On Tue Jun 16, 2026 at 8:31 AM CEST, Shubham Pushpkar via lists.openembedded.org wrote: > From: Shubham Pushpkar <[email protected]> > > This patch applies the upstream fix as referenced in [1], using the CVE > advisory shown in [2]. > [1] > https://github.com/openSUSE/libsolv/commit/210386037c892a720972ad35a3d8f7073b4d763b > [2] https://nvd.nist.gov/vuln/detail/CVE-2026-9149 > > Signed-off-by: Shubham Pushpkar <[email protected]> > ---
Hello, Looks to me that this patch is also needed on wrynose. Can you send it there, and then, send a v2 of this patch? Thanks! > .../libsolv/0002-Fix-CVE-2026-9149.patch | 152 ++++++++++++++++++ Those patch are usually named "CVE-2026-9149.patch" > .../libsolv/libsolv_0.7.28.bb | 1 + > 2 files changed, 153 insertions(+) > create mode 100644 > meta/recipes-extended/libsolv/libsolv/0002-Fix-CVE-2026-9149.patch > [...] > diff --git a/meta/recipes-extended/libsolv/libsolv_0.7.28.bb > b/meta/recipes-extended/libsolv/libsolv_0.7.28.bb > index 2b1b079ce1..4a9dd1278a 100644 > --- a/meta/recipes-extended/libsolv/libsolv_0.7.28.bb > +++ b/meta/recipes-extended/libsolv/libsolv_0.7.28.bb > @@ -11,6 +11,7 @@ DEPENDS = "expat zlib zstd" > SRC_URI = > "git://github.com/openSUSE/libsolv.git;branch=master;protocol=https \ > file://0001-utils-Conside-musl-when-wrapping-qsort_r.patch \ > file://0001-Fix-CVE-2026-9150.patch \ CVE-2026-9150 was already fixed by a very similar patch sent earlier so you will need to rebase once it merges. > + file://0002-Fix-CVE-2026-9149.patch \ > " > > SRCREV = "c8dbb3a77c86600ce09d4f80a504cf4e78a3c359" -- Yoann Congal Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#239319): https://lists.openembedded.org/g/openembedded-core/message/239319 Mute This Topic: https://lists.openembedded.org/mt/119829547/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
