpe-stable-backport: Backported in 6.6.60" CVE_STATUS[CVE-2024-50237] = "cpe-stable-backport: Backported in 6.6.60" -CVE_STATUS[CVE-2024-50238] = "fixed-version: only affects 6.9 onwards" +CVE_STATUS[CVE-2024-50238] = "fixed-version: only affects 6.8.2 onwards" CVE_STATUS[CVE-2024-50239] = "cpe-stable-backport: Backported in 6.6.60" CVE_STATUS[CVE-2024-50240] = "cpe-stable-backport: Backported in 6.6.60" -CVE_STATUS[CVE-2024-50241] = "fixed-version: only affects 6.11.3 onwards" +CVE_STATUS[CVE-2024-50241] = "fixed-version: only affects 6.10.14 onwards" CVE_STATUS[CVE-2024-50242] = "cpe-stable-backport: Backported in 6.6.60" @@ -13690,7 +13690,7 @@ CVE_STATUS[CVE-2024-50247] = "cpe-stable-backport: Backported in 6.6.60" CVE_STATUS[CVE-2024-50248] = "cpe-stable-backport: Backported in 6.6.60" -CVE_STATUS[CVE-2024-50249] = "cpe-stable-backport: Backported in 6.6.60" +CVE_STATUS[CVE-2024-50249] = "fixed-version: only affects 6.10.13 onwards" CVE_STATUS[CVE-2024-50250] = "cpe-stable-backport: Backported in 6.6.60" @@ -13754,7 +13754,7 @@ CVE_STATUS[CVE-2024-50279] = "cpe-stable-backport: Backported in 6.6.61" CVE_STATUS[CVE-2024-50280] = "cpe-stable-backport: Backported in 6.6.61" -CVE_STATUS[CVE-2024-50281] = "fixed-version: only affects 6.11 onwards" +CVE_STATUS[CVE-2024-50281] = "fixed-version: only affects 6.10.7 onwards" CVE_STATUS[CVE-2024-50282] = "cpe-stable-backport: Backported in 6.6.61" @@ -13874,7 +13874,7 @@ CVE_STATUS[CVE-2024-53071] = "fixed-version: only affects 6.10 onwards" CVE_STATUS[CVE-2024-53072] = "cpe-stable-backport: Backported in 6.6.61" -CVE_STATUS[CVE-2024-53073] = "fixed-version: only affects 6.11.3 onwards" +CVE_STATUS[CVE-2024-53073] = "fixed-version: only affects 6.10.14 onwards" CVE_STATUS[CVE-2024-53074] = "fixed-version: only affects 6.9 onwards" @@ -13922,7 +13922,7 @@ CVE_STATUS[CVE-2024-53095] = "cpe-stable-backport: Backported in 6.6.62" CVE_STATUS[CVE-2024-53096] = "cpe-stable-backport: Backported in 6.6.63" -CVE_STATUS[CVE-2024-53097] = "cpe-stable-backport: Backported in 6.6.62" +CVE_STATUS[CVE-2024-53097] = "fixed-version: only affects 6.10.14 onwards" CVE_STATUS[CVE-2024-53098] = "fixed-version: only affects 6.8 onwards" @@ -13956,7 +13956,7 @@ CVE_STATUS[CVE-2024-53113] = "cpe-stable-backport: Backported in 6.6.63" # CVE-2024-53114 needs backporting (fixed from 6.12) -CVE_STATUS[CVE-2024-53115] = "fixed-version: only affects 6.11 onwards" +CVE_STATUS[CVE-2024-53115] = "fixed-version: only affects 6.10.4 onwards" CVE_STATUS[CVE-2024-53116] = "fixed-version: only affects 6.10 onwards" @@ -13992,7 +13992,7 @@ CVE_STATUS[CVE-2024-53131] = "cpe-stable-backport: Backported in 6.6.63" CVE_STATUS[CVE-2024-53132] = "fixed-version: only affects 6.11 onwards" -CVE_STATUS[CVE-2024-53133] = "fixed-version: only affects 6.8 onwards" +CVE_STATUS[CVE-2024-53133] = "fixed-version: only affects 6.7.12 onwards" CVE_STATUS[CVE-2024-53134] = "cpe-stable-backport: Backported in 6.6.63" @@ -14062,7 +14062,7 @@ CVE_STATUS[CVE-2024-53167] = "fixed-version: only affects 6.11 onwards" CVE_STATUS[CVE-2024-53168] = "cpe-stable-backport: Backported in 6.6.64" -CVE_STATUS[CVE-2024-53169] = "fixed-version: only affects 6.11 onwards" +CVE_STATUS[CVE-2024-53169] = "fixed-version: only affects 6.10.7 onwards" CVE_STATUS[CVE-2024-53170] = "cpe-stable-backport: Backported in 6.6.74" @@ -14126,7 +14126,7 @@ CVE_STATUS[CVE-2024-53199] = "fixed-version: only affects 6.11 onwards" CVE_STATUS[CVE-2024-53200] = "cpe-stable-backport: Backported in 6.6.64" -CVE_STATUS[CVE-2024-53201] = "fixed-version: only affects 6.11 onwards" +CVE_STATUS[CVE-2024-53201] = "fixed-version: only affects 6.11.3 onwards" CVE_STATUS[CVE-2024-53202] = "cpe-stable-backport: Backported in 6.6.64" @@ -14222,7 +14222,7 @@ CVE_STATUS[CVE-2024-53690] = "cpe-stable-backport: Backported in 6.6.68" CVE_STATUS[CVE-2024-54031] = "cpe-stable-backport: Backported in 6.6.70" -CVE_STATUS[CVE-2024-54191] = "fixed-version: only affects 6.12.2 onwards" +CVE_STATUS[CVE-2024-54191] = "fixed-version: only affects 6.11.11 onwards" CVE_STATUS[CVE-2024-54193] = "fixed-version: only affects 6.7 onwards" @@ -14232,7 +14232,7 @@ CVE_STATUS[CVE-2024-54456] = "cpe-stable-backport: Backported in 6.6.79" CVE_STATUS[CVE-2024-54458] = "cpe-stable-backport: Backported in 6.6.79" -CVE_STATUS[CVE-2024-54460] = "fixed-version: only affects 6.9 onwards" +CVE_STATUS[CVE-2024-54460] = "fixed-version: only affects 6.8.12 onwards" CVE_STATUS[CVE-2024-54683] = "cpe-stable-backport: Backported in 6.6.67" @@ -14274,7 +14274,7 @@ CVE_STATUS[CVE-2024-56540] = "fixed-version: only affects 6.8 onwards" CVE_STATUS[CVE-2024-56541] = "fixed-version: only affects 6.10 onwards" -CVE_STATUS[CVE-2024-56542] = "fixed-version: only affects 6.11 onwards" +CVE_STATUS[CVE-2024-56542] = "fixed-version: only affects 6.11.2 onwards" CVE_STATUS[CVE-2024-56543] = "cpe-stable-backport: Backported in 6.6.64" @@ -14290,7 +14290,7 @@ CVE_STATUS[CVE-2024-56548] = "cpe-stable-backport: Backported in 6.6.64" CVE_STATUS[CVE-2024-56549] = "cpe-stable-backport: Backported in 6.6.78" -CVE_STATUS[CVE-2024-56550] = "fixed-version: only affects 6.10 onwards" +CVE_STATUS[CVE-2024-56550] = "fixed-version: only affects 6.9.4 onwards" CVE_STATUS[CVE-2024-56551] = "cpe-stable-backport: Backported in 6.6.64" @@ -14312,7 +14312,7 @@ CVE_STATUS[CVE-2024-56559] = "fixed-version: only affects 6.9 onwards" CVE_STATUS[CVE-2024-56560] = "fixed-version: only affects 6.12 onwards" -CVE_STATUS[CVE-2024-56561] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2024-56561] = "fixed-version: only affects 6.11.4 onwards" CVE_STATUS[CVE-2024-56562] = "cpe-stable-backport: Backported in 6.6.64" @@ -14482,7 +14482,7 @@ CVE_STATUS[CVE-2024-56645] = "cpe-stable-backport: Backported in 6.6.66" CVE_STATUS[CVE-2024-56646] = "fixed-version: only affects 6.9 onwards" -# CVE-2024-56647 needs backporting (fixed from 6.13) +# CVE-2024-56647 may need backporting (fixed from 6.6.140) CVE_STATUS[CVE-2024-56648] = "cpe-stable-backport: Backported in 6.6.66" @@ -14728,7 +14728,7 @@ CVE_STATUS[CVE-2024-56779] = "cpe-stable-backport: Backported in 6.6.64" CVE_STATUS[CVE-2024-56780] = "cpe-stable-backport: Backported in 6.6.64" -CVE_STATUS[CVE-2024-56782] = "fixed-version: only affects 6.9 onwards" +CVE_STATUS[CVE-2024-56782] = "fixed-version: only affects 6.8.6 onwards" CVE_STATUS[CVE-2024-56783] = "cpe-stable-backport: Backported in 6.6.66" @@ -14760,7 +14760,7 @@ CVE_STATUS[CVE-2024-57802] = "cpe-stable-backport: Backported in 6.6.70" # CVE-2024-57804 needs backporting (fixed from 6.13) -CVE_STATUS[CVE-2024-57805] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2024-57805] = "fixed-version: only affects 6.11.6 onwards" CVE_STATUS[CVE-2024-57806] = "fixed-version: only affects 6.7 onwards" @@ -14784,7 +14784,7 @@ CVE_STATUS[CVE-2024-57849] = "cpe-stable-backport: Backported in 6.6.66" CVE_STATUS[CVE-2024-57850] = "cpe-stable-backport: Backported in 6.6.66" -CVE_STATUS[CVE-2024-57852] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2024-57852] = "fixed-version: only affects 6.11.8 onwards" # CVE-2024-57857 needs backporting (fixed from 6.13) @@ -14800,7 +14800,7 @@ CVE_STATUS[CVE-2024-57877] = "fixed-version: only affects 6.12 onwards" CVE_STATUS[CVE-2024-57878] = "fixed-version: only affects 6.9 onwards" -CVE_STATUS[CVE-2024-57879] = "fixed-version: only affects 6.9 onwards" +CVE_STATUS[CVE-2024-57879] = "fixed-version: only affects 6.8.12 onwards" CVE_STATUS[CVE-2024-57880] = "fixed-version: only affects 6.10 onwards" @@ -14906,7 +14906,7 @@ CVE_STATUS[CVE-2024-57933] = "cpe-stable-backport: Backported in 6.6.70" CVE_STATUS[CVE-2024-57934] = "fixed-version: only affects 6.11 onwards" -CVE_STATUS[CVE-2024-57935] = "fixed-version: only affects 6.12.2 onwards" +CVE_STATUS[CVE-2024-57935] = "fixed-version: only affects 6.11.11 onwards" CVE_STATUS[CVE-2024-57936] = "fixed-version: only affects 6.12 onwards" @@ -14938,7 +14938,7 @@ CVE_STATUS[CVE-2024-57950] = "fixed-version: only affects 6.11 onwards" CVE_STATUS[CVE-2024-57951] = "cpe-stable-backport: Backported in 6.6.74" -CVE_STATUS[CVE-2024-57952] = "fixed-version: only affects 6.11 onwards" +CVE_STATUS[CVE-2024-57952] = "fixed-version: only affects 6.10.7 onwards" CVE_STATUS[CVE-2024-57953] = "fixed-version: only affects 6.8 onwards" @@ -14976,7 +14976,7 @@ CVE_STATUS[CVE-2024-57988] = "fixed-version: only affects 6.9 onwards" CVE_STATUS[CVE-2024-57989] = "fixed-version: only affects 6.11 onwards" -CVE_STATUS[CVE-2024-57990] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2024-57990] = "fixed-version: only affects 6.10.13 onwards" CVE_STATUS[CVE-2024-57991] = "fixed-version: only affects 6.13 onwards" @@ -15012,7 +15012,7 @@ CVE_STATUS[CVE-2024-58005] = "cpe-stable-backport: Backported in 6.6.78" CVE_STATUS[CVE-2024-58007] = "cpe-stable-backport: Backported in 6.6.78" -CVE_STATUS[CVE-2024-58008] = "fixed-version: only affects 6.11 onwards" +CVE_STATUS[CVE-2024-58008] = "fixed-version: only affects 6.10.7 onwards" CVE_STATUS[CVE-2024-58009] = "cpe-stable-backport: Backported in 6.6.78" @@ -15106,7 +15106,7 @@ CVE_STATUS[CVE-2024-58079] = "cpe-stable-backport: Backported in 6.6.78" CVE_STATUS[CVE-2024-58080] = "cpe-stable-backport: Backported in 6.6.78" -CVE_STATUS[CVE-2024-58081] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2024-58081] = "fixed-version: only affects 6.11.10 onwards" CVE_STATUS[CVE-2024-58082] = "fixed-version: only affects 6.7 onwards" @@ -15154,7 +15154,7 @@ CVE_STATUS[CVE-2024-58239] = "cpe-stable-backport: Backported in 6.6.19" CVE_STATUS[CVE-2024-58240] = "cpe-stable-backport: Backported in 6.6.21" -CVE_STATUS[CVE-2024-58241] = "fixed-version: only affects 6.10 onwards" +# CVE-2024-58241 may need backporting (fixed from 6.7) CVE_STATUS[CVE-2025-21629] = "cpe-stable-backport: Backported in 6.6.70" @@ -15368,7 +15368,7 @@ CVE_STATUS[CVE-2025-21737] = "fixed-version: only affects 6.10 onwards" CVE_STATUS[CVE-2025-21738] = "cpe-stable-backport: Backported in 6.6.78" -# CVE-2025-21739 needs backporting (fixed from 6.14) +# CVE-2025-21739 may need backporting (fixed from 6.6.135) CVE_STATUS[CVE-2025-21741] = "cpe-stable-backport: Backported in 6.6.78" @@ -15392,7 +15392,7 @@ CVE_STATUS[CVE-2025-21750] = "cpe-stable-backport: Backported in 6.6.78" CVE_STATUS[CVE-2025-21751] = "fixed-version: only affects 6.12 onwards" -CVE_STATUS[CVE-2025-21752] = "fixed-version: only affects 6.7 onwards" +CVE_STATUS[CVE-2025-21752] = "fixed-version: only affects 6.6.130 onwards" CVE_STATUS[CVE-2025-21753] = "cpe-stable-backport: Backported in 6.6.78" @@ -15502,7 +15502,7 @@ CVE_STATUS[CVE-2025-21807] = "fixed-version: only affects 6.9 onwards" CVE_STATUS[CVE-2025-21808] = "cpe-stable-backport: Backported in 6.6.76" -CVE_STATUS[CVE-2025-21809] = "fixed-version: only affects 6.8 onwards" +CVE_STATUS[CVE-2025-21809] = "fixed-version: only affects 6.7.3 onwards" CVE_STATUS[CVE-2025-21810] = "cpe-stable-backport: Backported in 6.6.76" @@ -15510,7 +15510,7 @@ CVE_STATUS[CVE-2025-21811] = "cpe-stable-backport: Backported in 6.6.76" CVE_STATUS[CVE-2025-21812] = "cpe-stable-backport: Backported in 6.6.76" -CVE_STATUS[CVE-2025-21813] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-21813] = "fixed-version: only affects 6.12.11 onwards" CVE_STATUS[CVE-2025-21814] = "cpe-stable-backport: Backported in 6.6.78" @@ -15684,7 +15684,7 @@ CVE_STATUS[CVE-2025-21900] = "fixed-version: only affects 6.11 onwards" CVE_STATUS[CVE-2025-21901] = "fixed-version: only affects 6.12 onwards" -CVE_STATUS[CVE-2025-21902] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-21902] = "fixed-version: only affects 6.12.5 onwards" CVE_STATUS[CVE-2025-21903] = "fixed-version: only affects 6.7 onwards" @@ -15932,17 +15932,17 @@ CVE_STATUS[CVE-2025-22024] = "fixed-version: only affects 6.10 onwards" CVE_STATUS[CVE-2025-22025] = "cpe-stable-backport: Backported in 6.6.87" -# CVE-2025-22026 may need backporting (fixed from 6.6.125) +CVE_STATUS[CVE-2025-22026] = "cpe-stable-backport: Backported in 6.6.125" CVE_STATUS[CVE-2025-22027] = "cpe-stable-backport: Backported in 6.6.87" CVE_STATUS[CVE-2025-22028] = "cpe-stable-backport: Backported in 6.6.89" -CVE_STATUS[CVE-2025-22030] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-22030] = "fixed-version: only affects 6.12.12 onwards" CVE_STATUS[CVE-2025-22031] = "fixed-version: only affects 6.13 onwards" -CVE_STATUS[CVE-2025-22032] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-22032] = "fixed-version: only affects 6.12.13 onwards" CVE_STATUS[CVE-2025-22033] = "cpe-stable-backport: Backported in 6.6.87" @@ -16016,7 +16016,7 @@ CVE_STATUS[CVE-2025-22067] = "fixed-version: only affects 6.12 onwards" CVE_STATUS[CVE-2025-22068] = "fixed-version: only affects 6.7 onwards" -CVE_STATUS[CVE-2025-22069] = "fixed-version: only affects 6.14 onwards" +CVE_STATUS[CVE-2025-22069] = "fixed-version: only affects 6.12.75 onwards" # CVE-2025-22070 needs backporting (fixed from 6.15) @@ -16102,7 +16102,7 @@ CVE_STATUS[CVE-2025-22110] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-22111] = "cpe-stable-backport: Backported in 6.6.120" -CVE_STATUS[CVE-2025-22112] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-22112] = "fixed-version: only affects 6.12.20 onwards" # CVE-2025-22113 needs backporting (fixed from 6.15) @@ -16126,9 +16126,9 @@ CVE_STATUS[CVE-2025-22122] = "fixed-version: only affects 6.12 onwards" CVE_STATUS[CVE-2025-22123] = "fixed-version: only affects 6.9 onwards" -CVE_STATUS[CVE-2025-22124] = "fixed-version: only affects 6.11 onwards" +# CVE-2025-22124 may need backporting (fixed from 6.7) -# CVE-2025-22125 needs backporting (fixed from 6.15) +# CVE-2025-22125 may need backporting (fixed from 6.6.136) CVE_STATUS[CVE-2025-22126] = "cpe-stable-backport: Backported in 6.6.88" @@ -16136,7 +16136,7 @@ CVE_STATUS[CVE-2025-22126] = "cpe-stable-backport: Backported in 6.6.88" CVE_STATUS[CVE-2025-22128] = "fixed-version: only affects 6.8 onwards" -CVE_STATUS[CVE-2025-23129] = "fixed-version: only affects 6.7 onwards" +# CVE-2025-23129 may need backporting (fixed from 6.7) # CVE-2025-23130 needs backporting (fixed from 6.15) @@ -16222,13 +16222,13 @@ CVE_STATUS[CVE-2025-37745] = "fixed-version: only affects 6.9 onwards" CVE_STATUS[CVE-2025-37746] = "fixed-version: only affects 6.8 onwards" -CVE_STATUS[CVE-2025-37747] = "fixed-version: only affects 6.11 onwards" +# CVE-2025-37747 may need backporting (fixed from 6.7) CVE_STATUS[CVE-2025-37748] = "cpe-stable-backport: Backported in 6.6.88" CVE_STATUS[CVE-2025-37749] = "cpe-stable-backport: Backported in 6.6.88" -CVE_STATUS[CVE-2025-37750] = "fixed-version: only affects 6.12 onwards" +# CVE-2025-37750 may need backporting (fixed from 6.7) CVE_STATUS[CVE-2025-37751] = "fixed-version: only affects 6.14 onwards" @@ -16246,7 +16246,7 @@ CVE_STATUS[CVE-2025-37758] = "cpe-stable-backport: Backported in 6.6.88" # CVE-2025-37759 needs backporting (fixed from 6.15) -CVE_STATUS[CVE-2025-37760] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-37760] = "fixed-version: only affects 6.12.19 onwards" CVE_STATUS[CVE-2025-37761] = "fixed-version: only affects 6.8 onwards" @@ -16348,7 +16348,7 @@ CVE_STATUS[CVE-2025-37812] = "cpe-stable-backport: Backported in 6.6.89" CVE_STATUS[CVE-2025-37813] = "cpe-stable-backport: Backported in 6.6.89" -CVE_STATUS[CVE-2025-37814] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-37814] = "fixed-version: only affects 6.12.14 onwards" CVE_STATUS[CVE-2025-37815] = "cpe-stable-backport: Backported in 6.6.89" @@ -16374,7 +16374,7 @@ CVE_STATUS[CVE-2025-37825] = "fixed-version: only affects 6.14 onwards" # CVE-2025-37826 needs backporting (fixed from 6.15) -CVE_STATUS[CVE-2025-37827] = "fixed-version: only affects 6.11 onwards" +CVE_STATUS[CVE-2025-37827] = "fixed-version: only affects 6.10.10 onwards" CVE_STATUS[CVE-2025-37828] = "cpe-stable-backport: Backported in 6.6.89" @@ -16406,7 +16406,7 @@ CVE_STATUS[CVE-2025-37843] = "fixed-version: only affects 6.11 onwards" CVE_STATUS[CVE-2025-37844] = "cpe-stable-backport: Backported in 6.6.88" -CVE_STATUS[CVE-2025-37845] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-37845] = "fixed-version: only affects 6.12.21 onwards" CVE_STATUS[CVE-2025-37846] = "fixed-version: only affects 6.7 onwards" @@ -16452,13 +16452,13 @@ CVE_STATUS[CVE-2025-37866] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-37867] = "cpe-stable-backport: Backported in 6.6.88" -CVE_STATUS[CVE-2025-37868] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-37868] = "fixed-version: only affects 6.12.19 onwards" CVE_STATUS[CVE-2025-37869] = "fixed-version: only affects 6.8 onwards" # CVE-2025-37870 needs backporting (fixed from 6.15) -CVE_STATUS[CVE-2025-37871] = "cpe-stable-backport: Backported in 6.6.88" +CVE_STATUS[CVE-2025-37871] = "fixed-version: only affects 6.13.11 onwards" CVE_STATUS[CVE-2025-37872] = "fixed-version: only affects 6.8 onwards" @@ -16472,7 +16472,7 @@ CVE_STATUS[CVE-2025-37876] = "fixed-version: only affects 6.8 onwards" CVE_STATUS[CVE-2025-37877] = "fixed-version: only affects 6.12 onwards" -CVE_STATUS[CVE-2025-37878] = "fixed-version: only affects 6.12.24 onwards" +CVE_STATUS[CVE-2025-37878] = "fixed-version: only affects 6.13.12 onwards" CVE_STATUS[CVE-2025-37879] = "cpe-stable-backport: Backported in 6.6.89" @@ -16506,7 +16506,7 @@ CVE_STATUS[CVE-2025-37893] = "cpe-stable-backport: Backported in 6.6.87" CVE_STATUS[CVE-2025-37894] = "fixed-version: only affects 6.10 onwards" -CVE_STATUS[CVE-2025-37895] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-37895] = "fixed-version: only affects 6.12.10 onwards" CVE_STATUS[CVE-2025-37896] = "fixed-version: only affects 6.14 onwards" @@ -16572,7 +16572,7 @@ CVE_STATUS[CVE-2025-37927] = "cpe-stable-backport: Backported in 6.6.90" CVE_STATUS[CVE-2025-37928] = "cpe-stable-backport: Backported in 6.6.90" -CVE_STATUS[CVE-2025-37929] = "cpe-stable-backport: Backported in 6.6.90" +CVE_STATUS[CVE-2025-37929] = "fixed-version: only affects 6.13.12 onwards" CVE_STATUS[CVE-2025-37930] = "cpe-stable-backport: Backported in 6.6.90" @@ -16636,7 +16636,7 @@ CVE_STATUS[CVE-2025-37960] = "cpe-stable-backport: Backported in 6.6.92" CVE_STATUS[CVE-2025-37961] = "cpe-stable-backport: Backported in 6.6.91" -CVE_STATUS[CVE-2025-37962] = "cpe-stable-backport: Backported in 6.6.91" +CVE_STATUS[CVE-2025-37962] = "fixed-version: only affects 6.13.11 onwards" CVE_STATUS[CVE-2025-37963] = "cpe-stable-backport: Backported in 6.6.91" @@ -16660,7 +16660,7 @@ CVE_STATUS[CVE-2025-37972] = "cpe-stable-backport: Backported in 6.6.91" CVE_STATUS[CVE-2025-37973] = "cpe-stable-backport: Backported in 6.6.91" -CVE_STATUS[CVE-2025-37974] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-37974] = "fixed-version: only affects 6.12.5 onwards" CVE_STATUS[CVE-2025-37975] = "fixed-version: only affects 6.8 onwards" @@ -16814,7 +16814,7 @@ CVE_STATUS[CVE-2025-38053] = "fixed-version: only affects 6.7 onwards" CVE_STATUS[CVE-2025-38054] = "fixed-version: only affects 6.9 onwards" -CVE_STATUS[CVE-2025-38055] = "fixed-version: only affects 6.11 onwards" +CVE_STATUS[CVE-2025-38055] = "fixed-version: only affects 6.10.5 onwards" CVE_STATUS[CVE-2025-38056] = "fixed-version: only affects 6.12 onwards" @@ -16824,7 +16824,7 @@ CVE_STATUS[CVE-2025-38058] = "cpe-stable-backport: Backported in 6.6.93" CVE_STATUS[CVE-2025-38059] = "cpe-stable-backport: Backported in 6.6.93" -CVE_STATUS[CVE-2025-38060] = "fixed-version: only affects 6.7 onwards" +# CVE-2025-38060 may need backporting (fixed from 6.7) CVE_STATUS[CVE-2025-38061] = "cpe-stable-backport: Backported in 6.6.93" @@ -16898,9 +16898,9 @@ CVE_STATUS[CVE-2025-38095] = "cpe-stable-backport: Backported in 6.6.92" CVE_STATUS[CVE-2025-38097] = "cpe-stable-backport: Backported in 6.6.93" -CVE_STATUS[CVE-2025-38098] = "fixed-version: only affects 6.8 onwards" +CVE_STATUS[CVE-2025-38098] = "fixed-version: only affects 6.7.2 onwards" -CVE_STATUS[CVE-2025-38099] = "fixed-version: only affects 6.12.24 onwards" +CVE_STATUS[CVE-2025-38099] = "fixed-version: only affects 6.13.12 onwards" CVE_STATUS[CVE-2025-38100] = "cpe-stable-backport: Backported in 6.6.94" @@ -17026,7 +17026,7 @@ CVE_STATUS[CVE-2025-38160] = "cpe-stable-backport: Backported in 6.6.94" CVE_STATUS[CVE-2025-38161] = "cpe-stable-backport: Backported in 6.6.94" -# CVE-2025-38162 may need backporting (fixed from 6.6.125) +CVE_STATUS[CVE-2025-38162] = "cpe-stable-backport: Backported in 6.6.125" CVE_STATUS[CVE-2025-38163] = "cpe-stable-backport: Backported in 6.6.94" @@ -17040,7 +17040,7 @@ CVE_STATUS[CVE-2025-38167] = "cpe-stable-backport: Backported in 6.6.94" CVE_STATUS[CVE-2025-38168] = "fixed-version: only affects 6.12 onwards" -CVE_STATUS[CVE-2025-38169] = "fixed-version: only affects 6.10 onwards" +CVE_STATUS[CVE-2025-38169] = "fixed-version: only affects 6.8.12 onwards" CVE_STATUS[CVE-2025-38170] = "cpe-stable-backport: Backported in 6.6.94" @@ -17102,7 +17102,7 @@ CVE_STATUS[CVE-2025-38198] = "cpe-stable-backport: Backported in 6.6.95" CVE_STATUS[CVE-2025-38200] = "cpe-stable-backport: Backported in 6.6.95" -# CVE-2025-38201 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2025-38201] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2025-38202] = "cpe-stable-backport: Backported in 6.6.95" @@ -17146,7 +17146,7 @@ CVE_STATUS[CVE-2025-38222] = "cpe-stable-backport: Backported in 6.6.95" CVE_STATUS[CVE-2025-38223] = "fixed-version: only affects 6.12 onwards" -CVE_STATUS[CVE-2025-38224] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-38224] = "fixed-version: only affects 6.12.31 onwards" CVE_STATUS[CVE-2025-38225] = "cpe-stable-backport: Backported in 6.6.95" @@ -17166,7 +17166,7 @@ CVE_STATUS[CVE-2025-38232] = "cpe-stable-backport: Backported in 6.6.122" CVE_STATUS[CVE-2025-38233] = "fixed-version: only affects 6.13 onwards" -# CVE-2025-38234 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2025-38234] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2025-38235] = "fixed-version: only affects 6.15 onwards" @@ -17276,7 +17276,7 @@ CVE_STATUS[CVE-2025-38287] = "fixed-version: only affects 6.13 onwards" CVE_STATUS[CVE-2025-38288] = "fixed-version: only affects 6.12 onwards" -CVE_STATUS[CVE-2025-38289] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-38289] = "fixed-version: only affects 6.12.5 onwards" CVE_STATUS[CVE-2025-38290] = "cpe-stable-backport: Backported in 6.6.94" @@ -17348,7 +17348,7 @@ CVE_STATUS[CVE-2025-38323] = "cpe-stable-backport: Backported in 6.6.95" CVE_STATUS[CVE-2025-38324] = "cpe-stable-backport: Backported in 6.6.95" -CVE_STATUS[CVE-2025-38325] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-38325] = "fixed-version: only affects 6.12.26 onwards" CVE_STATUS[CVE-2025-38326] = "cpe-stable-backport: Backported in 6.6.95" @@ -17442,9 +17442,9 @@ CVE_STATUS[CVE-2025-38370] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-38371] = "cpe-stable-backport: Backported in 6.6.97" -CVE_STATUS[CVE-2025-38372] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-38372] = "fixed-version: only affects 6.12.13 onwards" -CVE_STATUS[CVE-2025-38373] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-38373] = "fixed-version: only affects 6.12.14 onwards" CVE_STATUS[CVE-2025-38374] = "fixed-version: only affects 6.8 onwards" @@ -17506,7 +17506,7 @@ CVE_STATUS[CVE-2025-38403] = "cpe-stable-backport: Backported in 6.6.97" CVE_STATUS[CVE-2025-38404] = "cpe-stable-backport: Backported in 6.6.97" -CVE_STATUS[CVE-2025-38405] = "fixed-version: only affects 6.11 onwards" +CVE_STATUS[CVE-2025-38405] = "fixed-version: only affects 6.10.10 onwards" CVE_STATUS[CVE-2025-38406] = "cpe-stable-backport: Backported in 6.6.97" @@ -17538,7 +17538,7 @@ CVE_STATUS[CVE-2025-38419] = "cpe-stable-backport: Backported in 6.6.95" CVE_STATUS[CVE-2025-38420] = "cpe-stable-backport: Backported in 6.6.95" -CVE_STATUS[CVE-2025-38421] = "fixed-version: only affects 6.14 onwards" +CVE_STATUS[CVE-2025-38421] = "fixed-version: only affects 6.12.23 onwards" CVE_STATUS[CVE-2025-38422] = "cpe-stable-backport: Backported in 6.6.95" @@ -17664,7 +17664,7 @@ CVE_STATUS[CVE-2025-38482] = "cpe-stable-backport: Backported in 6.6.100" CVE_STATUS[CVE-2025-38483] = "cpe-stable-backport: Backported in 6.6.100" -CVE_STATUS[CVE-2025-38484] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-38484] = "fixed-version: only affects 6.12.23 onwards" CVE_STATUS[CVE-2025-38485] = "cpe-stable-backport: Backported in 6.6.100" @@ -17758,7 +17758,7 @@ CVE_STATUS[CVE-2025-38529] = "cpe-stable-backport: Backported in 6.6.100" CVE_STATUS[CVE-2025-38530] = "cpe-stable-backport: Backported in 6.6.100" -# CVE-2025-38531 needs backporting (fixed from 6.16) +# CVE-2025-38531 may need backporting (fixed from 6.6.136) CVE_STATUS[CVE-2025-38532] = "cpe-stable-backport: Backported in 6.6.100" @@ -17798,7 +17798,7 @@ CVE_STATUS[CVE-2025-38549] = "fixed-version: only affects 6.7 onwards" CVE_STATUS[CVE-2025-38550] = "cpe-stable-backport: Backported in 6.6.100" -CVE_STATUS[CVE-2025-38551] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-38551] = "fixed-version: only affects 6.11.2 onwards" CVE_STATUS[CVE-2025-38552] = "cpe-stable-backport: Backported in 6.6.101" @@ -17830,7 +17830,7 @@ CVE_STATUS[CVE-2025-38565] = "cpe-stable-backport: Backported in 6.6.102" CVE_STATUS[CVE-2025-38566] = "cpe-stable-backport: Backported in 6.6.102" -CVE_STATUS[CVE-2025-38567] = "fixed-version: only affects 6.15 onwards" +CVE_STATUS[CVE-2025-38567] = "fixed-version: only affects 6.15.3 onwards" CVE_STATUS[CVE-2025-38568] = "cpe-stable-backport: Backported in 6.6.102" @@ -17860,11 +17860,11 @@ CVE_STATUS[CVE-2025-38580] = "fixed-version: only affects 6.15 onwards" CVE_STATUS[CVE-2025-38581] = "cpe-stable-backport: Backported in 6.6.102" -CVE_STATUS[CVE-2025-38582] = "fixed-version: only affects 6.12 onwards" +# CVE-2025-38582 may need backporting (fixed from 6.7) CVE_STATUS[CVE-2025-38583] = "cpe-stable-backport: Backported in 6.6.102" -# CVE-2025-38584 needs backporting (fixed from 6.17) +# CVE-2025-38584 may need backporting (fixed from 6.6.140) # CVE-2025-38585 needs backporting (fixed from 6.17) @@ -18004,7 +18004,7 @@ CVE_STATUS[CVE-2025-38654] = "fixed-version: only affects 6.13 onwards" CVE_STATUS[CVE-2025-38655] = "fixed-version: only affects 6.13 onwards" -# CVE-2025-38656 has no known resolution +# CVE-2025-38656 may need backporting (fixed from 6.7) CVE_STATUS[CVE-2025-38657] = "fixed-version: only affects 6.16 onwards" @@ -18042,7 +18042,7 @@ CVE_STATUS[CVE-2025-38673] = "fixed-version: only affects 6.15 onwards" CVE_STATUS[CVE-2025-38674] = "fixed-version: only affects 6.15 onwards" -CVE_STATUS[CVE-2025-38675] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-38675] = "fixed-version: only affects 6.12.13 onwards" CVE_STATUS[CVE-2025-38676] = "cpe-stable-backport: Backported in 6.6.103" @@ -18112,7 +18112,7 @@ CVE_STATUS[CVE-2025-38708] = "cpe-stable-backport: Backported in 6.6.103" CVE_STATUS[CVE-2025-38709] = "cpe-stable-backport: Backported in 6.6.109" -# CVE-2025-38710 needs backporting (fixed from 6.17) +# CVE-2025-38710 may need backporting (fixed from 6.6.134) CVE_STATUS[CVE-2025-38711] = "cpe-stable-backport: Backported in 6.6.103" @@ -18158,13 +18158,13 @@ CVE_STATUS[CVE-2025-38731] = "fixed-version: only affects 6.15 onwards" CVE_STATUS[CVE-2025-38732] = "cpe-stable-backport: Backported in 6.6.103" -CVE_STATUS[CVE-2025-38733] = "fixed-version: only affects 6.11 onwards" +CVE_STATUS[CVE-2025-38733] = "fixed-version: only affects 6.10.11 onwards" CVE_STATUS[CVE-2025-38734] = "cpe-stable-backport: Backported in 6.6.103" CVE_STATUS[CVE-2025-38735] = "cpe-stable-backport: Backported in 6.6.103" -CVE_STATUS[CVE-2025-38736] = "fixed-version: only affects 6.12.43 onwards" +CVE_STATUS[CVE-2025-38736] = "fixed-version: only affects 6.15.11 onwards" CVE_STATUS[CVE-2025-38737] = "fixed-version: only affects 6.12 onwards" @@ -18198,7 +18198,7 @@ CVE_STATUS[CVE-2025-39686] = "cpe-stable-backport: Backported in 6.6.103" CVE_STATUS[CVE-2025-39687] = "cpe-stable-backport: Backported in 6.6.103" -CVE_STATUS[CVE-2025-39688] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-39688] = "fixed-version: only affects 6.11.6 onwards" CVE_STATUS[CVE-2025-39689] = "cpe-stable-backport: Backported in 6.6.103" @@ -18272,7 +18272,7 @@ CVE_STATUS[CVE-2025-39723] = "fixed-version: only affects 6.10 onwards" CVE_STATUS[CVE-2025-39724] = "cpe-stable-backport: Backported in 6.6.103" -CVE_STATUS[CVE-2025-39725] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-39725] = "fixed-version: only affects 6.12.26 onwards" CVE_STATUS[CVE-2025-39726] = "cpe-stable-backport: Backported in 6.6.101" @@ -18370,7 +18370,7 @@ CVE_STATUS[CVE-2025-39773] = "cpe-stable-backport: Backported in 6.6.103" CVE_STATUS[CVE-2025-39774] = "fixed-version: only affects 6.14 onwards" -CVE_STATUS[CVE-2025-39775] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-39775] = "fixed-version: only affects 6.12.11 onwards" CVE_STATUS[CVE-2025-39776] = "cpe-stable-backport: Backported in 6.6.103" @@ -18432,7 +18432,7 @@ CVE_STATUS[CVE-2025-39805] = "cpe-stable-backport: Backported in 6.6.119" CVE_STATUS[CVE-2025-39806] = "cpe-stable-backport: Backported in 6.6.104" -CVE_STATUS[CVE-2025-39807] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-39807] = "fixed-version: only affects 6.12.40 onwards" CVE_STATUS[CVE-2025-39808] = "cpe-stable-backport: Backported in 6.6.104" @@ -18560,7 +18560,7 @@ CVE_STATUS[CVE-2025-39870] = "cpe-stable-backport: Backported in 6.6.107" CVE_STATUS[CVE-2025-39871] = "cpe-stable-backport: Backported in 6.6.107" -CVE_STATUS[CVE-2025-39872] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-39872] = "fixed-version: only affects 6.12.63 onwards" CVE_STATUS[CVE-2025-39873] = "cpe-stable-backport: Backported in 6.6.107" @@ -18674,7 +18674,7 @@ CVE_STATUS[CVE-2025-39928] = "fixed-version: only affects 6.13 onwards" CVE_STATUS[CVE-2025-39929] = "cpe-stable-backport: Backported in 6.6.108" -CVE_STATUS[CVE-2025-39930] = "fixed-version: only affects 6.14 onwards" +CVE_STATUS[CVE-2025-39930] = "fixed-version: only affects 6.6.130 onwards" CVE_STATUS[CVE-2025-39931] = "cpe-stable-backport: Backported in 6.6.108" @@ -18710,7 +18710,7 @@ CVE_STATUS[CVE-2025-39946] = "cpe-stable-backport: Backported in 6.6.108" CVE_STATUS[CVE-2025-39947] = "cpe-stable-backport: Backported in 6.6.108" -CVE_STATUS[CVE-2025-39948] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-39948] = "fixed-version: only affects 6.12.14 onwards" CVE_STATUS[CVE-2025-39949] = "cpe-stable-backport: Backported in 6.6.108" @@ -18744,7 +18744,7 @@ CVE_STATUS[CVE-2025-39963] = "fixed-version: only affects 6.10 onwards" CVE_STATUS[CVE-2025-39964] = "cpe-stable-backport: Backported in 6.6.108" -CVE_STATUS[CVE-2025-39965] = "cpe-stable-backport: Backported in 6.6.109" +CVE_STATUS[CVE-2025-39965] = "fixed-version: only affects 6.15.11 onwards" CVE_STATUS[CVE-2025-39966] = "fixed-version: only affects 6.11 onwards" @@ -18776,7 +18776,7 @@ CVE_STATUS[CVE-2025-39979] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-39980] = "cpe-stable-backport: Backported in 6.6.109" -# CVE-2025-39981 needs backporting (fixed from 6.17) +# CVE-2025-39981 may need backporting (fixed from 6.6.140) CVE_STATUS[CVE-2025-39982] = "cpe-stable-backport: Backported in 6.6.109" @@ -18808,11 +18808,11 @@ CVE_STATUS[CVE-2025-39995] = "cpe-stable-backport: Backported in 6.6.111" CVE_STATUS[CVE-2025-39996] = "cpe-stable-backport: Backported in 6.6.110" -CVE_STATUS[CVE-2025-39997] = "fixed-version: only affects 6.16 onwards" +# CVE-2025-39997 needs backporting (fixed from 6.18) CVE_STATUS[CVE-2025-39998] = "cpe-stable-backport: Backported in 6.6.110" -CVE_STATUS[CVE-2025-39999] = "fixed-version: only affects 6.16 onwards" +CVE_STATUS[CVE-2025-39999] = "fixed-version: only affects 6.16.4 onwards" # CVE-2025-40000 needs backporting (fixed from 6.18) @@ -18824,11 +18824,11 @@ CVE_STATUS[CVE-2025-40002] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-40004] = "fixed-version: only affects 6.12 onwards" -# CVE-2025-40005 may need backporting (fixed from 6.6.125) +CVE_STATUS[CVE-2025-40005] = "cpe-stable-backport: Backported in 6.6.125" CVE_STATUS[CVE-2025-40006] = "cpe-stable-backport: Backported in 6.6.109" -CVE_STATUS[CVE-2025-40007] = "fixed-version: only affects 6.16 onwards" +CVE_STATUS[CVE-2025-40007] = "fixed-version: only affects 6.15.3 onwards" CVE_STATUS[CVE-2025-40008] = "cpe-stable-backport: Backported in 6.6.109" @@ -18978,7 +18978,7 @@ CVE_STATUS[CVE-2025-40080] = "cpe-stable-backport: Backported in 6.6.112" CVE_STATUS[CVE-2025-40081] = "cpe-stable-backport: Backported in 6.6.112" -# CVE-2025-40082 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2025-40082] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2025-40083] = "cpe-stable-backport: Backported in 6.6.116" @@ -19016,7 +19016,7 @@ CVE_STATUS[CVE-2025-40099] = "cpe-stable-backport: Backported in 6.6.114" CVE_STATUS[CVE-2025-40100] = "cpe-stable-backport: Backported in 6.6.114" -CVE_STATUS[CVE-2025-40101] = "fixed-version: only affects 6.8 onwards" +CVE_STATUS[CVE-2025-40101] = "fixed-version: only affects 6.7.11 onwards" # CVE-2025-40102 needs backporting (fixed from 6.18) @@ -19074,7 +19074,7 @@ CVE_STATUS[CVE-2025-40129] = "cpe-stable-backport: Backported in 6.6.112" CVE_STATUS[CVE-2025-40130] = "fixed-version: only affects 6.9 onwards" -CVE_STATUS[CVE-2025-40131] = "fixed-version: only affects 6.16 onwards" +CVE_STATUS[CVE-2025-40131] = "fixed-version: only affects 6.15.3 onwards" CVE_STATUS[CVE-2025-40132] = "fixed-version: only affects 6.10 onwards" @@ -19208,7 +19208,7 @@ CVE_STATUS[CVE-2025-40197] = "cpe-stable-backport: Backported in 6.6.113" CVE_STATUS[CVE-2025-40198] = "cpe-stable-backport: Backported in 6.6.114" -CVE_STATUS[CVE-2025-40199] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-40199] = "fixed-version: only affects 6.12.34 onwards" CVE_STATUS[CVE-2025-40200] = "cpe-stable-backport: Backported in 6.6.113" @@ -19236,7 +19236,7 @@ CVE_STATUS[CVE-2025-40211] = "cpe-stable-backport: Backported in 6.6.117" CVE_STATUS[CVE-2025-40212] = "fixed-version: only affects 6.12 onwards" -CVE_STATUS[CVE-2025-40213] = "fixed-version: only affects 6.17 onwards" +CVE_STATUS[CVE-2025-40213] = "fixed-version: only affects 6.6.140 onwards" CVE_STATUS[CVE-2025-40214] = "cpe-stable-backport: Backported in 6.6.117" @@ -19248,7 +19248,7 @@ CVE_STATUS[CVE-2025-40217] = "fixed-version: only affects 6.11 onwards" CVE_STATUS[CVE-2025-40218] = "cpe-stable-backport: Backported in 6.6.113" -CVE_STATUS[CVE-2025-40219] = "cpe-stable-backport: Backported in 6.6.113" +# CVE-2025-40219 may need backporting (fixed from 6.6.128) CVE_STATUS[CVE-2025-40220] = "cpe-stable-backport: Backported in 6.6.115" @@ -19390,7 +19390,7 @@ CVE_STATUS[CVE-2025-40288] = "cpe-stable-backport: Backported in 6.6.117" # CVE-2025-40289 needs backporting (fixed from 6.18) -CVE_STATUS[CVE-2025-40290] = "fixed-version: only affects 6.17 onwards" +CVE_STATUS[CVE-2025-40290] = "fixed-version: only affects 6.16.8 onwards" CVE_STATUS[CVE-2025-40291] = "fixed-version: only affects 6.15 onwards" @@ -19464,7 +19464,7 @@ CVE_STATUS[CVE-2025-40324] = "cpe-stable-backport: Backported in 6.6.117" CVE_STATUS[CVE-2025-40326] = "fixed-version: only affects 6.14 onwards" -CVE_STATUS[CVE-2025-40327] = "fixed-version: only affects 6.17 onwards" +CVE_STATUS[CVE-2025-40327] = "fixed-version: only affects 6.16.8 onwards" CVE_STATUS[CVE-2025-40328] = "cpe-stable-backport: Backported in 6.6.117" @@ -19474,7 +19474,7 @@ CVE_STATUS[CVE-2025-40330] = "fixed-version: only affects 6.13 onwards" CVE_STATUS[CVE-2025-40331] = "cpe-stable-backport: Backported in 6.6.117" -CVE_STATUS[CVE-2025-40332] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-40332] = "fixed-version: only affects 6.12.24 onwards" CVE_STATUS[CVE-2025-40333] = "cpe-stable-backport: Backported in 6.6.117" @@ -19498,7 +19498,7 @@ CVE_STATUS[CVE-2025-40342] = "cpe-stable-backport: Backported in 6.6.117" CVE_STATUS[CVE-2025-40343] = "cpe-stable-backport: Backported in 6.6.117" -CVE_STATUS[CVE-2025-40344] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-40344] = "fixed-version: only affects 6.11.9 onwards" CVE_STATUS[CVE-2025-40345] = "cpe-stable-backport: Backported in 6.6.119" @@ -19594,7 +19594,7 @@ CVE_STATUS[CVE-2025-68193] = "fixed-version: only affects 6.10 onwards" CVE_STATUS[CVE-2025-68194] = "cpe-stable-backport: Backported in 6.6.117" -# CVE-2025-68195 has no known resolution +CVE_STATUS[CVE-2025-68195] = "fixed-version: only affects 6.12.58 onwards" CVE_STATUS[CVE-2025-68196] = "fixed-version: only affects 6.17 onwards" @@ -19616,7 +19616,7 @@ CVE_STATUS[CVE-2025-68205] = "fixed-version: only affects 6.17 onwards" # CVE-2025-68206 may need backporting (fixed from 6.6.130) -CVE_STATUS[CVE-2025-68207] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-68207] = "fixed-version: only affects 6.12.37 onwards" CVE_STATUS[CVE-2025-68208] = "cpe-stable-backport: Backported in 6.6.117" @@ -19628,11 +19628,11 @@ CVE_STATUS[CVE-2025-68211] = "cpe-stable-backport: Backported in 6.6.121" CVE_STATUS[CVE-2025-68212] = "fixed-version: only affects 6.15 onwards" -CVE_STATUS[CVE-2025-68213] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-68213] = "fixed-version: only affects 6.12.43 onwards" CVE_STATUS[CVE-2025-68214] = "cpe-stable-backport: Backported in 6.6.118" -CVE_STATUS[CVE-2025-68215] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-68215] = "fixed-version: only affects 6.12.11 onwards" CVE_STATUS[CVE-2025-68216] = "fixed-version: only affects 6.17 onwards" @@ -19702,7 +19702,7 @@ CVE_STATUS[CVE-2025-68249] = "cpe-stable-backport: Backported in 6.6.115" CVE_STATUS[CVE-2025-68250] = "fixed-version: only affects 6.16 onwards" -CVE_STATUS[CVE-2025-68251] = "fixed-version: only affects 6.8 onwards" +# CVE-2025-68251 may need backporting (fixed from 6.7) CVE_STATUS[CVE-2025-68252] = "cpe-stable-backport: Backported in 6.6.115" @@ -19768,7 +19768,7 @@ CVE_STATUS[CVE-2025-68295] = "cpe-stable-backport: Backported in 6.6.119" CVE_STATUS[CVE-2025-68297] = "cpe-stable-backport: Backported in 6.6.119" -CVE_STATUS[CVE-2025-68298] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-68298] = "fixed-version: only affects 6.12.13 onwards" CVE_STATUS[CVE-2025-68299] = "fixed-version: only affects 6.17.9 onwards" @@ -19802,7 +19802,7 @@ CVE_STATUS[CVE-2025-68313] = "fixed-version: only affects 6.8 onwards" CVE_STATUS[CVE-2025-68314] = "fixed-version: only affects 6.17 onwards" -# CVE-2025-68315 needs backporting (fixed from 6.18) +# CVE-2025-68315 may need backporting (fixed from 6.6.140) CVE_STATUS[CVE-2025-68316] = "fixed-version: only affects 6.13 onwards" @@ -19874,7 +19874,7 @@ CVE_STATUS[CVE-2025-68349] = "cpe-stable-backport: Backported in 6.6.120" CVE_STATUS[CVE-2025-68350] = "fixed-version: only affects 6.18 onwards" -CVE_STATUS[CVE-2025-68351] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-68351] = "fixed-version: only affects 6.12.23 onwards" CVE_STATUS[CVE-2025-68352] = "fixed-version: only affects 6.11 onwards" @@ -19886,9 +19886,9 @@ CVE_STATUS[CVE-2025-68355] = "fixed-version: only affects 6.18 onwards" # CVE-2025-68356 needs backporting (fixed from 6.19) -# CVE-2025-68357 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-68357] = "fixed-version: only affects 6.17.13 onwards" -# CVE-2025-68358 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2025-68358] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2025-68359] = "fixed-version: only affects 6.12 onwards" @@ -20108,8 +20108,6 @@ CVE_STATUS[CVE-2025-68810] = "fixed-version: only affects 6.8 onwards" CVE_STATUS[CVE-2025-68811] = "fixed-version: only affects 6.8 onwards" -CVE_STATUS[CVE-2025-68812] = "fixed-version: only affects 6.15 onwards" - CVE_STATUS[CVE-2025-68813] = "cpe-stable-backport: Backported in 6.6.120" CVE_STATUS[CVE-2025-68814] = "cpe-stable-backport: Backported in 6.6.120" @@ -20130,7 +20128,7 @@ CVE_STATUS[CVE-2025-68821] = "cpe-stable-backport: Backported in 6.6.120" # CVE-2025-68822 needs backporting (fixed from 6.19) -# CVE-2025-68823 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2025-68823] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2025-71064] = "cpe-stable-backport: Backported in 6.6.120" @@ -20144,7 +20142,7 @@ CVE_STATUS[CVE-2025-71068] = "cpe-stable-backport: Backported in 6.6.120" CVE_STATUS[CVE-2025-71069] = "cpe-stable-backport: Backported in 6.6.120" -CVE_STATUS[CVE-2025-71070] = "fixed-version: only affects 6.15 onwards" +CVE_STATUS[CVE-2025-71070] = "fixed-version: only affects 6.14.6 onwards" CVE_STATUS[CVE-2025-71071] = "cpe-stable-backport: Backported in 6.6.120" @@ -20156,7 +20154,7 @@ CVE_STATUS[CVE-2025-71071] = "cpe-stable-backport: Backported in 6.6.120" CVE_STATUS[CVE-2025-71075] = "cpe-stable-backport: Backported in 6.6.120" -CVE_STATUS[CVE-2025-71076] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-71076] = "fixed-version: only affects 6.12.17 onwards" CVE_STATUS[CVE-2025-71077] = "cpe-stable-backport: Backported in 6.6.120" @@ -20274,7 +20272,7 @@ CVE_STATUS[CVE-2025-71133] = "cpe-stable-backport: Backported in 6.6.120" CVE_STATUS[CVE-2025-71134] = "fixed-version: only affects 6.10 onwards" -CVE_STATUS[CVE-2025-71135] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2025-71135] = "fixed-version: only affects 6.12.4 onwards" CVE_STATUS[CVE-2025-71136] = "cpe-stable-backport: Backported in 6.6.120" @@ -20294,16 +20292,14 @@ CVE_STATUS[CVE-2025-71143] = "cpe-stable-backport: Backported in 6.6.120" CVE_STATUS[CVE-2025-71144] = "cpe-stable-backport: Backported in 6.6.120" -# CVE-2025-71145 has no known resolution +CVE_STATUS[CVE-2025-71145] = "fixed-version: Fixed from version 5.11" -CVE_STATUS[CVE-2025-71146] = "fixed-version: only affects 6.12.63 onwards" +CVE_STATUS[CVE-2025-71146] = "fixed-version: only affects 6.17.13 onwards" CVE_STATUS[CVE-2025-71147] = "cpe-stable-backport: Backported in 6.6.120" CVE_STATUS[CVE-2025-71148] = "cpe-stable-backport: Backported in 6.6.120" -CVE_STATUS[CVE-2025-71149] = "cpe-stable-backport: Backported in 6.6.120" - CVE_STATUS[CVE-2025-71150] = "cpe-stable-backport: Backported in 6.6.120" CVE_STATUS[CVE-2025-71151] = "cpe-stable-backport: Backported in 6.6.120" @@ -20314,7 +20310,7 @@ CVE_STATUS[CVE-2025-71153] = "cpe-stable-backport: Backported in 6.6.120" CVE_STATUS[CVE-2025-71154] = "cpe-stable-backport: Backported in 6.6.120" -CVE_STATUS[CVE-2025-71155] = "fixed-version: only affects 6.18 onwards" +CVE_STATUS[CVE-2025-71155] = "fixed-version: only affects 6.17.4 onwards" CVE_STATUS[CVE-2025-71156] = "fixed-version: only affects 6.9 onwards" @@ -20380,41 +20376,41 @@ CVE_STATUS[CVE-2025-71201] = "fixed-version: only affects 6.14 onwards" # CVE-2025-71203 may need backporting (fixed from 6.6.130) -# CVE-2025-71204 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2025-71204] = "cpe-stable-backport: Backported in 6.6.124" -# CVE-2025-71220 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2025-71220] = "cpe-stable-backport: Backported in 6.6.124" # CVE-2025-71221 may need backporting (fixed from 6.6.130) -# CVE-2025-71222 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2025-71222] = "cpe-stable-backport: Backported in 6.6.124" -# CVE-2025-71223 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2025-71223] = "cpe-stable-backport: Backported in 6.6.124" -# CVE-2025-71224 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2025-71224] = "cpe-stable-backport: Backported in 6.6.124" # CVE-2025-71225 needs backporting (fixed from 6.19) # CVE-2025-71227 needs backporting (fixed from 6.19) -# CVE-2025-71229 may need backporting (fixed from 6.6.125) +CVE_STATUS[CVE-2025-71229] = "cpe-stable-backport: Backported in 6.6.125" CVE_STATUS[CVE-2025-71230] = "fixed-version: only affects 6.13 onwards" CVE_STATUS[CVE-2025-71231] = "fixed-version: only affects 6.8 onwards" -# CVE-2025-71232 may need backporting (fixed from 6.6.125) +CVE_STATUS[CVE-2025-71232] = "cpe-stable-backport: Backported in 6.6.125" -# CVE-2025-71233 may need backporting (fixed from 6.6.127) +CVE_STATUS[CVE-2025-71233] = "cpe-stable-backport: Backported in 6.6.127" CVE_STATUS[CVE-2025-71234] = "fixed-version: only affects 6.9 onwards" -# CVE-2025-71235 may need backporting (fixed from 6.6.125) +CVE_STATUS[CVE-2025-71235] = "cpe-stable-backport: Backported in 6.6.125" -# CVE-2025-71236 may need backporting (fixed from 6.6.125) +CVE_STATUS[CVE-2025-71236] = "cpe-stable-backport: Backported in 6.6.125" -# CVE-2025-71237 may need backporting (fixed from 6.6.125) +CVE_STATUS[CVE-2025-71237] = "cpe-stable-backport: Backported in 6.6.125" -# CVE-2025-71238 may need backporting (fixed from 6.6.127) +CVE_STATUS[CVE-2025-71238] = "cpe-stable-backport: Backported in 6.6.127" # CVE-2025-71239 may need backporting (fixed from 6.6.128) @@ -20424,11 +20420,55 @@ CVE_STATUS[CVE-2025-71234] = "fixed-version: only affects 6.9 onwards" # CVE-2025-71267 may need backporting (fixed from 6.6.128) -# CVE-2025-71268 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2025-71268] = "cpe-stable-backport: Backported in 6.6.124" + +# CVE-2025-71269 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2025-71270] = "cpe-stable-backport: Backported in 6.6.124" + +CVE_STATUS[CVE-2025-71271] = "fixed-version: only affects 6.13 onwards" + +# CVE-2025-71272 needs backporting (fixed from 7.0) + +# CVE-2025-71273 needs backporting (fixed from 7.0) + +# CVE-2025-71274 may need backporting (fixed from 6.6.128) + +# CVE-2025-71285 needs backporting (fixed from 7.0) + +# CVE-2025-71286 may need backporting (fixed from 6.6.128) + +# CVE-2025-71287 may need backporting (fixed from 6.6.130) + +# CVE-2025-71288 may need backporting (fixed from 6.6.130) + +# CVE-2025-71289 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2025-71290] = "fixed-version: only affects 6.16 onwards" + +# CVE-2025-71291 may need backporting (fixed from 6.6.128) + +# CVE-2025-71292 may need backporting (fixed from 6.6.128) -# CVE-2025-71269 needs backporting (fixed from 6.19) +CVE_STATUS[CVE-2025-71293] = "fixed-version: only affects 6.18 onwards" -# CVE-2025-71270 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2025-71294] = "fixed-version: only affects 6.7 onwards" + +# CVE-2025-71295 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2025-71296] = "fixed-version: only affects 6.16 onwards" + +# CVE-2025-71297 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2025-71298] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-71299] = "fixed-version: only affects 6.17.11 onwards" + +CVE_STATUS[CVE-2025-71300] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2025-71301] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-71302] = "fixed-version: only affects 6.10 onwards" CVE_STATUS[CVE-2026-22976] = "cpe-stable-backport: Backported in 6.6.121" @@ -20506,7 +20546,7 @@ CVE_STATUS[CVE-2026-23012] = "fixed-version: only affects 6.17 onwards" CVE_STATUS[CVE-2026-23013] = "fixed-version: only affects 6.9 onwards" -CVE_STATUS[CVE-2026-23014] = "fixed-version: only affects 6.18 onwards" +CVE_STATUS[CVE-2026-23014] = "fixed-version: only affects 6.17.8 onwards" CVE_STATUS[CVE-2026-23015] = "fixed-version: only affects 6.13 onwards" @@ -20514,7 +20554,7 @@ CVE_STATUS[CVE-2026-23016] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-23017] = "fixed-version: only affects 6.7 onwards" -CVE_STATUS[CVE-2026-23018] = "fixed-version: only affects 6.17 onwards" +CVE_STATUS[CVE-2026-23018] = "fixed-version: only affects 6.16.9 onwards" CVE_STATUS[CVE-2026-23019] = "cpe-stable-backport: Backported in 6.6.121" @@ -20636,7 +20676,7 @@ CVE_STATUS[CVE-2026-23077] = "fixed-version: only affects 6.16 onwards" CVE_STATUS[CVE-2026-23078] = "cpe-stable-backport: Backported in 6.6.122" -CVE_STATUS[CVE-2026-23079] = "fixed-version: only affects 6.18 onwards" +CVE_STATUS[CVE-2026-23079] = "fixed-version: only affects 6.17.10 onwards" CVE_STATUS[CVE-2026-23080] = "cpe-stable-backport: Backported in 6.6.122" @@ -20678,7 +20718,7 @@ CVE_STATUS[CVE-2026-23098] = "cpe-stable-backport: Backported in 6.6.122" CVE_STATUS[CVE-2026-23099] = "cpe-stable-backport: Backported in 6.6.122" -# CVE-2026-23100 may need backporting (fixed from 6.6.127) +CVE_STATUS[CVE-2026-23100] = "cpe-stable-backport: Backported in 6.6.127" CVE_STATUS[CVE-2026-23101] = "cpe-stable-backport: Backported in 6.6.122" @@ -20700,9 +20740,9 @@ CVE_STATUS[CVE-2026-23109] = "fixed-version: only affects 6.16 onwards" CVE_STATUS[CVE-2026-23110] = "cpe-stable-backport: Backported in 6.6.122" -# CVE-2026-23111 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23111] = "cpe-stable-backport: Backported in 6.6.124" -# CVE-2026-23112 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23112] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2026-23113] = "cpe-stable-backport: Backported in 6.6.122" @@ -20764,7 +20804,7 @@ CVE_STATUS[CVE-2026-23141] = "cpe-stable-backport: Backported in 6.6.122" CVE_STATUS[CVE-2026-23142] = "cpe-stable-backport: Backported in 6.6.122" -CVE_STATUS[CVE-2026-23143] = "fixed-version: only affects 6.15 onwards" +CVE_STATUS[CVE-2026-23143] = "fixed-version: only affects 6.12.91 onwards" CVE_STATUS[CVE-2026-23144] = "cpe-stable-backport: Backported in 6.6.122" @@ -20774,13 +20814,13 @@ CVE_STATUS[CVE-2026-23146] = "cpe-stable-backport: Backported in 6.6.123" CVE_STATUS[CVE-2026-23147] = "fixed-version: only affects 6.15 onwards" -CVE_STATUS[CVE-2026-23148] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2026-23148] = "fixed-version: only affects 6.12.37 onwards" CVE_STATUS[CVE-2026-23149] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-23150] = "cpe-stable-backport: Backported in 6.6.123" -CVE_STATUS[CVE-2026-23151] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2026-23151] = "fixed-version: only affects 6.12.59 onwards" CVE_STATUS[CVE-2026-23152] = "fixed-version: only affects 6.7 onwards" @@ -20810,17 +20850,17 @@ CVE_STATUS[CVE-2026-23164] = "cpe-stable-backport: Backported in 6.6.123" CVE_STATUS[CVE-2026-23165] = "fixed-version: only affects 6.17 onwards" -CVE_STATUS[CVE-2026-23166] = "fixed-version: only affects 6.11 onwards" +CVE_STATUS[CVE-2026-23166] = "fixed-version: only affects 6.10.10 onwards" CVE_STATUS[CVE-2026-23167] = "cpe-stable-backport: Backported in 6.6.123" CVE_STATUS[CVE-2026-23168] = "cpe-stable-backport: Backported in 6.6.123" -# CVE-2026-23169 may need backporting (fixed from 6.6.125) +CVE_STATUS[CVE-2026-23169] = "cpe-stable-backport: Backported in 6.6.125" CVE_STATUS[CVE-2026-23170] = "cpe-stable-backport: Backported in 6.6.123" -# CVE-2026-23171 needs backporting (fixed from 6.19) +# CVE-2026-23171 may need backporting (fixed from 6.6.140) CVE_STATUS[CVE-2026-23172] = "cpe-stable-backport: Backported in 6.6.123" @@ -20830,19 +20870,19 @@ CVE_STATUS[CVE-2026-23174] = "fixed-version: only affects 6.17 onwards" CVE_STATUS[CVE-2026-23175] = "fixed-version: only affects 6.17 onwards" -# CVE-2026-23176 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23176] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2026-23177] = "fixed-version: only affects 6.12 onwards" -# CVE-2026-23178 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23178] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2026-23179] = "fixed-version: only affects 6.7 onwards" -# CVE-2026-23180 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23180] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2026-23181] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-23182 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23182] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2026-23183] = "fixed-version: only affects 6.14 onwards" @@ -20852,19 +20892,19 @@ CVE_STATUS[CVE-2026-23185] = "fixed-version: only affects 6.17 onwards" CVE_STATUS[CVE-2026-23186] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-23187 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23187] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2026-23188] = "fixed-version: only affects 6.11 onwards" -CVE_STATUS[CVE-2026-23189] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2026-23189] = "fixed-version: only affects 6.12.58 onwards" -# CVE-2026-23190 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23190] = "cpe-stable-backport: Backported in 6.6.124" # CVE-2026-23191 needs backporting (fixed from 6.19) CVE_STATUS[CVE-2026-23192] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-23193 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23193] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2026-23194] = "fixed-version: only affects 6.18 onwards" @@ -20874,29 +20914,29 @@ CVE_STATUS[CVE-2026-23196] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2026-23197] = "fixed-version: only affects 6.13 onwards" -# CVE-2026-23198 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23198] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2026-23199] = "fixed-version: only affects 6.11 onwards" -# CVE-2026-23200 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23200] = "fixed-version: only affects 6.17.13 onwards" -CVE_STATUS[CVE-2026-23201] = "fixed-version: only affects 6.12 onwards" +CVE_STATUS[CVE-2026-23201] = "fixed-version: only affects 6.12.42 onwards" -# CVE-2026-23202 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23202] = "fixed-version: only affects 6.17.13 onwards" CVE_STATUS[CVE-2026-23203] = "fixed-version: only affects 6.17 onwards" -# CVE-2026-23204 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23204] = "cpe-stable-backport: Backported in 6.6.124" -# CVE-2026-23205 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23205] = "cpe-stable-backport: Backported in 6.6.124" -# CVE-2026-23206 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23206] = "cpe-stable-backport: Backported in 6.6.124" -CVE_STATUS[CVE-2026-23207] = "fixed-version: only affects 6.12.63 onwards" +# CVE-2026-23207 may need backporting (fixed from 6.7) # CVE-2026-23208 needs backporting (fixed from 6.19) -# CVE-2026-23209 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23209] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2026-23210] = "fixed-version: only affects 6.9 onwards" @@ -20910,19 +20950,19 @@ CVE_STATUS[CVE-2026-23212] = "cpe-stable-backport: Backported in 6.6.123" CVE_STATUS[CVE-2026-23215] = "fixed-version: only affects 6.11 onwards" -# CVE-2026-23216 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23216] = "cpe-stable-backport: Backported in 6.6.124" -CVE_STATUS[CVE-2026-23217] = "fixed-version: only affects 6.11 onwards" +CVE_STATUS[CVE-2026-23217] = "fixed-version: only affects 6.10.10 onwards" CVE_STATUS[CVE-2026-23218] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-23219] = "fixed-version: only affects 6.10 onwards" -# CVE-2026-23220 may need backporting (fixed from 6.6.125) +CVE_STATUS[CVE-2026-23220] = "cpe-stable-backport: Backported in 6.6.125" -# CVE-2026-23221 may need backporting (fixed from 6.6.127) +CVE_STATUS[CVE-2026-23221] = "cpe-stable-backport: Backported in 6.6.127" -# CVE-2026-23222 may need backporting (fixed from 6.6.125) +CVE_STATUS[CVE-2026-23222] = "cpe-stable-backport: Backported in 6.6.125" CVE_STATUS[CVE-2026-23223] = "fixed-version: only affects 6.9 onwards" @@ -20930,35 +20970,35 @@ CVE_STATUS[CVE-2026-23224] = "fixed-version: only affects 6.12 onwards" CVE_STATUS[CVE-2026-23225] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-23226 needs backporting (fixed from 7.0rc1) +# CVE-2026-23226 needs backporting (fixed from 7.0) # CVE-2026-23227 may need backporting (fixed from 6.6.130) -# CVE-2026-23228 may need backporting (fixed from 6.6.125) +CVE_STATUS[CVE-2026-23228] = "cpe-stable-backport: Backported in 6.6.125" -# CVE-2026-23229 may need backporting (fixed from 6.6.125) +CVE_STATUS[CVE-2026-23229] = "cpe-stable-backport: Backported in 6.6.125" -# CVE-2026-23230 may need backporting (fixed from 6.6.125) +CVE_STATUS[CVE-2026-23230] = "cpe-stable-backport: Backported in 6.6.125" # CVE-2026-23231 may need backporting (fixed from 6.6.128) CVE_STATUS[CVE-2026-23232] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-23233 may need backporting (fixed from 6.6.127) +CVE_STATUS[CVE-2026-23233] = "cpe-stable-backport: Backported in 6.6.127" -# CVE-2026-23234 may need backporting (fixed from 6.6.127) +CVE_STATUS[CVE-2026-23234] = "cpe-stable-backport: Backported in 6.6.127" -# CVE-2026-23235 may need backporting (fixed from 6.6.127) +CVE_STATUS[CVE-2026-23235] = "cpe-stable-backport: Backported in 6.6.127" -# CVE-2026-23236 may need backporting (fixed from 6.6.127) +CVE_STATUS[CVE-2026-23236] = "cpe-stable-backport: Backported in 6.6.127" -# CVE-2026-23237 may need backporting (fixed from 6.6.127) +CVE_STATUS[CVE-2026-23237] = "cpe-stable-backport: Backported in 6.6.127" -# CVE-2026-23238 may need backporting (fixed from 6.6.127) +CVE_STATUS[CVE-2026-23238] = "cpe-stable-backport: Backported in 6.6.127" -# CVE-2026-23239 needs backporting (fixed from 7.0rc2) +# CVE-2026-23239 needs backporting (fixed from 7.0) -# CVE-2026-23240 needs backporting (fixed from 7.0rc2) +# CVE-2026-23240 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-23241] = "fixed-version: only affects 6.13 onwards" @@ -20972,7 +21012,7 @@ CVE_STATUS[CVE-2026-23241] = "fixed-version: only affects 6.13 onwards" # CVE-2026-23246 may need backporting (fixed from 6.6.130) -# CVE-2026-23247 needs backporting (fixed from 7.0rc3) +# CVE-2026-23247 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-23248] = "fixed-version: only affects 6.14 onwards" @@ -20986,33 +21026,33 @@ CVE_STATUS[CVE-2026-23252] = "fixed-version: only affects 6.10 onwards" # CVE-2026-23253 may need backporting (fixed from 6.6.130) -# CVE-2026-23254 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23254] = "cpe-stable-backport: Backported in 6.6.124" -# CVE-2026-23255 needs backporting (fixed from 6.19) +# CVE-2026-23255 may need backporting (fixed from 6.6.136) -# CVE-2026-23256 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23256] = "cpe-stable-backport: Backported in 6.6.124" -# CVE-2026-23257 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23257] = "cpe-stable-backport: Backported in 6.6.124" -# CVE-2026-23258 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23258] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2026-23259] = "fixed-version: only affects 6.10 onwards" -# CVE-2026-23260 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23260] = "cpe-stable-backport: Backported in 6.6.124" -# CVE-2026-23261 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23261] = "cpe-stable-backport: Backported in 6.6.124" -# CVE-2026-23262 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23262] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2026-23263] = "fixed-version: only affects 6.17 onwards" -# CVE-2026-23264 may need backporting (fixed from 6.6.124) +CVE_STATUS[CVE-2026-23264] = "cpe-stable-backport: Backported in 6.6.124" -# CVE-2026-23265 needs backporting (fixed from 7.0rc1) +# CVE-2026-23265 needs backporting (fixed from 7.0) -# CVE-2026-23266 may need backporting (fixed from 6.6.127) +CVE_STATUS[CVE-2026-23266] = "cpe-stable-backport: Backported in 6.6.127" -# CVE-2026-23267 may need backporting (fixed from 6.6.127) +CVE_STATUS[CVE-2026-23267] = "cpe-stable-backport: Backported in 6.6.127" # CVE-2026-23268 may need backporting (fixed from 6.6.130) @@ -21022,7 +21062,7 @@ CVE_STATUS[CVE-2026-23263] = "fixed-version: only affects 6.17 onwards" # CVE-2026-23271 may need backporting (fixed from 6.6.130) -# CVE-2026-23272 needs backporting (fixed from 7.0rc3) +# CVE-2026-23272 may need backporting (fixed from 6.6.141) # CVE-2026-23273 may need backporting (fixed from 6.6.128) @@ -21030,11 +21070,11 @@ CVE_STATUS[CVE-2026-23263] = "fixed-version: only affects 6.17 onwards" CVE_STATUS[CVE-2026-23275] = "fixed-version: only affects 6.13 onwards" -# CVE-2026-23276 needs backporting (fixed from 7.0rc4) +# CVE-2026-23276 needs backporting (fixed from 7.0) # CVE-2026-23277 may need backporting (fixed from 6.6.130) -# CVE-2026-23278 needs backporting (fixed from 7.0rc4) +# CVE-2026-23278 needs backporting (fixed from 7.0) # CVE-2026-23279 may need backporting (fixed from 6.6.130) @@ -21054,7 +21094,7 @@ CVE_STATUS[CVE-2026-23283] = "fixed-version: only affects 6.19 onwards" # CVE-2026-23287 may need backporting (fixed from 6.6.130) -CVE_STATUS[CVE-2026-23288] = "fixed-version: only affects 6.19 onwards" +CVE_STATUS[CVE-2026-23288] = "fixed-version: only affects 6.19.4 onwards" # CVE-2026-23289 may need backporting (fixed from 6.6.130) @@ -21082,7 +21122,7 @@ CVE_STATUS[CVE-2026-23299] = "fixed-version: only affects 6.15 onwards" CVE_STATUS[CVE-2026-23301] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-23302 needs backporting (fixed from 7.0rc3) +# CVE-2026-23302 may need backporting (fixed from 6.6.136) # CVE-2026-23303 may need backporting (fixed from 6.6.130) @@ -21104,7 +21144,7 @@ CVE_STATUS[CVE-2026-23311] = "fixed-version: only affects 6.15 onwards" # CVE-2026-23312 may need backporting (fixed from 6.6.130) -# CVE-2026-23313 needs backporting (fixed from 7.0rc3) +# CVE-2026-23313 may need backporting (fixed from 6.6.136) CVE_STATUS[CVE-2026-23314] = "fixed-version: only affects 6.18 onwards" @@ -21118,8 +21158,6 @@ CVE_STATUS[CVE-2026-23316] = "fixed-version: only affects 6.11 onwards" # CVE-2026-23319 may need backporting (fixed from 6.6.130) -# CVE-2026-23320 needs backporting (fixed from 7.0rc1) - # CVE-2026-23321 may need backporting (fixed from 6.6.130) CVE_STATUS[CVE-2026-23322] = "fixed-version: only affects 6.18 onwards" @@ -21132,20 +21170,18 @@ CVE_STATUS[CVE-2026-23323] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-23326] = "fixed-version: only affects 6.13 onwards" -# CVE-2026-23327 needs backporting (fixed from 7.0rc2) +# CVE-2026-23327 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-23328] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2026-23329] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-23330 needs backporting (fixed from 7.0rc3) +# CVE-2026-23330 may need backporting (fixed from 6.6.136) CVE_STATUS[CVE-2026-23331] = "fixed-version: only affects 6.13 onwards" CVE_STATUS[CVE-2026-23332] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-23333 has no known resolution - # CVE-2026-23334 may need backporting (fixed from 6.6.130) # CVE-2026-23335 may need backporting (fixed from 6.6.130) @@ -21160,7 +21196,7 @@ CVE_STATUS[CVE-2026-23338] = "fixed-version: only affects 6.16 onwards" # CVE-2026-23340 may need backporting (fixed from 6.6.130) -CVE_STATUS[CVE-2026-23341] = "fixed-version: only affects 6.19 onwards" +CVE_STATUS[CVE-2026-23341] = "fixed-version: only affects 6.19.4 onwards" CVE_STATUS[CVE-2026-23342] = "fixed-version: only affects 6.18 onwards" @@ -21170,11 +21206,11 @@ CVE_STATUS[CVE-2026-23344] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-23345] = "fixed-version: only affects 6.13 onwards" -# CVE-2026-23346 needs backporting (fixed from 7.0rc2) +# CVE-2026-23346 needs backporting (fixed from 7.0) # CVE-2026-23347 may need backporting (fixed from 6.6.130) -# CVE-2026-23348 needs backporting (fixed from 7.0rc2) +# CVE-2026-23348 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-23349] = "fixed-version: only affects 6.18 onwards" @@ -21188,7 +21224,7 @@ CVE_STATUS[CVE-2026-23353] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-23354] = "fixed-version: only affects 6.9 onwards" -CVE_STATUS[CVE-2026-23355] = "fixed-version: only affects 6.18 onwards" +CVE_STATUS[CVE-2026-23355] = "fixed-version: only affects 6.18.14 onwards" # CVE-2026-23356 may need backporting (fixed from 6.6.130) @@ -21200,7 +21236,7 @@ CVE_STATUS[CVE-2026-23358] = "fixed-version: only affects 6.16 onwards" # CVE-2026-23360 may need backporting (fixed from 6.6.131) -# CVE-2026-23361 needs backporting (fixed from 7.0rc2) +# CVE-2026-23361 needs backporting (fixed from 7.0) # CVE-2026-23362 may need backporting (fixed from 6.6.130) @@ -21220,19 +21256,19 @@ CVE_STATUS[CVE-2026-23369] = "fixed-version: only affects 6.7 onwards" # CVE-2026-23370 may need backporting (fixed from 6.6.130) -# CVE-2026-23371 needs backporting (fixed from 7.0rc3) +# CVE-2026-23371 needs backporting (fixed from 7.0) # CVE-2026-23372 may need backporting (fixed from 6.6.130) CVE_STATUS[CVE-2026-23373] = "fixed-version: only affects 6.9 onwards" -# CVE-2026-23374 needs backporting (fixed from 7.0rc3) +# CVE-2026-23374 may need backporting (fixed from 6.6.136) CVE_STATUS[CVE-2026-23375] = "fixed-version: only affects 6.8 onwards" -CVE_STATUS[CVE-2026-23376] = "fixed-version: only affects 6.18 onwards" +CVE_STATUS[CVE-2026-23376] = "fixed-version: only affects 6.17.3 onwards" -# CVE-2026-23377 needs backporting (fixed from 7.0rc3) +# CVE-2026-23377 needs backporting (fixed from 7.0) # CVE-2026-23378 may need backporting (fixed from 6.6.130) @@ -21244,7 +21280,7 @@ CVE_STATUS[CVE-2026-23380] = "fixed-version: only affects 6.10 onwards" # CVE-2026-23382 may need backporting (fixed from 6.6.130) -# CVE-2026-23383 needs backporting (fixed from 7.0rc2) +# CVE-2026-23383 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-23384] = "fixed-version: only affects 6.18 onwards" @@ -21256,7 +21292,7 @@ CVE_STATUS[CVE-2026-23385] = "fixed-version: only affects 6.10 onwards" # CVE-2026-23388 may need backporting (fixed from 6.6.130) -# CVE-2026-23389 needs backporting (fixed from 7.0rc3) +# CVE-2026-23389 may need backporting (fixed from 6.6.136) CVE_STATUS[CVE-2026-23390] = "fixed-version: only affects 6.12 onwards" @@ -21264,9 +21300,9 @@ CVE_STATUS[CVE-2026-23390] = "fixed-version: only affects 6.12 onwards" # CVE-2026-23392 may need backporting (fixed from 6.6.130) -# CVE-2026-23393 needs backporting (fixed from 7.0rc5) +# CVE-2026-23393 needs backporting (fixed from 7.0) -CVE_STATUS[CVE-2026-23394] = "fixed-version: only affects 6.10 onwards" +# CVE-2026-23394 may need backporting (fixed from 6.7) # CVE-2026-23395 may need backporting (fixed from 6.6.130) @@ -21276,7 +21312,7 @@ CVE_STATUS[CVE-2026-23394] = "fixed-version: only affects 6.10 onwards" # CVE-2026-23398 may need backporting (fixed from 6.6.130) -# CVE-2026-23399 needs backporting (fixed from 7.0rc5) +# CVE-2026-23399 may need backporting (fixed from 6.6.136) CVE_STATUS[CVE-2026-23400] = "fixed-version: only affects 6.18 onwards" @@ -21314,5 +21350,1923 @@ CVE_STATUS[CVE-2026-23416] = "fixed-version: only affects 6.17 onwards" CVE_STATUS[CVE-2026-23417] = "fixed-version: only affects 6.9 onwards" -# CVE-2026-31788 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23418] = "fixed-version: only affects 6.14 onwards" + +# CVE-2026-23419 may need backporting (fixed from 6.6.130) + +# CVE-2026-23420 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-23421] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-23422 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-23423] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2026-23424] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-23425] = "fixed-version: only affects 6.14 onwards" + +# CVE-2026-23426 may need backporting (fixed from 6.6.130) + +# CVE-2026-23427 may need backporting (fixed from 6.6.130) + +# CVE-2026-23428 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-23429] = "fixed-version: only affects 6.18.7 onwards" + +CVE_STATUS[CVE-2026-23430] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-23431] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-23432] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-23433] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-23434 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-23435] = "fixed-version: only affects 6.18.2 onwards" + +CVE_STATUS[CVE-2026-23436] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2026-23437] = "fixed-version: only affects 6.13 onwards" + +# CVE-2026-23438 may need backporting (fixed from 6.6.130) + +# CVE-2026-23439 may need backporting (fixed from 6.6.130) + +# CVE-2026-23440 may need backporting (fixed from 6.6.130) + +# CVE-2026-23441 may need backporting (fixed from 6.6.130) + +# CVE-2026-23442 may need backporting (fixed from 6.6.136) + +# CVE-2026-23443 may need backporting (fixed from 6.6.130) + +# CVE-2026-23444 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-23445] = "fixed-version: only affects 6.10 onwards" + +# CVE-2026-23446 may need backporting (fixed from 6.6.130) + +# CVE-2026-23447 may need backporting (fixed from 6.6.130) + +# CVE-2026-23448 may need backporting (fixed from 6.6.130) + +# CVE-2026-23449 may need backporting (fixed from 6.6.130) + +# CVE-2026-23450 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-23451] = "fixed-version: only affects 6.18.19 onwards" + +# CVE-2026-23452 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-23453] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-23454 may need backporting (fixed from 6.6.130) + +# CVE-2026-23455 may need backporting (fixed from 6.6.130) + +# CVE-2026-23456 may need backporting (fixed from 6.6.130) + +# CVE-2026-23457 may need backporting (fixed from 6.6.130) + +# CVE-2026-23458 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-23459] = "fixed-version: only affects 6.14 onwards" + +# CVE-2026-23460 may need backporting (fixed from 6.6.130) + +# CVE-2026-23461 may need backporting (fixed from 6.6.130) + +# CVE-2026-23462 may need backporting (fixed from 6.6.130) + +# CVE-2026-23463 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-23464] = "fixed-version: only affects 6.8 onwards" + +# CVE-2026-23465 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-23466] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-23467] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-23468 may need backporting (fixed from 6.6.140) + +CVE_STATUS[CVE-2026-23469] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-23470] = "fixed-version: only affects 6.8 onwards" + +# CVE-2026-23472 needs backporting (fixed from 7.0) + +# CVE-2026-23474 may need backporting (fixed from 6.6.130) + +# CVE-2026-23475 may need backporting (fixed from 6.6.130) + +# CVE-2026-31389 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-31390] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-31391 may need backporting (fixed from 6.6.130) + +# CVE-2026-31392 may need backporting (fixed from 6.6.130) + +# CVE-2026-31393 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-31394] = "fixed-version: only affects 6.11 onwards" + +CVE_STATUS[CVE-2026-31395] = "fixed-version: only affects 6.13 onwards" + +# CVE-2026-31396 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-31397] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-31398] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-31399 may need backporting (fixed from 6.6.130) + +# CVE-2026-31400 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-31401] = "fixed-version: only affects 6.11 onwards" + +# CVE-2026-31402 may need backporting (fixed from 6.6.130) + +# CVE-2026-31403 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-31404] = "fixed-version: only affects 6.14 onwards" + +# CVE-2026-31405 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-31406] = "fixed-version: only affects 6.11 onwards" + +# CVE-2026-31407 may need backporting (fixed from 6.6.136) + +# CVE-2026-31408 may need backporting (fixed from 6.6.131) + +# CVE-2026-31409 may need backporting (fixed from 6.6.130) + +# CVE-2026-31410 needs backporting (fixed from 7.0) + +# CVE-2026-31411 may need backporting (fixed from 6.6.128) + +# CVE-2026-31412 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-31413] = "fixed-version: only affects 6.12.75 onwards" + +# CVE-2026-31414 may need backporting (fixed from 6.6.134) + +# CVE-2026-31415 may need backporting (fixed from 6.6.134) + +# CVE-2026-31416 may need backporting (fixed from 6.6.134) + +# CVE-2026-31417 may need backporting (fixed from 6.6.134) + +# CVE-2026-31418 may need backporting (fixed from 6.6.134) + +# CVE-2026-31419 needs backporting (fixed from 7.0) + +# CVE-2026-31420 needs backporting (fixed from 7.0) + +# CVE-2026-31421 may need backporting (fixed from 6.6.134) + +# CVE-2026-31422 may need backporting (fixed from 6.6.134) + +# CVE-2026-31423 may need backporting (fixed from 6.6.134) + +# CVE-2026-31424 may need backporting (fixed from 6.6.134) + +# CVE-2026-31425 may need backporting (fixed from 6.6.134) + +# CVE-2026-31426 may need backporting (fixed from 6.6.131) + +# CVE-2026-31427 may need backporting (fixed from 6.6.131) + +# CVE-2026-31428 may need backporting (fixed from 6.6.131) + +# CVE-2026-31429 may need backporting (fixed from 6.6.136) + +# CVE-2026-31430 may need backporting (fixed from 6.6.135) + +# CVE-2026-31431 may need backporting (fixed from 6.6.137) + +# CVE-2026-31432 needs backporting (fixed from 7.0) + +# CVE-2026-31433 may need backporting (fixed from 6.6.131) + +# CVE-2026-31434 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31435] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-31436] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-31437] = "fixed-version: only affects 6.18.17 onwards" + +CVE_STATUS[CVE-2026-31438] = "fixed-version: only affects 6.8 onwards" + +# CVE-2026-31439 may need backporting (fixed from 6.6.131) + +# CVE-2026-31440 may need backporting (fixed from 6.6.140) + +# CVE-2026-31441 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31442] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-31443] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-31444] = "fixed-version: only affects 6.6.130 onwards" + +CVE_STATUS[CVE-2026-31445] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-31446 may need backporting (fixed from 6.6.131) + +# CVE-2026-31447 may need backporting (fixed from 6.6.131) + +# CVE-2026-31448 may need backporting (fixed from 6.6.131) + +# CVE-2026-31449 may need backporting (fixed from 6.6.140) + +# CVE-2026-31450 may need backporting (fixed from 6.6.134) + +# CVE-2026-31451 may need backporting (fixed from 6.6.131) + +# CVE-2026-31452 may need backporting (fixed from 6.6.131) + +# CVE-2026-31453 may need backporting (fixed from 6.6.131) + +# CVE-2026-31454 may need backporting (fixed from 6.6.131) + +# CVE-2026-31455 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31456] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-31457] = "fixed-version: only affects 6.17 onwards" + +# CVE-2026-31458 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31459] = "fixed-version: only affects 6.17.6 onwards" + +CVE_STATUS[CVE-2026-31460] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-31461] = "fixed-version: only affects 6.13 onwards" + +# CVE-2026-31462 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-31463] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-31464 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31465] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-31466 may need backporting (fixed from 6.6.134) + +# CVE-2026-31467 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31468] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-31469 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31470] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-31471] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-31472] = "fixed-version: only affects 6.14 onwards" + +# CVE-2026-31473 may need backporting (fixed from 6.6.131) + +# CVE-2026-31474 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31475] = "fixed-version: only affects 6.14.9 onwards" + +# CVE-2026-31476 may need backporting (fixed from 6.6.131) + +# CVE-2026-31477 may need backporting (fixed from 6.6.131) + +# CVE-2026-31478 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31479] = "fixed-version: only affects 6.8 onwards" + +# CVE-2026-31480 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31481] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-31482 may need backporting (fixed from 6.6.131) + +# CVE-2026-31483 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31484] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-31485 may need backporting (fixed from 6.6.131) + +# CVE-2026-31486 needs backporting (fixed from 7.0) + +# CVE-2026-31487 needs backporting (fixed from 7.0) + +# CVE-2026-31488 may need backporting (fixed from 6.6.140) + +# CVE-2026-31489 may need backporting (fixed from 6.6.140) + +CVE_STATUS[CVE-2026-31490] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-31491] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-31492 may need backporting (fixed from 6.6.131) + +# CVE-2026-31493 needs backporting (fixed from 7.0) + +# CVE-2026-31494 may need backporting (fixed from 6.6.131) + +# CVE-2026-31495 may need backporting (fixed from 6.6.131) + +# CVE-2026-31496 may need backporting (fixed from 6.6.131) + +# CVE-2026-31497 may need backporting (fixed from 6.6.131) + +# CVE-2026-31498 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31499] = "fixed-version: only affects 6.12.20 onwards" + +# CVE-2026-31500 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31501] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-31502 needs backporting (fixed from 7.0) + +# CVE-2026-31503 may need backporting (fixed from 6.6.131) + +# CVE-2026-31504 may need backporting (fixed from 6.6.131) + +# CVE-2026-31505 needs backporting (fixed from 7.0) + +# CVE-2026-31506 needs backporting (fixed from 7.0) + +# CVE-2026-31507 may need backporting (fixed from 6.6.131) + +# CVE-2026-31508 may need backporting (fixed from 6.6.131) + +# CVE-2026-31509 may need backporting (fixed from 6.6.131) + +# CVE-2026-31510 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31511] = "fixed-version: only affects 6.12.59 onwards" + +# CVE-2026-31512 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31513] = "fixed-version: only affects 6.12.75 onwards" + +CVE_STATUS[CVE-2026-31514] = "fixed-version: only affects 6.12.75 onwards" + +# CVE-2026-31515 may need backporting (fixed from 6.6.131) + +# CVE-2026-31516 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-31517] = "fixed-version: only affects 6.14 onwards" + +# CVE-2026-31518 may need backporting (fixed from 6.6.131) + +# CVE-2026-31519 may need backporting (fixed from 6.6.131) + +# CVE-2026-31520 may need backporting (fixed from 6.6.131) + +# CVE-2026-31521 may need backporting (fixed from 6.6.131) + +# CVE-2026-31522 may need backporting (fixed from 6.6.131) + +# CVE-2026-31523 may need backporting (fixed from 6.6.131) + +# CVE-2026-31524 may need backporting (fixed from 6.6.131) + +# CVE-2026-31525 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31526] = "fixed-version: only affects 6.7 onwards" + +# CVE-2026-31527 needs backporting (fixed from 7.0) + +# CVE-2026-31528 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31529] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-31530 needs backporting (fixed from 7.0) + +# CVE-2026-31531 needs backporting (fixed from 7.0) + +# CVE-2026-31532 may need backporting (fixed from 6.6.136) + +# CVE-2026-31533 may need backporting (fixed from 6.6.135) + +CVE_STATUS[CVE-2026-31535] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-31536 needs backporting (fixed from 7.0) + +# CVE-2026-31537 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-31538] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-31539] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-31540 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-31541] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-31542 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-31543] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-31544] = "fixed-version: only affects 6.17 onwards" + +# CVE-2026-31545 may need backporting (fixed from 6.6.130) + +# CVE-2026-31546 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-31547] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-31548 may need backporting (fixed from 6.6.130) + +# CVE-2026-31549 may need backporting (fixed from 6.6.130) + +# CVE-2026-31550 may need backporting (fixed from 6.6.130) + +# CVE-2026-31551 may need backporting (fixed from 6.6.130) + +# CVE-2026-31552 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-31553] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-31554] = "fixed-version: only affects 6.7 onwards" + +# CVE-2026-31555 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31556] = "fixed-version: only affects 6.8 onwards" + +# CVE-2026-31557 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-31558] = "fixed-version: only affects 6.10 onwards" + +CVE_STATUS[CVE-2026-31559] = "fixed-version: only affects 6.12.43 onwards" + +# CVE-2026-31560 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-31561] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-31562] = "fixed-version: only affects 6.9 onwards" + +# CVE-2026-31563 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31564] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-31565 may need backporting (fixed from 6.6.131) + +# CVE-2026-31566 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31567] = "fixed-version: only affects 6.17.8 onwards" + +# CVE-2026-31568 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-31569] = "fixed-version: only affects 6.13 onwards" + +# CVE-2026-31570 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-31571] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-31572] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-31573] = "fixed-version: only affects 6.19.6 onwards" + +CVE_STATUS[CVE-2026-31574] = "fixed-version: only affects 7.0 onwards" + +CVE_STATUS[CVE-2026-31575] = "fixed-version: only affects 6.7 onwards" + +# CVE-2026-31576 may need backporting (fixed from 6.6.136) + +# CVE-2026-31577 may need backporting (fixed from 6.6.136) + +# CVE-2026-31578 may need backporting (fixed from 6.6.136) + +# CVE-2026-31579 needs backporting (fixed from 7.1rc1) + +# CVE-2026-31580 may need backporting (fixed from 6.6.136) + +# CVE-2026-31581 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-31582] = "fixed-version: only affects 6.7 onwards" + +# CVE-2026-31583 may need backporting (fixed from 6.6.136) + +# CVE-2026-31584 may need backporting (fixed from 6.6.136) + +# CVE-2026-31585 may need backporting (fixed from 6.6.136) + +# CVE-2026-31586 may need backporting (fixed from 6.6.136) + +# CVE-2026-31587 may need backporting (fixed from 6.6.136) + +# CVE-2026-31588 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-31589] = "fixed-version: only affects 6.14 onwards" + +# CVE-2026-31590 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-31591] = "fixed-version: only affects 6.11 onwards" + +# CVE-2026-31592 needs backporting (fixed from 7.1rc1) + +CVE_STATUS[CVE-2026-31593] = "fixed-version: only affects 6.11 onwards" + +# CVE-2026-31594 may need backporting (fixed from 6.6.136) + +# CVE-2026-31595 may need backporting (fixed from 6.6.136) + +# CVE-2026-31596 may need backporting (fixed from 6.6.136) + +# CVE-2026-31597 may need backporting (fixed from 6.6.136) + +# CVE-2026-31598 may need backporting (fixed from 6.6.136) + +# CVE-2026-31599 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-31600] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-31601] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-31602 may need backporting (fixed from 6.6.136) + +# CVE-2026-31603 may need backporting (fixed from 6.6.136) + +# CVE-2026-31604 may need backporting (fixed from 6.6.136) + +# CVE-2026-31605 may need backporting (fixed from 6.6.136) + +# CVE-2026-31606 needs backporting (fixed from 7.1rc1) + +# CVE-2026-31607 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-31608] = "fixed-version: only affects 6.18.11 onwards" + +CVE_STATUS[CVE-2026-31609] = "fixed-version: only affects 6.18.11 onwards" + +# CVE-2026-31610 may need backporting (fixed from 6.6.136) + +# CVE-2026-31611 may need backporting (fixed from 6.6.136) + +# CVE-2026-31612 may need backporting (fixed from 6.6.136) + +# CVE-2026-31613 may need backporting (fixed from 6.6.141) + +# CVE-2026-31614 may need backporting (fixed from 6.6.136) + +# CVE-2026-31615 may need backporting (fixed from 6.6.136) + +# CVE-2026-31616 may need backporting (fixed from 6.6.136) + +# CVE-2026-31617 may need backporting (fixed from 6.6.136) + +# CVE-2026-31618 may need backporting (fixed from 6.6.136) + +# CVE-2026-31619 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-31620] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-31621] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-31622 may need backporting (fixed from 6.6.136) + +# CVE-2026-31623 may need backporting (fixed from 6.6.136) + +# CVE-2026-31624 may need backporting (fixed from 6.6.136) + +# CVE-2026-31625 may need backporting (fixed from 6.6.136) + +# CVE-2026-31626 may need backporting (fixed from 6.6.136) + +# CVE-2026-31627 may need backporting (fixed from 6.6.136) + +# CVE-2026-31628 may need backporting (fixed from 6.6.135) + +# CVE-2026-31629 may need backporting (fixed from 6.6.136) + +# CVE-2026-31630 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-31631] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-31632] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-31633] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-31634 may need backporting (fixed from 6.6.135) + +CVE_STATUS[CVE-2026-31635] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-31636] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-31637 may need backporting (fixed from 6.6.135) + +# CVE-2026-31638 may need backporting (fixed from 6.6.135) + +# CVE-2026-31639 may need backporting (fixed from 6.6.135) + +CVE_STATUS[CVE-2026-31640] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-31641] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-31642 may need backporting (fixed from 6.6.135) + +CVE_STATUS[CVE-2026-31643] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-31644] = "fixed-version: only affects 6.12 onwards" + +# CVE-2026-31645 needs backporting (fixed from 7.0) + +# CVE-2026-31646 may need backporting (fixed from 6.6.135) + +CVE_STATUS[CVE-2026-31647] = "fixed-version: only affects 6.9 onwards" + +# CVE-2026-31648 may need backporting (fixed from 6.6.135) + +# CVE-2026-31649 may need backporting (fixed from 6.6.135) + +CVE_STATUS[CVE-2026-31650] = "fixed-version: only affects 6.17 onwards" + +# CVE-2026-31651 may need backporting (fixed from 6.6.135) + +CVE_STATUS[CVE-2026-31652] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-31653] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-31654] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-31655 may need backporting (fixed from 6.6.135) + +# CVE-2026-31656 may need backporting (fixed from 6.6.135) + +# CVE-2026-31657 may need backporting (fixed from 6.6.135) + +# CVE-2026-31658 may need backporting (fixed from 6.6.135) + +# CVE-2026-31659 may need backporting (fixed from 6.6.135) + +# CVE-2026-31660 may need backporting (fixed from 6.6.135) + +# CVE-2026-31661 may need backporting (fixed from 6.6.135) + +# CVE-2026-31662 may need backporting (fixed from 6.6.135) + +# CVE-2026-31663 needs backporting (fixed from 7.0) + +# CVE-2026-31664 may need backporting (fixed from 6.6.135) + +# CVE-2026-31665 may need backporting (fixed from 6.6.135) + +CVE_STATUS[CVE-2026-31666] = "fixed-version: only affects 6.10 onwards" + +# CVE-2026-31667 may need backporting (fixed from 6.6.135) + +# CVE-2026-31668 may need backporting (fixed from 6.6.135) + +# CVE-2026-31669 may need backporting (fixed from 6.6.135) + +# CVE-2026-31670 may need backporting (fixed from 6.6.135) + +# CVE-2026-31671 may need backporting (fixed from 6.6.135) + +# CVE-2026-31672 may need backporting (fixed from 6.6.135) + +# CVE-2026-31673 may need backporting (fixed from 6.6.136) + +# CVE-2026-31674 may need backporting (fixed from 6.6.131) + +# CVE-2026-31675 may need backporting (fixed from 6.6.134) + +# CVE-2026-31676 may need backporting (fixed from 6.6.136) + +# CVE-2026-31677 needs backporting (fixed from 7.0) + +# CVE-2026-31678 may need backporting (fixed from 6.6.131) + +# CVE-2026-31679 may need backporting (fixed from 6.6.131) + +# CVE-2026-31680 may need backporting (fixed from 6.6.134) + +# CVE-2026-31681 may need backporting (fixed from 6.6.136) + +# CVE-2026-31682 may need backporting (fixed from 6.6.134) + +# CVE-2026-31683 may need backporting (fixed from 6.6.130) + +# CVE-2026-31684 may need backporting (fixed from 6.6.136) + +# CVE-2026-31685 may need backporting (fixed from 6.6.136) + +# CVE-2026-31686 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-31687] = "cpe-stable-backport: Backported in 6.6.126" + +# CVE-2026-31688 needs backporting (fixed from 7.0) + +# CVE-2026-31689 may need backporting (fixed from 6.6.135) + +CVE_STATUS[CVE-2026-31690] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-31691] = "fixed-version: only affects 6.14 onwards" + +# CVE-2026-31692 needs backporting (fixed from 7.0) + +# CVE-2026-31693 may need backporting (fixed from 6.6.128) + +# CVE-2026-31694 may need backporting (fixed from 6.6.136) + +# CVE-2026-31695 may need backporting (fixed from 6.6.134) + +# CVE-2026-31696 may need backporting (fixed from 6.6.136) + +# CVE-2026-31697 may need backporting (fixed from 6.6.136) + +# CVE-2026-31698 may need backporting (fixed from 6.6.136) + +# CVE-2026-31699 may need backporting (fixed from 6.6.136) + +# CVE-2026-31700 may need backporting (fixed from 6.6.136) + +# CVE-2026-31701 may need backporting (fixed from 6.6.136) + +# CVE-2026-31702 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-31703] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-31704 may need backporting (fixed from 6.6.136) + +# CVE-2026-31705 may need backporting (fixed from 6.6.136) + +# CVE-2026-31706 needs backporting (fixed from 7.1rc1) + +# CVE-2026-31707 may need backporting (fixed from 6.6.141) + +# CVE-2026-31708 may need backporting (fixed from 6.6.136) + +# CVE-2026-31709 may need backporting (fixed from 6.6.140) + +CVE_STATUS[CVE-2026-31710] = "fixed-version: only affects 7.0 onwards" + +# CVE-2026-31711 may need backporting (fixed from 6.6.136) + +# CVE-2026-31712 may need backporting (fixed from 6.6.140) + +CVE_STATUS[CVE-2026-31713] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-31714 may need backporting (fixed from 6.6.136) + +# CVE-2026-31715 may need backporting (fixed from 6.6.140) + +# CVE-2026-31716 may need backporting (fixed from 6.6.136) + +# CVE-2026-31717 may need backporting (fixed from 6.7) + +# CVE-2026-31718 may need backporting (fixed from 6.6.140) + +CVE_STATUS[CVE-2026-31719] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-31720 may need backporting (fixed from 6.6.134) + +# CVE-2026-31721 may need backporting (fixed from 6.6.135) + +# CVE-2026-31722 needs backporting (fixed from 7.0) + +# CVE-2026-31723 needs backporting (fixed from 7.0) + +# CVE-2026-31724 needs backporting (fixed from 7.0) + +# CVE-2026-31725 needs backporting (fixed from 7.0) + +# CVE-2026-31726 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-31727] = "fixed-version: only affects 6.12.78 onwards" + +# CVE-2026-31728 may need backporting (fixed from 6.6.134) + +# CVE-2026-31729 needs backporting (fixed from 7.0) + +# CVE-2026-31730 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-31731] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-31732] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-31733] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-31734] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-31735] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-31736] = "fixed-version: only affects 6.11 onwards" + +# CVE-2026-31737 may need backporting (fixed from 6.6.134) + +# CVE-2026-31738 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-31739] = "fixed-version: only affects 6.10 onwards" + +# CVE-2026-31740 may need backporting (fixed from 6.6.134) + +# CVE-2026-31741 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-31742] = "fixed-version: only affects 6.18.20 onwards" + +CVE_STATUS[CVE-2026-31743] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-31744] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-31745] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-31746] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-31747 may need backporting (fixed from 6.6.134) + +# CVE-2026-31748 may need backporting (fixed from 6.6.134) + +# CVE-2026-31749 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-31750] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-31751 may need backporting (fixed from 6.6.134) + +# CVE-2026-31752 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-31753] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-31754 may need backporting (fixed from 6.6.134) + +# CVE-2026-31755 may need backporting (fixed from 6.6.134) + +# CVE-2026-31756 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-31757] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-31758 may need backporting (fixed from 6.6.134) + +# CVE-2026-31759 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-31760] = "fixed-version: only affects 6.13 onwards" + +# CVE-2026-31761 may need backporting (fixed from 6.6.134) + +# CVE-2026-31762 may need backporting (fixed from 6.6.134) + +# CVE-2026-31763 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-31764] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-31765] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-31766] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-31767 needs backporting (fixed from 7.0) + +# CVE-2026-31768 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-31769] = "fixed-version: only affects 6.13 onwards" + +# CVE-2026-31770 may need backporting (fixed from 6.6.134) + +# CVE-2026-31771 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-31772] = "fixed-version: only affects 6.12.2 onwards" + +# CVE-2026-31773 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-31774] = "fixed-version: only affects 6.10 onwards" + +CVE_STATUS[CVE-2026-31775] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-31776] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-31777 needs backporting (fixed from 7.0) + +# CVE-2026-31778 may need backporting (fixed from 6.6.134) + +# CVE-2026-31779 may need backporting (fixed from 6.6.134) + +# CVE-2026-31780 may need backporting (fixed from 6.6.134) + +# CVE-2026-31781 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-31782] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-31783] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-31784] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-31785] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-31786 may need backporting (fixed from 6.6.137) + +# CVE-2026-31787 may need backporting (fixed from 6.6.137) + +# CVE-2026-31788 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43004] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-43005] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-43006] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-43007 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-43008] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43009 needs backporting (fixed from 7.0) + +# CVE-2026-43010 needs backporting (fixed from 7.0) + +# CVE-2026-43011 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-43012] = "fixed-version: only affects 6.12.9 onwards" + +# CVE-2026-43013 may need backporting (fixed from 6.6.134) + +# CVE-2026-43014 may need backporting (fixed from 6.6.134) + +# CVE-2026-43015 may need backporting (fixed from 6.6.134) + +# CVE-2026-43016 may need backporting (fixed from 6.6.134) + +# CVE-2026-43017 may need backporting (fixed from 6.6.134) + +# CVE-2026-43018 may need backporting (fixed from 6.6.134) + +# CVE-2026-43019 needs backporting (fixed from 7.0) + +# CVE-2026-43020 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-43021] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43022 may need backporting (fixed from 6.7) + +# CVE-2026-43023 may need backporting (fixed from 6.6.134) + +# CVE-2026-43024 may need backporting (fixed from 6.6.134) + +# CVE-2026-43025 may need backporting (fixed from 6.6.134) + +# CVE-2026-43026 may need backporting (fixed from 6.6.134) + +# CVE-2026-43027 may need backporting (fixed from 6.6.134) + +# CVE-2026-43028 may need backporting (fixed from 6.6.134) + +# CVE-2026-43029 may need backporting (fixed from 6.7) + +# CVE-2026-43030 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-43031] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-43032 may need backporting (fixed from 6.6.134) + +# CVE-2026-43033 may need backporting (fixed from 6.6.137) + +CVE_STATUS[CVE-2026-43034] = "fixed-version: only affects 6.8 onwards" + +# CVE-2026-43035 may need backporting (fixed from 6.6.134) + +# CVE-2026-43036 needs backporting (fixed from 7.0) + +# CVE-2026-43037 may need backporting (fixed from 6.6.134) + +# CVE-2026-43038 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-43039] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43040 may need backporting (fixed from 6.6.134) + +# CVE-2026-43041 may need backporting (fixed from 6.6.134) + +# CVE-2026-43042 needs backporting (fixed from 7.0) + +# CVE-2026-43043 may need backporting (fixed from 6.6.134) + +# CVE-2026-43044 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-43045] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-43046 may need backporting (fixed from 6.6.134) + +# CVE-2026-43047 may need backporting (fixed from 6.6.134) + +# CVE-2026-43048 needs backporting (fixed from 7.0) + +# CVE-2026-43049 needs backporting (fixed from 7.0) + +# CVE-2026-43050 may need backporting (fixed from 6.6.134) + +# CVE-2026-43051 may need backporting (fixed from 6.6.134) + +# CVE-2026-43052 needs backporting (fixed from 7.0) + +# CVE-2026-43053 needs backporting (fixed from 7.0) + +# CVE-2026-43054 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-43055] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-43056 may need backporting (fixed from 6.6.134) + +# CVE-2026-43057 may need backporting (fixed from 6.6.134) + +# CVE-2026-43058 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-43059] = "fixed-version: only affects 6.12.59 onwards" + +# CVE-2026-43060 may need backporting (fixed from 6.6.130) + +# CVE-2026-43061 may need backporting (fixed from 6.6.130) + +# CVE-2026-43062 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43063] = "fixed-version: only affects 6.10 onwards" + +# CVE-2026-43064 may need backporting (fixed from 6.6.131) + +# CVE-2026-43065 may need backporting (fixed from 6.6.131) + +# CVE-2026-43066 may need backporting (fixed from 6.6.131) + +# CVE-2026-43067 may need backporting (fixed from 6.6.134) + +# CVE-2026-43068 may need backporting (fixed from 6.6.131) + +# CVE-2026-43069 may need backporting (fixed from 6.6.131) + +CVE_STATUS[CVE-2026-43070] = "fixed-version: only affects 6.18.17 onwards" + +# CVE-2026-43071 may need backporting (fixed from 6.6.136) + +# CVE-2026-43072 may need backporting (fixed from 6.6.136) + +# CVE-2026-43073 needs backporting (fixed from 7.1rc1) + +# CVE-2026-43074 may need backporting (fixed from 6.6.136) + +# CVE-2026-43075 may need backporting (fixed from 6.6.136) + +# CVE-2026-43076 may need backporting (fixed from 6.6.136) + +# CVE-2026-43077 may need backporting (fixed from 6.6.136) + +# CVE-2026-43078 may need backporting (fixed from 6.6.137) + +# CVE-2026-43079 may need backporting (fixed from 6.6.136) + +# CVE-2026-43080 may need backporting (fixed from 6.6.136) + +# CVE-2026-43081 may need backporting (fixed from 6.6.136) + +# CVE-2026-43082 may need backporting (fixed from 6.6.136) + +# CVE-2026-43083 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-43084] = "fixed-version: only affects 6.12.75 onwards" + +# CVE-2026-43085 may need backporting (fixed from 6.6.136) + +# CVE-2026-43086 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-43087] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43088 needs backporting (fixed from 7.0) + +# CVE-2026-43089 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-43090] = "fixed-version: only affects 6.12 onwards" + +# CVE-2026-43091 may need backporting (fixed from 6.6.136) + +# CVE-2026-43092 may need backporting (fixed from 6.6.136) + +# CVE-2026-43093 may need backporting (fixed from 6.6.136) + +# CVE-2026-43094 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-43095] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-43096] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-43097] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43098 may need backporting (fixed from 6.6.136) + +# CVE-2026-43099 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-43100] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-43101 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-43102] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-43103 may need backporting (fixed from 6.6.136) + +# CVE-2026-43104 may need backporting (fixed from 6.6.136) + +# CVE-2026-43105 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-43106] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43107 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-43108] = "fixed-version: only affects 6.11 onwards" + +# CVE-2026-43109 may need backporting (fixed from 6.6.140) + +# CVE-2026-43110 may need backporting (fixed from 6.6.136) + +# CVE-2026-43111 may need backporting (fixed from 6.6.136) + +# CVE-2026-43112 may need backporting (fixed from 6.6.136) + +# CVE-2026-43113 may need backporting (fixed from 6.6.136) + +# CVE-2026-43114 may need backporting (fixed from 6.6.136) + +# CVE-2026-43115 needs backporting (fixed from 7.0) + +# CVE-2026-43116 needs backporting (fixed from 7.0) + +# CVE-2026-43117 may need backporting (fixed from 6.6.136) + +# CVE-2026-43118 needs backporting (fixed from 7.0) + +# CVE-2026-43119 needs backporting (fixed from 7.0) + +# CVE-2026-43120 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-43121] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-43122] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-43123 may need backporting (fixed from 6.6.128) + +# CVE-2026-43124 may need backporting (fixed from 6.6.128) + +# CVE-2026-43125 needs backporting (fixed from 7.0) + +# CVE-2026-43126 needs backporting (fixed from 7.0) + +# CVE-2026-43127 may need backporting (fixed from 6.7) + +# CVE-2026-43128 may need backporting (fixed from 6.6.128) + +# CVE-2026-43129 needs backporting (fixed from 7.0) + +# CVE-2026-43130 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43131] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43132 may need backporting (fixed from 6.6.128) + +# CVE-2026-43133 may need backporting (fixed from 6.6.128) + +# CVE-2026-43134 may need backporting (fixed from 6.6.128) + +# CVE-2026-43135 may need backporting (fixed from 6.6.128) + +# CVE-2026-43136 may need backporting (fixed from 6.6.128) + +# CVE-2026-43137 may need backporting (fixed from 6.6.141) + +CVE_STATUS[CVE-2026-43138] = "fixed-version: only affects 6.9 onwards" + +# CVE-2026-43139 may need backporting (fixed from 6.6.128) + +# CVE-2026-43140 may need backporting (fixed from 6.6.128) + +# CVE-2026-43141 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43142] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-43143 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43144] = "fixed-version: only affects 6.13 onwards" + +# CVE-2026-43145 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43146] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-43147 may need backporting (fixed from 6.6.128) + +# CVE-2026-43148 may need backporting (fixed from 6.6.128) + +# CVE-2026-43149 may need backporting (fixed from 6.6.128) + +# CVE-2026-43150 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43151] = "fixed-version: only affects 6.18.3 onwards" + +# CVE-2026-43152 may need backporting (fixed from 6.6.128) + +# CVE-2026-43153 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-43154] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-43155] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-43156 may need backporting (fixed from 6.6.128) + +# CVE-2026-43157 may need backporting (fixed from 6.6.128) + +# CVE-2026-43158 may need backporting (fixed from 6.6.128) + +# CVE-2026-43159 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43160] = "fixed-version: only affects 6.17 onwards" + +# CVE-2026-43161 needs backporting (fixed from 7.0) + +# CVE-2026-43162 may need backporting (fixed from 6.6.130) + +# CVE-2026-43163 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43164] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-43165] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2026-43166] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-43167 may need backporting (fixed from 6.6.128) + +# CVE-2026-43168 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43169] = "fixed-version: only affects 6.7 onwards" + +# CVE-2026-43170 may need backporting (fixed from 6.6.128) + +# CVE-2026-43171 may need backporting (fixed from 6.6.128) + +# CVE-2026-43172 needs backporting (fixed from 7.0) + +# CVE-2026-43173 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43174] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-43175] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-43176] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-43177] = "fixed-version: only affects 6.10 onwards" + +CVE_STATUS[CVE-2026-43178] = "fixed-version: only affects 6.12.70 onwards" + +CVE_STATUS[CVE-2026-43179] = "fixed-version: only affects 6.17 onwards" + +# CVE-2026-43180 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43181] = "fixed-version: only affects 6.17 onwards" + +# CVE-2026-43182 may need backporting (fixed from 6.6.128) + +# CVE-2026-43183 may need backporting (fixed from 6.6.128) + +# CVE-2026-43184 may need backporting (fixed from 6.6.128) + +# CVE-2026-43185 needs backporting (fixed from 7.0) + +# CVE-2026-43186 may need backporting (fixed from 6.6.128) + +# CVE-2026-43187 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43188] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-43189 may need backporting (fixed from 6.6.128) + +# CVE-2026-43190 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43191] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-43192] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-43193] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43194 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43195] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-43196 may need backporting (fixed from 6.6.128) + +# CVE-2026-43197 needs backporting (fixed from 7.0) + +# CVE-2026-43198 needs backporting (fixed from 7.0) + +# CVE-2026-43199 needs backporting (fixed from 7.0) + +# CVE-2026-43200 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43201] = "fixed-version: only affects 6.12.63 onwards" + +# CVE-2026-43202 may need backporting (fixed from 6.6.128) + +# CVE-2026-43203 may need backporting (fixed from 6.6.128) + +# CVE-2026-43204 needs backporting (fixed from 7.0) + +# CVE-2026-43205 may need backporting (fixed from 6.6.128) + +# CVE-2026-43206 may need backporting (fixed from 6.6.128) + +# CVE-2026-43207 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43208] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-43209 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43210] = "fixed-version: only affects 6.12 onwards" + +# CVE-2026-43211 may need backporting (fixed from 6.6.128) + +# CVE-2026-43212 may need backporting (fixed from 6.6.128) + +# CVE-2026-43213 needs backporting (fixed from 7.0) + +# CVE-2026-43214 may need backporting (fixed from 6.6.128) + +# CVE-2026-43215 may need backporting (fixed from 6.6.128) + +# CVE-2026-43216 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-43217] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-43218 may need backporting (fixed from 6.6.128) + +# CVE-2026-43219 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-43220] = "fixed-version: only affects 6.6.128 onwards" + +# CVE-2026-43221 may need backporting (fixed from 6.6.128) + +# CVE-2026-43222 may need backporting (fixed from 6.6.128) + +# CVE-2026-43223 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43224] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-43225 may need backporting (fixed from 6.6.128) + +# CVE-2026-43226 may need backporting (fixed from 6.6.128) + +# CVE-2026-43227 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43228] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-43229] = "fixed-version: only affects 6.8 onwards" + +# CVE-2026-43230 may need backporting (fixed from 6.6.128) + +# CVE-2026-43231 may need backporting (fixed from 6.6.128) + +# CVE-2026-43232 may need backporting (fixed from 6.6.128) + +# CVE-2026-43233 may need backporting (fixed from 6.6.128) + +# CVE-2026-43234 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-43235] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-43236 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43237] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-43238 may need backporting (fixed from 6.6.128) + +# CVE-2026-43239 may need backporting (fixed from 6.6.128) + +# CVE-2026-43240 may need backporting (fixed from 6.6.128) + +# CVE-2026-43241 may need backporting (fixed from 6.6.128) + +# CVE-2026-43242 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43243] = "fixed-version: only affects 6.11 onwards" + +# CVE-2026-43244 needs backporting (fixed from 7.0) + +# CVE-2026-43245 may need backporting (fixed from 6.6.141) + +# CVE-2026-43246 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43247] = "fixed-version: only affects 6.13 onwards" + +# CVE-2026-43248 needs backporting (fixed from 7.0) + +# CVE-2026-43249 needs backporting (fixed from 7.0) + +# CVE-2026-43250 needs backporting (fixed from 7.0) + +# CVE-2026-43251 may need backporting (fixed from 6.6.128) + +# CVE-2026-43252 may need backporting (fixed from 6.6.130) + +# CVE-2026-43253 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43254] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-43255 may need backporting (fixed from 6.6.128) + +# CVE-2026-43256 may need backporting (fixed from 6.6.128) + +# CVE-2026-43257 may need backporting (fixed from 6.6.128) + +# CVE-2026-43258 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-43259] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-43260] = "fixed-version: only affects 6.11 onwards" + +# CVE-2026-43261 may need backporting (fixed from 6.6.128) + +# CVE-2026-43262 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43263] = "fixed-version: only affects 6.8 onwards" + +# CVE-2026-43264 may need backporting (fixed from 6.6.128) + +# CVE-2026-43265 may need backporting (fixed from 6.6.130) + +# CVE-2026-43266 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43267] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-43268 may need backporting (fixed from 6.6.128) + +# CVE-2026-43269 may need backporting (fixed from 6.6.128) + +# CVE-2026-43270 may need backporting (fixed from 6.6.128) + +# CVE-2026-43271 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43272] = "fixed-version: only affects 6.12 onwards" + +# CVE-2026-43273 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43274] = "fixed-version: only affects 6.14 onwards" + +# CVE-2026-43275 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43276] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-43277 may need backporting (fixed from 6.6.128) + +# CVE-2026-43278 may need backporting (fixed from 6.6.128) + +# CVE-2026-43279 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43280] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-43281 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43282] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-43283 may need backporting (fixed from 6.6.128) + +# CVE-2026-43284 may need backporting (fixed from 6.6.138) + +CVE_STATUS[CVE-2026-43285] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-43286] = "fixed-version: only affects 6.14.8 onwards" + +# CVE-2026-43287 may need backporting (fixed from 6.6.128) + +# CVE-2026-43288 may need backporting (fixed from 6.6.128) + +# CVE-2026-43289 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43290] = "fixed-version: only affects 6.17 onwards" + +# CVE-2026-43291 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43292] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-43293] = "fixed-version: only affects 6.10 onwards" + +# CVE-2026-43294 needs backporting (fixed from 7.0) + +# CVE-2026-43295 may need backporting (fixed from 6.6.128) + +# CVE-2026-43296 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43297] = "fixed-version: only affects 6.8 onwards" + +# CVE-2026-43298 needs backporting (fixed from 7.0) + +# CVE-2026-43299 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-43300] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-43301] = "fixed-version: only affects 6.8 onwards" + +# CVE-2026-43302 may need backporting (fixed from 6.6.128) + +# CVE-2026-43303 needs backporting (fixed from 7.0) + +# CVE-2026-43304 may need backporting (fixed from 6.6.128) + +CVE_STATUS[CVE-2026-43305] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-43306] = "fixed-version: only affects 6.10 onwards" + +CVE_STATUS[CVE-2026-43307] = "fixed-version: only affects 6.12 onwards" + +# CVE-2026-43308 needs backporting (fixed from 7.0) + +# CVE-2026-43309 needs backporting (fixed from 7.0) + +# CVE-2026-43310 needs backporting (fixed from 7.0) + +# CVE-2026-43311 needs backporting (fixed from 7.0) + +# CVE-2026-43312 may need backporting (fixed from 6.6.128) + +# CVE-2026-43313 may need backporting (fixed from 6.6.128) + +# CVE-2026-43314 may need backporting (fixed from 6.6.128) + +# CVE-2026-43315 may need backporting (fixed from 6.6.128) + +# CVE-2026-43316 may need backporting (fixed from 6.6.128) + +# CVE-2026-43317 needs backporting (fixed from 7.0) + +# CVE-2026-43318 needs backporting (fixed from 7.0) + +# CVE-2026-43319 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-43320] = "fixed-version: only affects 6.10.13 onwards" + +CVE_STATUS[CVE-2026-43321] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-43322] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-43323] = "fixed-version: only affects 6.12.78 onwards" + +# CVE-2026-43324 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-43325] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-43326] = "fixed-version: only affects 6.12 onwards" + +# CVE-2026-43327 may need backporting (fixed from 6.6.134) + +# CVE-2026-43328 may need backporting (fixed from 6.6.134) + +# CVE-2026-43329 may need backporting (fixed from 6.6.134) + +# CVE-2026-43330 may need backporting (fixed from 6.6.134) + +# CVE-2026-43331 needs backporting (fixed from 7.0) + +# CVE-2026-43332 may need backporting (fixed from 6.6.134) + +# CVE-2026-43333 may need backporting (fixed from 6.6.134) + +# CVE-2026-43334 may need backporting (fixed from 6.6.134) + +CVE_STATUS[CVE-2026-43335] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43336 may need backporting (fixed from 6.6.135) + +CVE_STATUS[CVE-2026-43337] = "fixed-version: only affects 6.11.3 onwards" + +# CVE-2026-43338 needs backporting (fixed from 7.0) + +# CVE-2026-43339 may need backporting (fixed from 6.6.134) + +# CVE-2026-43340 may need backporting (fixed from 6.6.134) + +# CVE-2026-43341 may need backporting (fixed from 6.6.134) + +# CVE-2026-43342 may need backporting (fixed from 6.6.134) + +# CVE-2026-43343 may need backporting (fixed from 6.6.134) + +# CVE-2026-43344 needs backporting (fixed from 7.0) + +# CVE-2026-43345 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-43346] = "fixed-version: only affects 6.12.11 onwards" + +CVE_STATUS[CVE-2026-43347] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-43348] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-43349] = "fixed-version: only affects 6.18.13 onwards" + +# CVE-2026-43350 may need backporting (fixed from 6.6.136) + +CVE_STATUS[CVE-2026-43351] = "fixed-version: only affects 6.14 onwards" + +# CVE-2026-43352 needs backporting (fixed from 7.0) + +# CVE-2026-43353 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-43354] = "fixed-version: only affects 6.12 onwards" + +# CVE-2026-43355 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43356] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-43357 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43358] = "fixed-version: only affects 6.16.4 onwards" + +# CVE-2026-43359 may need backporting (fixed from 6.6.130) + +# CVE-2026-43360 may need backporting (fixed from 6.6.130) + +# CVE-2026-43361 may need backporting (fixed from 6.6.130) + +# CVE-2026-43362 may need backporting (fixed from 6.6.130) + +# CVE-2026-43363 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43364] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-43365 may need backporting (fixed from 6.6.130) + +# CVE-2026-43366 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43367] = "fixed-version: only affects 6.18.16 onwards" + +# CVE-2026-43368 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43369] = "fixed-version: only affects 6.18.16 onwards" + +# CVE-2026-43370 may need backporting (fixed from 6.6.130) + +# CVE-2026-43371 may need backporting (fixed from 6.6.130) + +# CVE-2026-43372 may need backporting (fixed from 6.6.130) + +# CVE-2026-43373 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43374] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-43375] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-43376 may need backporting (fixed from 6.6.130) + +# CVE-2026-43377 may need backporting (fixed from 6.6.130) + +# CVE-2026-43378 may need backporting (fixed from 6.6.130) + +# CVE-2026-43379 may need backporting (fixed from 6.6.130) + +# CVE-2026-43380 may need backporting (fixed from 6.6.130) + +# CVE-2026-43381 may need backporting (fixed from 6.6.130) + +# CVE-2026-43382 may need backporting (fixed from 6.6.130) + +# CVE-2026-43383 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43384] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-43385] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43386 may need backporting (fixed from 6.6.130) + +# CVE-2026-43387 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43388] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-43389] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-43390] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-43391] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-43392] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-43393] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-43394] = "fixed-version: only affects 6.10 onwards" + +CVE_STATUS[CVE-2026-43395] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-43396] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-43397 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43398] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-43399] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-43400] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-43401] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-43402] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-43403] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-43404] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-43405 may need backporting (fixed from 6.6.130) + +# CVE-2026-43406 may need backporting (fixed from 6.6.130) + +# CVE-2026-43407 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43408] = "fixed-version: only affects 6.12.48 onwards" + +# CVE-2026-43409 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43410] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43411 may need backporting (fixed from 6.6.130) + +# CVE-2026-43412 may need backporting (fixed from 6.6.130) + +# CVE-2026-43413 may need backporting (fixed from 6.6.130) + +# CVE-2026-43414 may need backporting (fixed from 6.7) + +# CVE-2026-43415 may need backporting (fixed from 6.6.130) + +# CVE-2026-43416 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-43417] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-43418] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43419 may need backporting (fixed from 6.6.130) + +# CVE-2026-43420 may need backporting (fixed from 6.6.130) + +# CVE-2026-43421 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-43422] = "fixed-version: only affects 6.18.17 onwards" + +CVE_STATUS[CVE-2026-43423] = "fixed-version: only affects 6.18.17 onwards" + +# CVE-2026-43424 may need backporting (fixed from 6.6.130) + +# CVE-2026-43425 may need backporting (fixed from 6.6.130) + +# CVE-2026-43426 may need backporting (fixed from 6.6.130) + +# CVE-2026-43427 may need backporting (fixed from 6.6.130) + +# CVE-2026-43428 may need backporting (fixed from 6.6.130) + +# CVE-2026-43429 may need backporting (fixed from 6.6.130) + +# CVE-2026-43430 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43431] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43432 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43433] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-43434] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-43435] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-43436 may need backporting (fixed from 6.6.130) + +# CVE-2026-43437 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43438] = "fixed-version: only affects 6.12 onwards" + +# CVE-2026-43439 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43440] = "fixed-version: only affects 6.18.16 onwards" + +# CVE-2026-43441 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43442] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43443 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-43444] = "fixed-version: only affects 6.12 onwards" + +# CVE-2026-43445 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43446] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-43447] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-43448 may need backporting (fixed from 6.6.130) + +# CVE-2026-43449 may need backporting (fixed from 6.6.130) + +# CVE-2026-43450 may need backporting (fixed from 6.6.130) + +# CVE-2026-43451 may need backporting (fixed from 6.6.130) + +# CVE-2026-43452 may need backporting (fixed from 6.6.130) + +# CVE-2026-43453 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43454] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-43455 may need backporting (fixed from 6.6.130) + +# CVE-2026-43456 needs backporting (fixed from 7.0) + +# CVE-2026-43457 may need backporting (fixed from 6.6.130) + +# CVE-2026-43458 may need backporting (fixed from 6.6.130) + +# CVE-2026-43459 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43460] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-43461] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-43462] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-43463] = "fixed-version: only affects 6.7.3 onwards" + +# CVE-2026-43464 may need backporting (fixed from 6.7) + +# CVE-2026-43465 may need backporting (fixed from 6.7) + +# CVE-2026-43466 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43467] = "fixed-version: only affects 6.12.56 onwards" + +# CVE-2026-43468 may need backporting (fixed from 6.6.130) + +# CVE-2026-43469 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43470] = "fixed-version: only affects 6.10 onwards" + +# CVE-2026-43471 may need backporting (fixed from 6.6.130) + +# CVE-2026-43472 may need backporting (fixed from 6.6.130) + +# CVE-2026-43473 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43474] = "fixed-version: only affects 6.17 onwards" + +# CVE-2026-43475 may need backporting (fixed from 6.6.130) + +# CVE-2026-43476 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43477] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-43478] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-43479] = "fixed-version: only affects 6.17 onwards" + +# CVE-2026-43480 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43481] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2026-43482] = "fixed-version: only affects 6.12 onwards" + +# CVE-2026-43483 may need backporting (fixed from 6.6.130) + +# CVE-2026-43484 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43485] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-43486] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-43487] = "fixed-version: only affects 6.9 onwards" + +# CVE-2026-43488 may need backporting (fixed from 6.6.130) + +CVE_STATUS[CVE-2026-43489] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43490 may need backporting (fixed from 6.6.141) + +# CVE-2026-43491 may need backporting (fixed from 6.6.140) + +# CVE-2026-43492 may need backporting (fixed from 6.6.140) + +# CVE-2026-43493 may need backporting (fixed from 6.6.140) + +# CVE-2026-43494 may need backporting (fixed from 6.6.141) + +# CVE-2026-43495 may need backporting (fixed from 6.6.140) + +# CVE-2026-43496 may need backporting (fixed from 6.6.140) + +# CVE-2026-43497 may need backporting (fixed from 6.6.140) + +CVE_STATUS[CVE-2026-43498] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-43499 may need backporting (fixed from 6.6.140) + +# CVE-2026-43500 may need backporting (fixed from 6.6.140) + +# CVE-2026-43501 may need backporting (fixed from 6.6.140) + +# CVE-2026-43502 may need backporting (fixed from 6.6.140) + +# CVE-2026-43503 may need backporting (fixed from 6.6.141) + +# CVE-2026-45834 may need backporting (fixed from 6.6.140) + +# CVE-2026-45835 may need backporting (fixed from 6.6.140) + +# CVE-2026-45836 may need backporting (fixed from 6.6.140) + +# CVE-2026-46300 may need backporting (fixed from 6.6.141) + +# CVE-2026-46333 may need backporting (fixed from 6.6.139) From patchwork Fri Jun 5 22:34:06 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89417 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8126CD6E7E for ; Fri, 5 Jun 2026 22:34:36 +0000 (UTC) Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6140.1780698867537521086 for ; Fri, 05 Jun 2026 15:34:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=rFg506xp; spf=pass (domain: smile.fr, ip: 209.85.221.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-45ef616daf6so2072591f8f.3 for ; Fri, 05 Jun 2026 15:34:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698866; x=1781303666; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=S1HElx6OlQuR9MwXY1AIbg/jBNyWMky8TLXkOXCdlDk=; b=rFg506xpHaJE4PQVSWrzGB96n03ifpBw3oJEv2Rw+0o067NTxJn+AClw32TO2Obqnw KQsE346W6zhAQ+th9esT/hA3j56olR6UoeVItrytRGJpxR1KaMUZAeh0QGt6piB8gKNn TlGSH9JDI+UHGwEpUwEmO9w4RP9hrKn4oT89E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698866; x=1781303666; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=S1HElx6OlQuR9MwXY1AIbg/jBNyWMky8TLXkOXCdlDk=; b=CuwMUCsMwzFTRO67P/heIDsGDlpGELGkbMoxpxv9wA/I+bz9Rge/3j+8eNe6PM1eEh v2I9JKwKCH9Fg4G7uHykeP8iKVR545jYiyyfKree2O89kF7Lhl5f8yWi4WjQN/MUsWP1 Bnq8JNTMFOJDmSURgXzpyFfPG3T6RZFTIunBDEsGxG05zBJCcNIjSbu8ggTOIUV3M7NM Fa9BDETkz0rEyrqxYAQb2ApK/iHRs5stfIj1/5szA7Lp37OZfKm7U+U8nh2ioyz8Hg10 ejUjup6lqk6rRVNhA8dyQ75Qaln3iVKNhipD95Zl2tQTqNRIftieO92b9w+9iHExJWA4 KT0A== X-Gm-Message-State: AOJu0Ywqwpda0HmxCo2F7X1BF4sFa52wGgW3RTBb/L0TWVGU9Pv0OaN4 Pte+/hMwMKl4w+CZFEOlrpbdji0X2oJE6e0v6wXLWC0CwI/Qir2Nb3FTeWbMfRox2dKIxaLwulE iFbuL X-Gm-Gg: Acq92OEhaPlhBabe+ZqfaxM58z8k07MnWlED03H13yl52YH8R9rN9xoahG3QyA9yKzh eDhqeprnLi57Sy1LzvCEMTgb/c/jtm16P//Bhq0dZQ/fVxio96ftrduM9RwzMkLpd24sKBg1XqP 3pDeZkGYNlIIxqLd52o/6ShXgSTLbqQQYvJH9dBSHtGfSHSOQKbQAPBelNTBXik4XgAcW4CVkLI mX6pCXH8VUPNBjmUc5uDq/Bbd1H4NPmaDaQ/k4HrTcZoiHxerBc6pdy180mB4N/LSZI2EelPh88 wHRw5ilEmFKYicaH1XkJoLyBODR8e4jWhW1x9Ql//KP6dERP110Ua5PhiVTctilq1RJEP3MOQag 84fqy4/ng2lC24K3xVT8+dy0q56JyDG3N97UgqQbh7uWPDEBfjrjX5sw5aBG6L3ZFnpUqdPglzV oJNqRNkkB8VwyubcOVYOVBBc7QQ4I5byxVeQxiFderx4yOCGRKF2m3nCbh/LwIPcgEOgjwKhLEV Pu/opXreyqdsxldWVR68sTsaeG8hCTj4hfVR/E= X-Received: by 2002:a05:6000:25c4:b0:43d:7c6c:a0dd with SMTP id ffacd0b85a97d-460306226c3mr9997754f8f.35.1780698865935; Fri, 05 Jun 2026 15:34:25 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:25 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 21/25] tzdata/tzcode-native: upgrade 2026a -> 2026b Date: Sat, 6 Jun 2026 00:34:06 +0200 Message-ID: <37dab321242e06d2940c4221e4a13e68265d696f.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238207 From: Ankur Tyagi The 2026b release contains the following changes: Briefly: British Columbia moved to permanent -07 on 2026-03-09. Some more overflow bugs have been fixed in zic. Changes to future timestamps British Columbia’s 2026-03-08 spring forward was its last foreseeable clock change, as it moved to permanent -07 thereafter. (Thanks to Arthur David Olson.) Although the change to permanent -07 legally took place on 2026-03-09, temporarily model the change to occur on 2026-11-01 at 02:00 instead. This works around a limitation in CLDR v48.2 (2026-03-17). This temporary hack is planned to be removed after CLDR is fixed. Changes to code zic no longer mishandles a last transition to a new time type. zic no longer overflows a buffer when generating a TZ string like "PST-167:59:58PDT-167:59:59,M11.5.6/-167:59:59,M12.5.6/-167:59:59", which can occur with adversarial input. (Thanks to Naveed Khan.) zic no longer generates a longer TZif file than necessary when an earlier time zone abbreviation is a suffix of a later one. As a nice side effect, zic no longer overflows a buffer when given a long series of abbreviations, each a suffix of the next. (Buffer overflow reported by Arthur Chan.) zic no longer overflows an int when processing input like ‘Zone Ouch 2147483648:00:00 - LMT’. The int overflow can lead to buffer overflow in adversarial cases. (Thanks to Naveed Khan.) zic now checks for signals more often. Signed-off-by: Ankur Tyagi Signed-off-by: Mathieu Dubois-Briand (cherry picked from commit dda7d55396e0c5258cba58af7e990ab3813bf108) Signed-off-by: Yoann Congal --- meta/recipes-extended/timezone/timezone.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index 71b034d1581..a4774370662 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2026a" +PV = "2026b" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${WORKDIR}/tz" UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "f80a17a2eddd2b54041f9c98d75b0aa8038b016d7c5de72892a146d9938740e1" -SRC_URI[tzdata.sha256sum] = "77b541725937bb53bd92bd484c0b43bec8545e2d3431ee01f04ef8f2203ba2b7" +SRC_URI[tzcode.sha256sum] = "37e9ed8427f5d3521c22fc58e293cbfb043d70eedf1003870b33f363f61ca344" +SRC_URI[tzdata.sha256sum] = "114543d9f19a6bfeb5bca43686aea173d38755a3db1f2eec112647ae92c6f544" From patchwork Fri Jun 5 22:34:07 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89420 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3C8D1CD8C89 for ; Fri, 5 Jun 2026 22:34:37 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6141.1780698868332087974 for ; Fri, 05 Jun 2026 15:34:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=lRfBSYkN; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-490aaeabdb4so14461405e9.1 for ; Fri, 05 Jun 2026 15:34:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698867; x=1781303667; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BI/0gehz+vMlLlM4Wa3QyA5nDLpJbb3Tmj+3BLe2+cg=; b=lRfBSYkNwAoJN9m2csTqkP1UvZnUOoEC3+UvkSiaOgSbYJIulhh2ytIlp4MCNykw2/ B5AF3Jk0V6ifvZCXRVctDKg77P4a7O2c7JqacQNTZGmHVNcez0yCM9qhBXU2jYxSinoj ou8FMVOQa8uoaZmMncaXaBLxecZ2UxqihYWhY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698867; x=1781303667; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=BI/0gehz+vMlLlM4Wa3QyA5nDLpJbb3Tmj+3BLe2+cg=; b=mWwQirxisHtYJ7IL41GIVm90p4WhVbIWzrcy3m97HmJyFwHGfHZrBVHK1PSq/pVVI4 PvE4qOromYxEbypNY5Z8W4kT3skqVXP22VUmHYRN7yqhwi4p9eWasF0HTUgeK+LC3oZW T9CZ9gKNR2xEAvktVrBUM+VoADdz6tuOQReF0IeohuS7LqVn1dkkYjSMj5zP/1Ik45G/ V+y/wCE/Blft3rgRI1aVcSKw6O+iIB3kiYn1/hs/D0N2A+8OiJ2p89VvoX/I3saxe64C 1SdXLr+w5foJO8cp3a/RM3tcJ6W42lc5DYgyKNA8MY5npUh6rX5JN7Ek1V5SD0qwMntI MIjg== X-Gm-Message-State: AOJu0YzFbdJlt0Jg4WeYl8qqqGac9tpmMl8lSGTYLYt5DiSxemR7L0ct qsYfIeQHuEmnDx9C/Yll17RvHjFyB3NVx8uI8SDsTNjilc0ervppHFOqObv8k9BMVEwBHp3XMcr v0CQi X-Gm-Gg: Acq92OGRnz9WUNIgOE5TQkOfuYckQyh4s5ta7B5hFPWdOvO2EaDfIXFC7+bL/b2VAQU EVcemkTGL97T/aU/AJVsE/tDlTbfK+l23QGjJpLX2r1Fz64LWQKfWbH8DTFvq/kTUHNr0tOcdXu qiE/chLB7tVlxujmVPzVyMqK5XFiEGLTqLDBNxC+GeUpeY9YXUYjRBNR7gj/i1PZjni//OalXJD rzjYCoZo6Wo34pthnIzrKlMihxBhNRimGISsrLtUCPHklYtWMHLz9TLO1QaUSBG7tojN5+1D1Ol A4H6gmYW1IJfAuXMTcpprIGTGY6E477fjDpNMd6VQziNS8MrKsizbjiGb8v2eQzutoYTl9iJHHN j34RWGZvdIlT8udqYYLDC0Y7bc6wEmSr0Llygbs9WzgSqAw8raxJDYcDdPT9Jw1E+KXJqzllDtj 8fVdvlWtxnakxqsAsUe+cY71gQ8q8mj5ELuTDXvJWVFpv5ZKcZaZoyJbLzKYLQn08GgVJYeDbm8 M7wRzrWwilRiLWhOqRQJFBFZ70AfU4IbbAMdS0= X-Received: by 2002:a05:600c:3e0c:b0:490:3fdd:d353 with SMTP id 5b1f17b1804b1-490c259e7f2mr96667805e9.8.1780698866594; Fri, 05 Jun 2026 15:34:26 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:26 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 22/25] pseudo: Upgrade to 1.9.4 Date: Sat, 6 Jun 2026 00:34:07 +0200 Message-ID: <9075b66e1f9161407056924954b3d5507f6d8384.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238208 From: Richard Purdie Update to pull in a full openat2 wrapper which works on Fedora 44. This update includes the commits: * Makefile.in: Bump version to 1.9.4 * test: Add renameat2 test cases * test: Add openat2 test cases * makewrappers/openat2: Add preserve_path option * openat2: Implement openat2 wrapper * ports/linux/guts/renameat2.c: Add comment why this isn't implemented * Add b4 configuration * pseudo_setupenvp: Handle malloc failure safely * pseudo_setupenvp: Allocate space for new env vars if needed Signed-off-by: Richard Purdie (cherry picked from commit b2bd1d114fafe1e797149e02e4c08194d529cfde) Signed-off-by: Yoann Congal --- meta/recipes-devtools/pseudo/pseudo_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index 3ae560487bd..7cb221403fb 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -12,9 +12,9 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "56e1f8df4761da60e41812fc32b1de797d1765e9" +SRCREV = "6c0d8c6b81ca7c2ef2b5a9a996605e1a51814442" S = "${WORKDIR}/git" -PV = "1.9.3+git" +PV = "1.9.4" # largefile and 64bit time_t support adds these macros via compiler flags globally # remove them for pseudo since pseudo intercepts some of the functions which will be From patchwork Fri Jun 5 22:34:08 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89419 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0111ACD8C85 for ; Fri, 5 Jun 2026 22:34:37 +0000 (UTC) Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6142.1780698868879127145 for ; Fri, 05 Jun 2026 15:34:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=O3iACHlF; spf=pass (domain: smile.fr, ip: 209.85.221.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-45f3cf907ceso1119668f8f.2 for ; Fri, 05 Jun 2026 15:34:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698867; x=1781303667; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=HE06sU+/QQ4uc2TkX7Xoyoit/sJ+dyN/VilGGCp61Xo=; b=O3iACHlF4O5QAYf5epyq/yVRqZhC4aoF8+xHdwEnDiW9RPRth9Ykk8LEHezANhh3JP B/FLGi9aJgu/xUB39uNKm7SRRTWAVkXiw5q5152Sl7oBaXFrDdaVaDF0ew3aE3BwgLdN rZ71xj2r7eCl/zY2rMcOF9DBy342HLGZK0EWw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698867; x=1781303667; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=HE06sU+/QQ4uc2TkX7Xoyoit/sJ+dyN/VilGGCp61Xo=; b=rgg1ZckTgim+JsHNxMCtgH74V/GSb3QePxvFcwa1XULBJhiU+xr7gIU54oGcDv8Qv4 th4iC1lDbIJjRj1CoyQRzLlI04Ld7zAAJzdyBcZUT24IvzNWKDY9wEV2LABEc761Iqjj 5dddRcFWONp7AqEZrazOJuxZtQVeNUD/KuxZNaByO2biFAXMBXxHo/yUfyyd5z/4dgoL Lgba8RoZ97Y/zAiG+q1j/87WFr0SqFSh+FKvQ3vhTEhF/j6u1G76JgonYAlUTQPt6S7w GkSYxVRt8MoCLcmg6bkc9u8cBvlE9KilL2l2ohwT87wV+D039PNgPAaXX9BqqBzf+mAs WNxg== X-Gm-Message-State: AOJu0YwS6ETsFOhYVOyh1OXH4HRvyRL7OEF56xs6fMwBbgiCWrCUydm7 koJLOrhJlubpSi5BawgM1+4XIGBoPJrS1eTPZvXjV+982O3EG1KibbkvUHl2paUn9nwg4Y4/0K/ 87zYd X-Gm-Gg: Acq92OHN5OMCs5DTTFmkV1gRBVnlwBm3gwLyfPX4PyjluXyxo3WTzbvngEseqNymO+D ws+VEkB2Jm86M3iIWrOiyxJ/pcutuxFI4sJSh1nc5B63nOHUoO4jZdk/kbNqx4cNnvCwkNr+2KR fK0yMRS8xH0f+Cr+IsRRF0aFmUTN9/RB8I5GQYzmU5BLoFT7ejuQRqd8ygYYRioiR4Hf6mwEn59 F8658uFzeyZyAcnQLoYFEe9czbEYT/iJihsivLHxBPBZDhEmPkWthIv2Y7UJ9O05R5EfY3Q18Ol XYiZS9ZJezCi9utfoC2OorhXykaQaFPg0Bd1DiQvYh84Sz8n7I/X9/nKrCHT8kN1vz6o0pSAcZ3 XWTHTWvk33QShn03zDCkalq8yBptBVjZjbrL2xfohRQ/7YxA1klAfPp4fr+wEyZ4HqUvn4mKrAF 2QRoJexeH5EdtgDJ3S7KJYTLRFbNnblUU5mgUpZ89PNF7TMkk+D7ZmjRqIe/iBQQk/LUYDB9WT4 6kP8MLFhDrboE8zRUQN3kmo1rqLsAr5ceAu00PaCWFaOBFpGA== X-Received: by 2002:a5d:4712:0:b0:43c:fb48:6856 with SMTP id ffacd0b85a97d-460302ee23emr6280779f8f.13.1780698867256; Fri, 05 Jun 2026 15:34:27 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:26 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 23/25] pseudo: Upgrade to 1.9.5 Date: Sat, 6 Jun 2026 00:34:08 +0200 Message-ID: <876e6497f3323d74d9ac8ce303ed5165a7fda283.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238210 From: Richard Purdie This adds a wrapper for the __open_2 function This was breaking shadow and the real reason for the open() call changes. Add the missing wrapper to properly fix this. Signed-off-by: Richard Purdie (cherry picked from commit 8ea63d320aba32d3894cace9e71e850bdff1d6b2) Signed-off-by: Yoann Congal --- meta/recipes-devtools/pseudo/pseudo_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index 7cb221403fb..3760af2fa4b 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -12,9 +12,9 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "6c0d8c6b81ca7c2ef2b5a9a996605e1a51814442" +SRCREV = "0bad85523ff71f1a84cea5fdf72e7f560c4aeed4" S = "${WORKDIR}/git" -PV = "1.9.4" +PV = "1.9.5" # largefile and 64bit time_t support adds these macros via compiler flags globally # remove them for pseudo since pseudo intercepts some of the functions which will be From patchwork Fri Jun 5 22:34:09 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89416 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9A1ECD6E7C for ; Fri, 5 Jun 2026 22:34:36 +0000 (UTC) Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6278.1780698869470330477 for ; Fri, 05 Jun 2026 15:34:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=gMDjmef9; spf=pass (domain: smile.fr, ip: 209.85.221.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-45e9f4a3510so1186171f8f.1 for ; Fri, 05 Jun 2026 15:34:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698868; x=1781303668; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7gs+wlxpcplb7RQE0SN8nQd14VAaQxp8SC0l6tm/mTw=; b=gMDjmef983/JMJwZ3Op3uXP3D2Lj2i9Zc8lOEKhBL8R61qmMiAipK29xlBAotk6evh nGXnBQGVl8ekg4iDbbOVYr/KIfhOF+4xXSfFhKxidSylulZc1yHMcckXmdzeU03ZUx9E UjuZLWSfLHTx+x8SLYnuC+xt3cU5Nx9ZGkTdY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698868; x=1781303668; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=7gs+wlxpcplb7RQE0SN8nQd14VAaQxp8SC0l6tm/mTw=; b=Jbiy88OAl+W3o1oCqczCD/yqlnF4luIBJZm1xtfiwh65mhS09k0vOTNFaCctJ/jcjs LSh2RjCZcjNYyOK7gIOmXg8BISMiyn51R7l6HtXPfyREhMd3pXKzY7C0c8HaZP8ztsI4 Nmxh/1+ZNlvSYLYRG3AAfnFj2ha3L1x6VNu/ad2pduWHLWJdiJpv8lHA+7uC1+n5N+zq hMGxz/1KmH72zhnth6QZw9LsBBG/bWZHLvWsU0H5u/9Tzk8yKOtBk+PlThZ05BmYC9Pk Ra7sCO9Q67xaUVVLw+q+saljAyh2fjlc10q1uyXNQejCIPjdKT72teUO66t3yvAZEGDC AL0w== X-Gm-Message-State: AOJu0Yxiq2V0/E7d6GTk41cXj4510uoBSQ9FcQjyATyKiFYvEm7mMaVD BfxWJT5e96EjtTWBdq8x0sKh1HqnOEbO0P6R2nMqerySXBcTYq5SEvV+uBo2AFzj5kwBjqcNony /qIsJ X-Gm-Gg: Acq92OEhlv8cQDMMRceY34Ih8JSwxOe7RoDosAHJMpuDd8mG2Ugm+XcOeHdiQyu24jL Ui86QfmhGCjbkkmmVxAO7qH3JgUFW0fBmYpVoNqUOEvk3xwfrKAyeZ1E8sAWk9xsV1XZTV0ZT1S BM6e1FOGloEBtNOm3bPQswGd+FFv+/fgHy4KnwIhlDPgfy4L4DWVgYFIPQrdMod3JS/Kk/Cri5T Pm7najr9lp5WGOMZK4mjyQg4SmN0arMBUSfOd1tcxmnnYl2I4pyywFwg9HfDrkubcD+HQhPEfYo Y5XnrKqZ0nBjK61+8zweB4HOgaYnc+AM6TVJodJhxIlCJPAHxKwoWGGcmMq0y5PVmoGS2VzHl1E 4L8yg+hzHyvpEqP4UHzIYpYK62OxDfMKdsRS8Vhk8TJ2BSH3G7DrqQZC/jHUnS7IHrkO5V7MWGj INlwz86HiGo5AvstQbX2/fM7bUvfL/bKBEtGLBNu+iDJA/U6jezcg5ISjAIsZG/qBTFcjdtIY6w VodyONXg6kDe48G+Hrj767Lq/7pZ/slXtr74Uej4v7C/pUKvg== X-Received: by 2002:a5d:6910:0:b0:45e:f073:d2fd with SMTP id ffacd0b85a97d-460302ec5b8mr6845575f8f.9.1780698867758; Fri, 05 Jun 2026 15:34:27 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:27 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 24/25] pseudo: Update 1.9.5 -> 1.9.6 Date: Sat, 6 Jun 2026 00:34:09 +0200 Message-ID: <1414f3513099a9a956ec4f602354aa00008e2aff.1780698373.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238211 From: Richard Purdie Pulls in the changes: * Makefile.in: Bump version to 1.9.6 * pseudo_util.c: Fix symlink processing for symlinkat and related * test: Add test symlinkat and related * ports/unix: realpath: Fix chroot processing * test: Add test cases for canonicalize functions * ports/unix: fts_open: Fix chroot behavior * ports/unix: fts_*: Certain functions were incorrectly returning stat data * test: Add fts test case * test: Add test for linkat chroot path stripping * linkat: Avoid a segmentation fault * Only copy xattrs on a rename if it's cross-filesystem Signed-off-by: Richard Purdie (cherry picked from commit 50e769a598e79ed4600f7362d5f40799a48f9273) Signed-off-by: Yoann Congal --- meta/recipes-devtools/pseudo/pseudo_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index 3760af2fa4b..839b68d1b72 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -12,9 +12,9 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "0bad85523ff71f1a84cea5fdf72e7f560c4aeed4" +SRCREV = "7109ac1b417cd31e0100f6e1c4f3e5743541b9ed" S = "${WORKDIR}/git" -PV = "1.9.5" +PV = "1.9.6" # largefile and 64bit time_t support adds these macros via compiler flags globally # remove them for pseudo since pseudo intercepts some of the functions which will be From patchwork Fri Jun 5 22:34:10 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 89418 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3C005CD8C87 for ; Fri, 5 Jun 2026 22:34:37 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6279.1780698870076973152 for ; Fri, 05 Jun 2026 15:34:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=GqYYypOa; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-490b7866869so28568985e9.2 for ; Fri, 05 Jun 2026 15:34:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1780698868; x=1781303668; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=QgJ1Uee7bmO7qaUgGzg7CJjh0JlKlH9B19SRFAy4830=; b=GqYYypOa9oHvSaDb9z2s0HgGBbQACT+kFtKS8d6q7jg5xV/W845rMdcv2Wbo4PJzX7 q8pwm1sTtvmm8DOqL6lskwf4NfSOpQFBPfDoasz9HIdGsjHE09f07Adl1scTzkmBnftl azr8//fXVCDy2CbZIpyHM/F+yB52CRumeQm6Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780698868; x=1781303668; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=QgJ1Uee7bmO7qaUgGzg7CJjh0JlKlH9B19SRFAy4830=; b=q++IJ4NkNr7yncE1LnoNQUBIoCy2mAZkXh5xOvbGuZBCC5nYvkTlLrjoWBqPWcVOth LTvHH13YewakiHzqktEKZP9LomWCxAfvikbqynobgcP5oKQt1X4jkWvJDbDFDbQiHwU2 OBw81TgZjBCYi9S2DjDIm5qxzMkNXANxMb9J1D/59K9GtUPO5b2doqVaGvBJ1gY9Etw0 IbKf8Uui/V+zPHYSLw+S5H1FpMJos1wXUh7nixVSP1SmM9jcUpCctLV87kOjh8BywaCr 4yxaXOJugADr60zIp/8oPWMLze6yAM9/DHY0kogVzPDoa6HRI9LedEanzGzWrEIHF1zI uB+w== X-Gm-Message-State: AOJu0Yz5yuY6yczPZMWiNSseuk1pdWmeaFAGMSuzj41bYWesXoluxY5E bvW8gqglcodDqiND7pxjMd7lzqSh6IVEJKbJa9kn+KCNxvCPn/uO04HI4TuUlEJhDBojjbdwAGQ TT6uT X-Gm-Gg: Acq92OHdsRDLyVC9mkjKSHHBp1AJ/zYGAlESoQArD7QB1B4+VhKzUrpkR6HfP9GpJw8 uKkM5b+o4rP7XXoFPsYGWfoXreFagsAGV7Gk0AitPPQyiDAYQsWlZV7S5G9rmdpD1DczWr8wz9v Aa5PPddGAPk24vBDK2iOW6WNK9aoc39p7TIPef2Z6hAzPQ5SUfSjV9RcEjd8kz1F3Vsagl3c50M XDL3Ik5gvRDkD3iyIBfJaCa9N3dDspQsFEQnifRLtU8thKX1SAOz9d59vt6kMiDINoKI8uz6BSd RA66+lNR8kP1brjwWmTC+zwmdGadoTIZccFlxyKEKwfFF2pZTeXOH/kkQnTuPqRjO2VYH/vUWZG 3r7qH/ZjlH49IebeHDTfhUHgIE3N3qhtgxHTSiXhaWXse1Nk2fe3PSRTFbw0tlJf1Cttax4pK9M yGbCyXIO1sCk4sPXQioRjMXx0BhmOerY5W1b5HuM/Px6nJMBa7Hqv92JPKYKxhe1ZLx0R0xYX4+ h9GPDabKQCXL5YwMlCdZ84ZwQwrPnR6NsfZosw= X-Received: by 2002:a05:600c:5246:b0:489:5022:39a4 with SMTP id 5b1f17b1804b1-490c25d800dmr91596405e9.9.1780698868415; Fri, 05 Jun 2026 15:34:28 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00b3e1ccc1be2b2798.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:b3e1:ccc1:be2b:2798]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4601f2e4b18sm22132409f8f.10.2026.06.05.15.34.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jun 2026 15:34:27 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 25/25] pseudo: Upgrade 1.9.6 -> 1.9.7 Date: Sat, 6 Jun 2026 00:34:10 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 05 Jun 2026 22:34:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238212 From: Richard Purdie Pulls in fixes to rename/renameat/renameat2: Changqing Li (1): renameat2/renameat: only ignore when both old and new path are not in PSEUDO_INCLUDE_PATHS Mark Hatle (4): run_tests.sh: Allow the user to specify specific tests to run tests: Add mv then hardlink testing rename: only ignore when both old and new path are not in PSEUDO_INCLUDE_PATHS Makefile.in: Bump version to 1.9.7 Signed-off-by: Richard Purdie (cherry picked from commit 17567738711d525d9f2b85e54ace2048901e4c34) Signed-off-by: Yoann Congal --- meta/recipes-devtools/pseudo/pseudo_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index 839b68d1b72..1ca1ebd6bf2 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -12,9 +12,9 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "7109ac1b417cd31e0100f6e1c4f3e5743541b9ed" +SRCREV = "5b7c4b59e7e198aab54b35ea194aeb6d99794f96" S = "${WORKDIR}/git" -PV = "1.9.6" +PV = "1.9.7" # largefile and 64bit time_t support adds these macros via compiler flags globally # remove them for pseudo since pseudo intercepts some of the functions which will be