Please review this set of changes for wrynose and have comments back by end of day Thursday, May 21.
This is the v2 of https://lore.kernel.org/openembedded-core/[email protected]/T/#t v1->v2: * Removed "[OE-core][wrynose 11/28] libsdl2: set status for CVE-2026-35444" * Added "busybox: fix CVE-2026-29004" A build for this v2 series is running here: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3851 I've run the added busybox patch through autobuilder in an earlier series, so I'm confident that this build will be OK (AB-INT excepted). The following changes since commit 080e184ad9a07b469da7e8b045a93cefd5bf2438: glibc: Fix recipe bug that disabled stack protector (2026-05-12 16:18:27 +0200) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/wrynose-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/wrynose-nut for you to fetch changes up to 42adcd87a15f5921f0cc95424efd930876743824: pseudo: Upgrade 1.9.6 -> 1.9.7 (2026-05-20 10:03:07 +0200) ---------------------------------------------------------------- Alexander Kanavin (1): sbom-cve-check: set PV from upstream tags and ensure version checks are correct Andrew Geissler (1): efivar: Backport patch to fix -march issue for ppc64le Ankur Tyagi (2): tzdata/tzcode-native: upgrade 2026a -> 2026b wireless-regdb: upgrade 2026.02.04 -> 2026.03.18 Benjamin Robin (Schneider Electric) (3): python3-sbom-cve-check: Update to version 1.3.1 sbom-cve-check-update-cvelist-native: Update source revision sbom-cve-check-update-nvd-native: Update source revision Chen Qi (1): busybox: fix CVE-2026-29004 Daniel McGregor (1): python3-requests: Increase chardet upper limit Dmitry Sakhonchik (1): shadow-native: Change upstream status of disable_syslog.patch Jinwang Li (1): bluez5: add patches to fix 8.56 gatt issue João Marcos Costa (1): default-distrovars.inc: add missing spaces in append overrides Peter Marko (7): busybox: patch CVE-2024-58251 libsoup: set status for CVE-2026-2369 tiff: patch CVE-2026-4775 libssh2: patch CVE-2026-7598 libarchive: set status of CVE-2026-5745 libsoup: patch CVE-2026-2708 glibc: stable 2.43 branch updates Quan Sun (1): qemu: fix iotlb_to_section() for different AddressSpace Richard Purdie (2): utils: Handle unexpanded variables in DISTRO_FEATURES pseudo: Upgrade 1.9.6 -> 1.9.7 Robert P. J. Day (1): features-check.bbclass: add reference to required TUNE_FEATURES Sam Kent (1): oe-pkgdata-util: fix empty runtime-rprovides directory handling Thomas Perrot (2): oe-pkgdata-util: fix runtime-rprovides handling in lookup_pkg error path scripts/makefile-getvar: quote MAKEFILE variable Yoann Congal (2): README: Add wrynose subject-prefix to git-send-email suggestion b4-config: add send-prefixes for wrynose .b4-config | 1 + README.OE-Core.md | 2 +- meta/classes-recipe/crosssdk.bbclass | 3 +- meta/classes-recipe/features_check.bbclass | 2 +- meta/classes-recipe/native.bbclass | 3 +- meta/classes-recipe/nativesdk.bbclass | 3 +- .../distro/include/default-distrovars.inc | 8 +- meta/lib/oe/utils.py | 9 + .../0003-fix-march-issue-for-ppc64le.patch | 45 +++ meta/recipes-bsp/efivar/efivar_39.bb | 1 + meta/recipes-connectivity/bluez5/bluez5.inc | 1 + ...use-after-free-caused-by-reentrant-c.patch | 59 ++++ .../busybox/busybox/CVE-2024-58251.patch | 51 ++++ .../busybox/busybox/CVE-2026-29004-01.patch | 42 +++ .../busybox/busybox/CVE-2026-29004-02.patch | 47 +++ meta/recipes-core/busybox/busybox_1.37.0.bb | 3 + meta/recipes-core/glibc/glibc-version.inc | 2 +- meta/recipes-core/glibc/glibc_2.43.bb | 4 +- meta/recipes-devtools/pseudo/pseudo_git.bb | 4 +- ...01-Increase-chardet-upper-limit-to-8.patch | 25 ++ .../python/python3-requests_2.32.5.bb | 1 + meta/recipes-devtools/qemu/qemu.inc | 1 + ...tlb_to_section-for-different-Address.patch | 274 ++++++++++++++++++ ...3.0.bb => python3-sbom-cve-check_1.3.1.bb} | 4 +- ...check-update-cvelist-native_2026-05-07.bb} | 4 +- ...ck-update-nvd-native_2026.05.07-000006.bb} | 4 +- .../libarchive/libarchive_3.8.7.bb | 1 + .../shadow/files/disable_syslog.patch | 3 +- meta/recipes-extended/timezone/timezone.inc | 6 +- ....02.04.bb => wireless-regdb_2026.03.18.bb} | 2 +- .../libtiff/tiff/CVE-2026-4775.patch | 55 ++++ meta/recipes-multimedia/libtiff/tiff_4.7.1.bb | 1 + .../libsoup/libsoup/CVE-2026-2708.patch | 218 ++++++++++++++ meta/recipes-support/libsoup/libsoup_3.6.6.bb | 2 + .../libssh2/libssh2/CVE-2026-7598.patch | 56 ++++ .../recipes-support/libssh2/libssh2_1.11.1.bb | 1 + scripts/makefile-getvar | 4 +- scripts/oe-pkgdata-util | 19 +- 38 files changed, 934 insertions(+), 37 deletions(-) create mode 100644 meta/recipes-bsp/efivar/efivar/0003-fix-march-issue-for-ppc64le.patch create mode 100644 meta/recipes-connectivity/bluez5/bluez5/0001-gatt-client-Fix-use-after-free-caused-by-reentrant-c.patch create mode 100644 meta/recipes-core/busybox/busybox/CVE-2024-58251.patch create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-01.patch create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-02.patch create mode 100644 meta/recipes-devtools/python/python3-requests/0001-Increase-chardet-upper-limit-to-8.patch create mode 100644 meta/recipes-devtools/qemu/qemu/0001-accel-tcg-Fix-iotlb_to_section-for-different-Address.patch rename meta/recipes-devtools/sbom-cve-check/{python3-sbom-cve-check_1.3.0.bb => python3-sbom-cve-check_1.3.1.bb} (76%) rename meta/recipes-devtools/sbom-cve-check/{sbom-cve-check-update-cvelist-native.bb => sbom-cve-check-update-cvelist-native_2026-05-07.bb} (77%) rename meta/recipes-devtools/sbom-cve-check/{sbom-cve-check-update-nvd-native.bb => sbom-cve-check-update-nvd-native_2026.05.07-000006.bb} (79%) rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2026.02.04.bb => wireless-regdb_2026.03.18.bb} (94%) create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2026-4775.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2026-2708.patch create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2026-7598.patch
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#237399): https://lists.openembedded.org/g/openembedded-core/message/237399 Mute This Topic: https://lists.openembedded.org/mt/119404669/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
