Hello,

On Tue Jul 7, 2026 at 3:24 PM CEST, Ashishkumar Parmar -X (asparmar - E 
INFOCHIPS PRIVATE LIMITED at Cisco) wrote:
> Thanks, Yoann.
>
> Yes, feature changes are usually not something we should take in stable.
>
> For this BIND work, I first submitted the individual CVE backport patches for 
> scarthgap:
>
> - CVE-2026-1519:
>   
> https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/
> - CVE-2026-5950:
>   
> https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/
> - CVE-2026-3592:
>   
> https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/
> - CVE-2026-3039:
>   
> https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/
> - CVE-2026-5946:
>   
> https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/
>
> During review, the feedback was that BIND is one of the rare projects
> where the upstream stable branch matches OE stable policy, and that
> upgrading along the 9.18 branch would be preferable to carrying a
> large CVE backport patch stack. That is why I superseded the backport
> series and sent the 9.18.44 -> 9.18.49
> upgrade instead:
>
> https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/

Sorry, I totally forgot that I was the one suggesting the upgrade.

> For the specific 9.18.45 changelog item you pointed out, the change is
> limited to ISC's upstream system test suite. It raises the Python
> requirement for running `bin/tests/system` and tracks those test-suite
> Python dependencies in `bin/tests/system/requirements.txt`.
>
> OE-Core's `bind` recipe does not enable or package that upstream
> system test suite and does not inherit `ptest`, so this change is not
> part of the target build, installed packages, runtime dependencies, or
> runtime behavior.
>
> So the reason for the upgrade is that it follows the earlier review
> direction to use the BIND 9.18 stable branch, while this particular
> feature change is test-suite-only and not target-visible in OE-Core.

I agree with proceeding with the upgrade.
Can you put a shorter explanation of the above in your commit message to
help future reviewer?

Thanks!

>
> Regards,
> Ashish
> ________________________________
> From: Yoann Congal <[email protected]>
> Sent: 07 July 2026 15:49
> To: Ashishkumar Parmar -X (asparmar - E INFOCHIPS PRIVATE LIMITED at Cisco) 
> <[email protected]>; [email protected] 
> <[email protected]>
> Cc: xe-linux-external (Internal Group) <[email protected]>
> Subject: Re: [OE-core][scarthgap][PATCH v2] bind: Upgrade 9.18.44 -> 9.18.49
>
> On Tue Jun 30, 2026 at 8:04 AM CEST, Ashishkumar Parmar X (asparmar - E 
> INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org wrote:
>> From: Ashishkumar Parmar <[email protected]>
>>
>> This upgrade fixes CVE-2026-1519, CVE-2026-3039, CVE-2026-3592, 
>> CVE-2026-5946 and CVE-2026-5950.
>>
>> Changelog
>> =========
>> https://downloads.isc.org/isc/bind9/9.18.49/doc/arm/html/notes.html
>
> That changelog contains:
> | Notes for BIND 9.18.45
> |   Feature Changes
> |    Update requirements for system test suite.
> |      Python 3.10 or newer is now required for running the system test
> |      suite. The required Python packages and their version requirements
> |      are now tracked in the file bin/tests/system/requirements.txt. [GL
> |      #5690] [GL #5614]
>
> Feature changes are not usually acceptable for stable. Can you justify
> why this is the case here?
>
> Thanks!
>
>>
>> Signed-off-by: Ashishkumar Parmar <[email protected]>
>> ---
>>  .../bind/{bind_9.18.44.bb => bind_9.18.49.bb}                   | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>  rename meta/recipes-connectivity/bind/{bind_9.18.44.bb => bind_9.18.49.bb} 
>> (97%)
>>
>> diff --git a/meta/recipes-connectivity/bind/bind_9.18.44.bb 
>> b/meta/recipes-connectivity/bind/bind_9.18.49.bb
>> similarity index 97%
>> rename from meta/recipes-connectivity/bind/bind_9.18.44.bb
>> rename to meta/recipes-connectivity/bind/bind_9.18.49.bb
>> index d424edcb4e..723a09e739 100644
>> --- a/meta/recipes-connectivity/bind/bind_9.18.44.bb
>> +++ b/meta/recipes-connectivity/bind/bind_9.18.49.bb
>> @@ -20,7 +20,7 @@ SRC_URI = 
>> "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
>>             file://0001-avoid-start-failure-with-bind-user.patch \
>>             "
>>
>> -SRC_URI[sha256sum] = 
>> "81f5035a25c576af1a93f0061cf70bde6d00a0c7bd1274abf73f5b5389a6f82d"
>> +SRC_URI[sha256sum] = 
>> "c43ce4548ebed788cd9df63658a7de105ceafba43fcd63fa352b1093e525cd24"
>>
>>  UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/";
>>  # follow the ESV versions divisible by 2
>
>
> --
> Yoann Congal
> Smile ECS


-- 
Yoann Congal
Smile ECS

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#240391): 
https://lists.openembedded.org/g/openembedded-core/message/240391
Mute This Topic: https://lists.openembedded.org/mt/120043131/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

  • ... Ashishkumar Parmar X (asparmar - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
    • ... Yoann Congal via lists.openembedded.org
      • ... Ashishkumar Parmar X (asparmar - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
        • ... Yoann Congal via lists.openembedded.org
          • ... Ashishkumar Parmar X (asparmar - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org

Reply via email to