* Re: [oe] [PATCH 1/2] wolfssl: upgrade 5.7.2 -> 5.9.2
2026-07-16 8:08 Lian Wang
@ 2026-07-17 4:13 ` Khem Raj
0 siblings, 0 replies; 3+ messages in thread
From: Khem Raj @ 2026-07-17 4:13 UTC (permalink / raw)
To: lianux.mm; +Cc: openembedded-devel, Lian Wang
[-- Attachment #1: Type: text/plain, Size: 38140 bytes --]
Please rebase this on top of master or master-next
On Thu, Jul 16, 2026 at 1:08 AM wang lian via lists.openembedded.org <
lianux.mm=gmail.com@lists.openembedded.org> wrote:
> - Drop 9 CVE patches (CVE-2025-7394, CVE-2025-7395) fixed upstream
> - All security fixes included in 5.9.2 release
>
> Signed-off-by: Lian Wang <lianux.wang@processmission.com>
> ---
> .../wolfssl/files/CVE-2025-7394-1.patch | 46 ---
> .../wolfssl/files/CVE-2025-7394-2.patch | 275 ------------------
> .../wolfssl/files/CVE-2025-7394-3.patch | 125 --------
> .../wolfssl/files/CVE-2025-7394-4.patch | 85 ------
> .../wolfssl/files/CVE-2025-7394-5.patch | 40 ---
> .../wolfssl/files/CVE-2025-7394-6.patch | 48 ---
> .../wolfssl/files/CVE-2025-7395-1.patch | 84 ------
> .../wolfssl/files/CVE-2025-7395-2.patch | 27 --
> .../wolfssl/files/CVE-2025-7395-3.patch | 25 --
> .../{wolfssl_5.7.2.bb => wolfssl_5.9.2.bb} | 11 +-
> 10 files changed, 1 insertion(+), 765 deletions(-)
> delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-1.patch
> delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-2.patch
> delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-3.patch
> delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-4.patch
> delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-5.patch
> delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-6.patch
> delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-1.patch
> delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-2.patch
> delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-3.patch
> rename meta-networking/recipes-connectivity/wolfssl/{wolfssl_5.7.2.bb =>
> wolfssl_5.9.2.bb} (78%)
>
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-1.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-1.patch
> deleted file mode 100644
> index e561b26..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-1.patch
> +++ /dev/null
> @@ -1,46 +0,0 @@
> -From 6d0ee56813d69eee72108e1dc859743e02f70077 Mon Sep 17 00:00:00 2001
> -From: Josh Holtrop <josh@wolfssl.com>
> -Date: Thu, 5 Jun 2025 19:48:34 -0400
> -Subject: [PATCH] Reseed DRBG in RAND_poll()
> -
> -CVE: CVE-2025-7394
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/0c12337194ee6dd082f082f0ccaed27fc4ee44f5
> ]
> -(cherry picked from commit 0c12337194ee6dd082f082f0ccaed27fc4ee44f5)
> -Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
> ----
> - src/ssl.c | 20 +++++++++++++++++---
> - 1 file changed, 17 insertions(+), 3 deletions(-)
> -
> -diff --git a/src/ssl.c b/src/ssl.c
> -index 9ba891d62..a1421d523 100644
> ---- a/src/ssl.c
> -+++ b/src/ssl.c
> -@@ -24159,11 +24159,25 @@ int wolfSSL_RAND_poll(void)
> - return WOLFSSL_FAILURE;
> - }
> - ret = wc_GenerateSeed(&globalRNG.seed, entropy, entropy_sz);
> -- if (ret != 0){
> -+ if (ret != 0) {
> - WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
> - ret = WOLFSSL_FAILURE;
> -- }else
> -- ret = WOLFSSL_SUCCESS;
> -+ }
> -+ else {
> -+#ifdef HAVE_HASHDRBG
> -+ ret = wc_RNG_DRBG_Reseed(&globalRNG, entropy, entropy_sz);
> -+ if (ret != 0) {
> -+ WOLFSSL_MSG("Error reseeding DRBG");
> -+ ret = WOLFSSL_FAILURE;
> -+ }
> -+ else {
> -+ ret = WOLFSSL_SUCCESS;
> -+ }
> -+#else
> -+ WOLFSSL_MSG("RAND_poll called with HAVE_HASHDRBG not set");
> -+ ret = WOLFSSL_FAILURE;
> -+#endif
> -+ }
> -
> - return ret;
> - }
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-2.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-2.patch
> deleted file mode 100644
> index 883a5a1..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-2.patch
> +++ /dev/null
> @@ -1,275 +0,0 @@
> -From b506ed4aeb2c86788422427624a03eb9bda52efc Mon Sep 17 00:00:00 2001
> -From: JacobBarthelmeh <jacob@wolfssl.com>
> -Date: Tue, 10 Jun 2025 12:49:08 -0600
> -Subject: [PATCH] add sanity checks on pid with RNG
> -
> -CVE: CVE-2025-7394
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/31490ab813a5aac096f50800c26c690d8ae586d2
> ]
> -Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
> ----
> - CMakeLists.txt | 1 +
> - configure.ac | 4 +-
> - src/ssl.c | 40 +++++++++++-
> - wolfcrypt/src/random.c | 126 ++++++++++++++++++++++---------------
> - wolfssl/wolfcrypt/random.h | 3 +
> - 5 files changed, 118 insertions(+), 56 deletions(-)
> -
> -diff --git a/CMakeLists.txt b/CMakeLists.txt
> -index 4e6f05fc6..910a36648 100644
> ---- a/CMakeLists.txt
> -+++ b/CMakeLists.txt
> -@@ -124,6 +124,7 @@ check_function_exists("memset" HAVE_MEMSET)
> - check_function_exists("socket" HAVE_SOCKET)
> - check_function_exists("strftime" HAVE_STRFTIME)
> - check_function_exists("__atomic_fetch_add" HAVE_C___ATOMIC)
> -+check_function_exists("getpid" HAVE_GETPID)
> -
> - include(CheckTypeSize)
> -
> -diff --git a/configure.ac b/configure.ac
> -index c973b7e39..43ddd4767 100644
> ---- a/configure.ac
> -+++ b/configure.ac
> -@@ -125,8 +125,8 @@ AC_CHECK_HEADER(stdatomic.h,
> [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_HAVE_ATOMIC_H"
> - # check if functions of interest are linkable, but also check if
> - # they're declared by the expected headers, and if not, supersede the
> - # unusable positive from AC_CHECK_FUNCS().
> --AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s
> inet_ntoa memset socket strftime atexit])
> --AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r,
> gmtime_s, inet_ntoa, memset, socket, strftime, atexit], [], [
> -+AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s
> inet_ntoa memset socket strftime atexit getpid])
> -+AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r,
> gmtime_s, inet_ntoa, memset, socket, strftime, atexit, getpid], [], [
> - if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" =
> "yes"
> - then
> - AC_MSG_NOTICE([ note: earlier check for $(eval 'echo
> ${as_decl_name}') superseded.])
> -diff --git a/src/ssl.c b/src/ssl.c
> -index a1421d523..872aed594 100644
> ---- a/src/ssl.c
> -+++ b/src/ssl.c
> -@@ -23615,6 +23615,10 @@ int wolfSSL_RAND_Init(void)
> - if (initGlobalRNG == 0) {
> - ret = wc_InitRng(&globalRNG);
> - if (ret == 0) {
> -+ #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \
> -+ FIPS_VERSION3_LT(6,0,0)))
> -+ currentPid = getpid();
> -+ #endif
> - initGlobalRNG = 1;
> - ret = WOLFSSL_SUCCESS;
> - }
> -@@ -24045,8 +24049,30 @@ int wolfSSL_RAND_pseudo_bytes(unsigned char*
> buf, int num)
> - return ret;
> - }
> -
> --/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise
> -- * WOLFSSL_FAILURE */
> -+#if defined(HAVE_GETPID) && defined(HAVE_FIPS) &&
> FIPS_VERSION3_LT(6,0,0)))
> -+/* In older FIPS bundles add check for reseed here since it does not
> exist in
> -+ * the older random.c certified files. */
> -+static pid_t currentPid = 0;
> -+
> -+/* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */
> -+static int RandCheckReSeed()
> -+{
> -+ int ret = WOLFSSL_SUCCESS;
> -+ pid_t p;
> -+
> -+ p = getpid();
> -+ if (p != currentPid) {
> -+ currentPid = p;
> -+ if (wolfSSL_RAND_poll() != WOLFSSL_SUCCESS) {
> -+ ret = WOLFSSL_FAILURE;
> -+ }
> -+ }
> -+ return ret;
> -+}
> -+#endif
> -+
> -+/* returns WOLFSSL_SUCCESS (1) if the bytes generated are valid
> otherwise 0
> -+ * on failure */
> - int wolfSSL_RAND_bytes(unsigned char* buf, int num)
> - {
> - int ret = 0;
> -@@ -24089,6 +24115,16 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int
> num)
> - */
> - if (initGlobalRNG) {
> - rng = &globalRNG;
> -+
> -+ #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \
> -+ FIPS_VERSION3_LT(6,0,0)))
> -+ if (RandCheckReSeed() != WOLFSSL_SUCCESS) {
> -+ wc_UnLockMutex(&globalRNGMutex);
> -+ WOLFSSL_MSG("Issue with check pid and reseed");
> -+ return ret;
> -+ }
> -+ #endif
> -+
> - used_global = 1;
> - }
> - else {
> -diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
> -index 89c7411c9..b440e274b 100644
> ---- a/wolfcrypt/src/random.c
> -+++ b/wolfcrypt/src/random.c
> -@@ -1599,6 +1599,9 @@ static int _InitRng(WC_RNG* rng, byte* nonce,
> word32 nonceSz,
> - #else
> - rng->heap = heap;
> - #endif
> -+#ifdef HAVE_GETPID
> -+ rng->pid = getpid();
> -+#endif
> - #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
> - rng->devId = devId;
> - #if defined(WOLF_CRYPTO_CB)
> -@@ -1849,6 +1852,63 @@ int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce,
> word32 nonceSz,
> - return _InitRng(rng, nonce, nonceSz, heap, devId);
> - }
> -
> -+#ifdef HAVE_HASHDRBG
> -+static int PollAndReSeed(WC_RNG* rng)
> -+{
> -+ int ret = DRBG_NEED_RESEED;
> -+ int devId = INVALID_DEVID;
> -+#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
> -+ devId = rng->devId;
> -+#endif
> -+ if (wc_RNG_HealthTestLocal(1, rng->heap, devId) == 0) {
> -+ #ifndef WOLFSSL_SMALL_STACK
> -+ byte newSeed[SEED_SZ + SEED_BLOCK_SZ];
> -+ ret = DRBG_SUCCESS;
> -+ #else
> -+ byte* newSeed = (byte*)XMALLOC(SEED_SZ + SEED_BLOCK_SZ,
> rng->heap,
> -+ DYNAMIC_TYPE_SEED);
> -+ ret = (newSeed == NULL) ? MEMORY_E : DRBG_SUCCESS;
> -+ #endif
> -+ if (ret == DRBG_SUCCESS) {
> -+ #ifdef WC_RNG_SEED_CB
> -+ if (seedCb == NULL) {
> -+ ret = DRBG_NO_SEED_CB;
> -+ }
> -+ else {
> -+ ret = seedCb(&rng->seed, newSeed, SEED_SZ +
> SEED_BLOCK_SZ);
> -+ if (ret != 0) {
> -+ ret = DRBG_FAILURE;
> -+ }
> -+ }
> -+ #else
> -+ ret = wc_GenerateSeed(&rng->seed, newSeed,
> -+ SEED_SZ + SEED_BLOCK_SZ);
> -+ #endif
> -+ if (ret != 0)
> -+ ret = DRBG_FAILURE;
> -+ }
> -+ if (ret == DRBG_SUCCESS)
> -+ ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ);
> -+
> -+ if (ret == DRBG_SUCCESS)
> -+ ret = Hash_DRBG_Reseed((DRBG_internal *)rng->drbg,
> -+ newSeed + SEED_BLOCK_SZ, SEED_SZ);
> -+ #ifdef WOLFSSL_SMALL_STACK
> -+ if (newSeed != NULL) {
> -+ ForceZero(newSeed, SEED_SZ + SEED_BLOCK_SZ);
> -+ }
> -+ XFREE(newSeed, rng->heap, DYNAMIC_TYPE_SEED);
> -+ #else
> -+ ForceZero(newSeed, sizeof(newSeed));
> -+ #endif
> -+ }
> -+ else {
> -+ ret = DRBG_CONT_FAILURE;
> -+ }
> -+
> -+ return ret;
> -+}
> -+#endif
> -
> - /* place a generated block in output */
> - WOLFSSL_ABI
> -@@ -1908,60 +1968,22 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte*
> output, word32 sz)
> - if (rng->status != DRBG_OK)
> - return RNG_FAILURE_E;
> -
> -+#ifdef HAVE_GETPID
> -+ if (rng->pid != getpid()) {
> -+ rng->pid = getpid();
> -+ ret = PollAndReSeed(rng);
> -+ if (ret != DRBG_SUCCESS) {
> -+ rng->status = DRBG_FAILED;
> -+ return RNG_FAILURE_E;
> -+ }
> -+ }
> -+#endif
> -+
> - ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz);
> - if (ret == DRBG_NEED_RESEED) {
> -- int devId = INVALID_DEVID;
> -- #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
> -- devId = rng->devId;
> -- #endif
> -- if (wc_RNG_HealthTestLocal(1, rng->heap, devId) == 0) {
> -- #ifndef WOLFSSL_SMALL_STACK
> -- byte newSeed[SEED_SZ + SEED_BLOCK_SZ];
> -- ret = DRBG_SUCCESS;
> -- #else
> -- byte* newSeed = (byte*)XMALLOC(SEED_SZ + SEED_BLOCK_SZ,
> rng->heap,
> -- DYNAMIC_TYPE_SEED);
> -- ret = (newSeed == NULL) ? MEMORY_E : DRBG_SUCCESS;
> -- #endif
> -- if (ret == DRBG_SUCCESS) {
> -- #ifdef WC_RNG_SEED_CB
> -- if (seedCb == NULL) {
> -- ret = DRBG_NO_SEED_CB;
> -- }
> -- else {
> -- ret = seedCb(&rng->seed, newSeed, SEED_SZ +
> SEED_BLOCK_SZ);
> -- if (ret != 0) {
> -- ret = DRBG_FAILURE;
> -- }
> -- }
> -- #else
> -- ret = wc_GenerateSeed(&rng->seed, newSeed,
> -- SEED_SZ + SEED_BLOCK_SZ);
> -- #endif
> -- if (ret != 0)
> -- ret = DRBG_FAILURE;
> -- }
> -- if (ret == DRBG_SUCCESS)
> -- ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ);
> --
> -- if (ret == DRBG_SUCCESS)
> -- ret = Hash_DRBG_Reseed((DRBG_internal *)rng->drbg,
> -- newSeed + SEED_BLOCK_SZ, SEED_SZ);
> -- if (ret == DRBG_SUCCESS)
> -- ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg,
> output, sz);
> --
> -- #ifdef WOLFSSL_SMALL_STACK
> -- if (newSeed != NULL) {
> -- ForceZero(newSeed, SEED_SZ + SEED_BLOCK_SZ);
> -- }
> -- XFREE(newSeed, rng->heap, DYNAMIC_TYPE_SEED);
> -- #else
> -- ForceZero(newSeed, sizeof(newSeed));
> -- #endif
> -- }
> -- else {
> -- ret = DRBG_CONT_FAILURE;
> -- }
> -+ ret = PollAndReSeed(rng);
> -+ if (ret == DRBG_SUCCESS)
> -+ ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output,
> sz);
> - }
> -
> - if (ret == DRBG_SUCCESS) {
> -diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h
> -index 9dd616328..f472e1f40 100644
> ---- a/wolfssl/wolfcrypt/random.h
> -+++ b/wolfssl/wolfcrypt/random.h
> -@@ -183,6 +183,9 @@ struct WC_RNG {
> - #endif
> - byte status;
> - #endif
> -+#ifdef HAVE_GETPID
> -+ pid_t pid;
> -+#endif
> - #ifdef WOLFSSL_ASYNC_CRYPT
> - WC_ASYNC_DEV asyncDev;
> - #endif
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-3.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-3.patch
> deleted file mode 100644
> index e70a3fe..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-3.patch
> +++ /dev/null
> @@ -1,125 +0,0 @@
> -From 62a3a4f0b8b307bdacc34204db44627521de4bf9 Mon Sep 17 00:00:00 2001
> -From: JacobBarthelmeh <jacob@wolfssl.com>
> -Date: Tue, 10 Jun 2025 14:15:38 -0600
> -Subject: [PATCH] add mutex locking and compat layer FIPS case
> -
> -CVE: CVE-2025-7394
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/fbbb6b7707f7f8ae1c38ab68daec0af02ee0208a
> ]
> -(cherry picked from commit fbbb6b7707f7f8ae1c38ab68daec0af02ee0208a)
> -Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
> ----
> - src/ssl.c | 62 +++++++++++++++++++++++++++----------------------------
> - 1 file changed, 31 insertions(+), 31 deletions(-)
> -
> -diff --git a/src/ssl.c b/src/ssl.c
> -index 872aed594..f0186b253 100644
> ---- a/src/ssl.c
> -+++ b/src/ssl.c
> -@@ -23603,6 +23603,12 @@ static int wolfSSL_RAND_InitMutex(void)
> -
> - #ifdef OPENSSL_EXTRA
> -
> -+#if defined(HAVE_GETPID) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> -+/* In older FIPS bundles add check for reseed here since it does not
> exist in
> -+ * the older random.c certified files. */
> -+static pid_t currentRandPid = 0;
> -+#endif
> -+
> - /* Checks if the global RNG has been created. If not then one is created.
> - *
> - * Returns WOLFSSL_SUCCESS when no error is encountered.
> -@@ -23616,8 +23622,8 @@ int wolfSSL_RAND_Init(void)
> - ret = wc_InitRng(&globalRNG);
> - if (ret == 0) {
> - #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \
> -- FIPS_VERSION3_LT(6,0,0)))
> -- currentPid = getpid();
> -+ FIPS_VERSION3_LT(6,0,0)
> -+ currentRandPid = getpid();
> - #endif
> - initGlobalRNG = 1;
> - ret = WOLFSSL_SUCCESS;
> -@@ -24049,28 +24055,6 @@ int wolfSSL_RAND_pseudo_bytes(unsigned char*
> buf, int num)
> - return ret;
> - }
> -
> --#if defined(HAVE_GETPID) && defined(HAVE_FIPS) &&
> FIPS_VERSION3_LT(6,0,0)))
> --/* In older FIPS bundles add check for reseed here since it does not
> exist in
> -- * the older random.c certified files. */
> --static pid_t currentPid = 0;
> --
> --/* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */
> --static int RandCheckReSeed()
> --{
> -- int ret = WOLFSSL_SUCCESS;
> -- pid_t p;
> --
> -- p = getpid();
> -- if (p != currentPid) {
> -- currentPid = p;
> -- if (wolfSSL_RAND_poll() != WOLFSSL_SUCCESS) {
> -- ret = WOLFSSL_FAILURE;
> -- }
> -- }
> -- return ret;
> --}
> --#endif
> --
> - /* returns WOLFSSL_SUCCESS (1) if the bytes generated are valid
> otherwise 0
> - * on failure */
> - int wolfSSL_RAND_bytes(unsigned char* buf, int num)
> -@@ -24114,17 +24098,27 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int
> num)
> - * have the lock.
> - */
> - if (initGlobalRNG) {
> -- rng = &globalRNG;
> --
> - #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \
> -- FIPS_VERSION3_LT(6,0,0)))
> -- if (RandCheckReSeed() != WOLFSSL_SUCCESS) {
> -+ FIPS_VERSION3_LT(6,0,0)
> -+ pid_t p;
> -+
> -+ p = getpid();
> -+ if (p != currentRandPid) {
> - wc_UnLockMutex(&globalRNGMutex);
> -- WOLFSSL_MSG("Issue with check pid and reseed");
> -- return ret;
> -+ if (wolfSSL_RAND_poll() != WOLFSSL_SUCCESS) {
> -+ WOLFSSL_MSG("Issue with check pid and reseed");
> -+ ret = WOLFSSL_FAILURE;
> -+ }
> -+
> -+ /* reclaim lock after wolfSSL_RAND_poll */
> -+ if (wc_LockMutex(&globalRNGMutex) != 0) {
> -+ WOLFSSL_MSG("Bad Lock Mutex rng");
> -+ return ret;
> -+ }
> -+ currentRandPid = p;
> - }
> - #endif
> --
> -+ rng = &globalRNG;
> - used_global = 1;
> - }
> - else {
> -@@ -24201,6 +24195,11 @@ int wolfSSL_RAND_poll(void)
> - }
> - else {
> - #ifdef HAVE_HASHDRBG
> -+ if (wc_LockMutex(&globalRNGMutex) != 0) {
> -+ WOLFSSL_MSG("Bad Lock Mutex rng");
> -+ return ret;
> -+ }
> -+
> - ret = wc_RNG_DRBG_Reseed(&globalRNG, entropy, entropy_sz);
> - if (ret != 0) {
> - WOLFSSL_MSG("Error reseeding DRBG");
> -@@ -24209,6 +24208,7 @@ int wolfSSL_RAND_poll(void)
> - else {
> - ret = WOLFSSL_SUCCESS;
> - }
> -+ wc_UnLockMutex(&globalRNGMutex);
> - #else
> - WOLFSSL_MSG("RAND_poll called with HAVE_HASHDRBG not set");
> - ret = WOLFSSL_FAILURE;
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-4.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-4.patch
> deleted file mode 100644
> index 7d6413f..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-4.patch
> +++ /dev/null
> @@ -1,85 +0,0 @@
> -From d7a68e85ebe4705e7345b0e5012c806615cd86c7 Mon Sep 17 00:00:00 2001
> -From: JacobBarthelmeh <jacob@wolfssl.com>
> -Date: Tue, 10 Jun 2025 16:12:09 -0600
> -Subject: [PATCH] add a way to restore previous pid behavior
> -
> -CVE: CVE-2025-7394
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/47cf634965a3aabe82fd97a8feed9efd6688e34a
> ]
> -Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
> ----
> - src/ssl.c | 11 ++++++-----
> - wolfcrypt/src/random.c | 4 ++--
> - wolfssl/wolfcrypt/random.h | 2 +-
> - 3 files changed, 9 insertions(+), 8 deletions(-)
> -
> -diff --git a/src/ssl.c b/src/ssl.c
> -index f0186b253..e214fa504 100644
> ---- a/src/ssl.c
> -+++ b/src/ssl.c
> -@@ -23603,7 +23603,8 @@ static int wolfSSL_RAND_InitMutex(void)
> -
> - #ifdef OPENSSL_EXTRA
> -
> --#if defined(HAVE_GETPID) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> -+#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
> -+ defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> - /* In older FIPS bundles add check for reseed here since it does not
> exist in
> - * the older random.c certified files. */
> - static pid_t currentRandPid = 0;
> -@@ -23621,8 +23622,8 @@ int wolfSSL_RAND_Init(void)
> - if (initGlobalRNG == 0) {
> - ret = wc_InitRng(&globalRNG);
> - if (ret == 0) {
> -- #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \
> -- FIPS_VERSION3_LT(6,0,0)
> -+ #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
> -+ defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> - currentRandPid = getpid();
> - #endif
> - initGlobalRNG = 1;
> -@@ -24098,8 +24099,8 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int
> num)
> - * have the lock.
> - */
> - if (initGlobalRNG) {
> -- #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \
> -- FIPS_VERSION3_LT(6,0,0)
> -+ #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
> -+ defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> - pid_t p;
> -
> - p = getpid();
> -diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
> -index b440e274b..dc89db542 100644
> ---- a/wolfcrypt/src/random.c
> -+++ b/wolfcrypt/src/random.c
> -@@ -1599,7 +1599,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce,
> word32 nonceSz,
> - #else
> - rng->heap = heap;
> - #endif
> --#ifdef HAVE_GETPID
> -+#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID)
> - rng->pid = getpid();
> - #endif
> - #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
> -@@ -1968,7 +1968,7 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output,
> word32 sz)
> - if (rng->status != DRBG_OK)
> - return RNG_FAILURE_E;
> -
> --#ifdef HAVE_GETPID
> -+#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID)
> - if (rng->pid != getpid()) {
> - rng->pid = getpid();
> - ret = PollAndReSeed(rng);
> -diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h
> -index f472e1f40..320641548 100644
> ---- a/wolfssl/wolfcrypt/random.h
> -+++ b/wolfssl/wolfcrypt/random.h
> -@@ -183,7 +183,7 @@ struct WC_RNG {
> - #endif
> - byte status;
> - #endif
> --#ifdef HAVE_GETPID
> -+#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID)
> - pid_t pid;
> - #endif
> - #ifdef WOLFSSL_ASYNC_CRYPT
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-5.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-5.patch
> deleted file mode 100644
> index 6747f24..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-5.patch
> +++ /dev/null
> @@ -1,40 +0,0 @@
> -From 670437d91ae3025b4721eb4f450e5dc31fc3d6ee Mon Sep 17 00:00:00 2001
> -From: Chris Conlon <chris@wolfssl.com>
> -Date: Wed, 18 Jun 2025 16:08:34 -0600
> -Subject: [PATCH] Add HAVE_GETPID to options.h if getpid detected, needed
> for
> - apps to correctly detect size of WC_RNG struct
> -
> -CVE: CVE-2025-7394
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/9c35c0de65e135e621400958f22829c0d2555ed4
> ]
> -Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
> ----
> - configure.ac | 9 +++++++++
> - 1 file changed, 9 insertions(+)
> -
> -diff --git a/configure.ac b/configure.ac
> -index 43ddd4767..636c45aef 100644
> ---- a/configure.ac
> -+++ b/configure.ac
> -@@ -156,6 +156,9 @@ fi
> - #ifdef HAVE_STDLIB_H
> - #include <stdlib.h>
> - #endif
> -+#ifdef HAVE_UNISTD_H
> -+ #include <unistd.h>
> -+#endif
> - ]])
> -
> - AC_PROG_INSTALL
> -@@ -9479,6 +9482,12 @@ then
> - AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T=1"
> - fi
> -
> -+# Add HAVE_GETPID to AM_CFLAGS for inclusion in options.h
> -+if test "$ac_cv_func_getpid" = "yes"
> -+then
> -+ AM_CFLAGS="$AM_CFLAGS -DHAVE_GETPID=1"
> -+fi
> -+
> - LIB_SOCKET_NSL
> - AX_HARDEN_CC_COMPILER_FLAGS
> -
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-6.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-6.patch
> deleted file mode 100644
> index e86bc8b..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-6.patch
> +++ /dev/null
> @@ -1,48 +0,0 @@
> -From aaad0035e4e795b8b225bd481e3942de015a362d Mon Sep 17 00:00:00 2001
> -From: Chris Conlon <chris@wolfssl.com>
> -Date: Wed, 18 Jun 2025 16:57:02 -0600
> -Subject: [PATCH] Add check for reseed in ssl.c for HAVE_SELFTEST, similar
> to
> - old FIPS bundles that do not have older random.c files
> -
> -CVE: CVE-2025-7394
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/cdd02f9665ef43126503307972e4389070a00a73
> -(cherry
> <https://github.com/wolfSSL/wolfssl/commit/cdd02f9665ef43126503307972e4389070a00a73-(cherry>
> picked from commit cdd02f9665ef43126503307972e4389070a00a73)
> -Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
> ----
> - src/ssl.c | 9 ++++++---
> - 1 file changed, 6 insertions(+), 3 deletions(-)
> -
> -diff --git a/src/ssl.c b/src/ssl.c
> -index e214fa504..e538233fc 100644
> ---- a/src/ssl.c
> -+++ b/src/ssl.c
> -@@ -23604,7 +23604,7 @@ static int wolfSSL_RAND_InitMutex(void)
> - #ifdef OPENSSL_EXTRA
> -
> - #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
> -- defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> -+ ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) ||
> defined(HAVE_SELFTEST))
> - /* In older FIPS bundles add check for reseed here since it does not
> exist in
> - * the older random.c certified files. */
> - static pid_t currentRandPid = 0;
> -@@ -23623,7 +23623,9 @@ int wolfSSL_RAND_Init(void)
> - ret = wc_InitRng(&globalRNG);
> - if (ret == 0) {
> - #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
> -- defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> -+ ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || \
> -+ defined(HAVE_SELFTEST))
> -+
> - currentRandPid = getpid();
> - #endif
> - initGlobalRNG = 1;
> -@@ -24100,7 +24102,8 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int
> num)
> - */
> - if (initGlobalRNG) {
> - #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
> -- defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> -+ ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || \
> -+ defined(HAVE_SELFTEST))
> - pid_t p;
> -
> - p = getpid();
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-1.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-1.patch
> deleted file mode 100644
> index 9c661d6..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-1.patch
> +++ /dev/null
> @@ -1,84 +0,0 @@
> -From e6c0d1ac7b480c0b5e36f660dd3c0f2b45e4c3ab Mon Sep 17 00:00:00 2001
> -From: Ruby Martin <ruby@wolfssl.com>
> -Date: Mon, 2 Jun 2025 16:38:32 -0600
> -Subject: [PATCH] create policy for WOLFSSL_APPLE_NATIVE_CERT_VALIDATION,
> - domain name checking
> -
> -CVE: CVE-2025-7395
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/9864959e41bd9259f258c09171ae2ec1c43fbc7f
> ]
> -Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
> ----
> - src/internal.c | 25 ++++++++++++++++++++-----
> - 1 file changed, 20 insertions(+), 5 deletions(-)
> -
> -diff --git a/src/internal.c b/src/internal.c
> -index 6bbd38fa8..2b090382f 100644
> ---- a/src/internal.c
> -+++ b/src/internal.c
> -@@ -221,7 +221,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please
> add LARGE_STATIC_BUFFERS
> - #include <Security/SecCertificate.h>
> - #include <Security/SecTrust.h>
> - #include <Security/SecPolicy.h>
> --static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs,
> -+static int DoAppleNativeCertValidation(WOLFSSL* ssl, const
> WOLFSSL_BUFFER_INFO* certs,
> - int totalCerts);
> - #endif /* #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */
> -
> -@@ -15992,7 +15992,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input,
> word32* inOutIdx,
> - * into wolfSSL, try to validate against the system
> certificates
> - * using Apple's native trust APIs */
> - if ((ret != 0) &&
> (ssl->ctx->doAppleNativeCertValidationFlag)) {
> -- if (DoAppleNativeCertValidation(args->certs,
> -+ if (DoAppleNativeCertValidation(ssl, args->certs,
> - args->totalCerts)) {
> - WOLFSSL_MSG("Apple native cert chain validation
> SUCCESS");
> - ret = 0;
> -@@ -41246,7 +41246,8 @@ cleanup:
> - * wolfSSL's built-in certificate validation mechanisms anymore. We
> instead
> - * must call into the Security Framework APIs to authenticate peer
> certificates
> - */
> --static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs,
> -+static int DoAppleNativeCertValidation(WOLFSSL* ssl,
> -+ const WOLFSSL_BUFFER_INFO*
> certs,
> - int totalCerts)
> - {
> - int i;
> -@@ -41255,7 +41256,8 @@ static int DoAppleNativeCertValidation(const
> WOLFSSL_BUFFER_INFO* certs,
> - CFMutableArrayRef certArray = NULL;
> - SecCertificateRef secCert = NULL;
> - SecTrustRef trust = NULL;
> -- SecPolicyRef policy = NULL ;
> -+ SecPolicyRef policy = NULL;
> -+ CFStringRef hostname = NULL;
> -
> - WOLFSSL_ENTER("DoAppleNativeCertValidation");
> -
> -@@ -41283,7 +41285,17 @@ static int DoAppleNativeCertValidation(const
> WOLFSSL_BUFFER_INFO* certs,
> - }
> -
> - /* Create trust object for SecCertifiate Ref */
> -- policy = SecPolicyCreateSSL(true, NULL);
> -+ if (ssl->buffers.domainName.buffer &&
> -+ ssl->buffers.domainName.length > 0) {
> -+ /* Create policy with specified value to require host name match
> */
> -+ hostname = CFStringCreateWithCString(kCFAllocatorDefault,
> -+ (const char*)ssl->buffers.domainName.buffer,
> kCFStringEncodingUTF8);
> -+ }
> -+ if (hostname != NULL) {
> -+ policy = SecPolicyCreateSSL(true, hostname);
> -+ } else {
> -+ policy = SecPolicyCreateSSL(true, NULL);
> -+ }
> - status = SecTrustCreateWithCertificates(certArray, policy, &trust);
> - if (status != errSecSuccess) {
> - WOLFSSL_MSG_EX("Error creating trust object, "
> -@@ -41314,6 +41326,9 @@ cleanup:
> - if (policy) {
> - CFRelease(policy);
> - }
> -+ if (hostname) {
> -+ CFRelease(hostname);
> -+ }
> -
> - WOLFSSL_LEAVE("DoAppleNativeCertValidation", ret);
> -
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-2.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-2.patch
> deleted file mode 100644
> index 857f6bb..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-2.patch
> +++ /dev/null
> @@ -1,27 +0,0 @@
> -From aad4e7c38f3784942923f4871d61a7e41d3de842 Mon Sep 17 00:00:00 2001
> -From: Brett <bigbrett@users.noreply.github.com>
> -Date: Wed, 4 Jun 2025 15:48:15 -0600
> -Subject: [PATCH] prevent apple native cert validation from overriding
> error
> - codes other than ASN_NO_SIGNER_E
> -
> -CVE: CVE-2025-7395
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/bc8eeea703253bd65d472a9541b54fef326e8050
> ]
> -Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
> ----
> - src/internal.c | 3 ++-
> - 1 file changed, 2 insertions(+), 1 deletion(-)
> -
> -diff --git a/src/internal.c b/src/internal.c
> -index 2b090382f..79f584a0a 100644
> ---- a/src/internal.c
> -+++ b/src/internal.c
> -@@ -15991,7 +15991,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input,
> word32* inOutIdx,
> - /* If we can't validate the peer cert chain against the CAs
> loaded
> - * into wolfSSL, try to validate against the system
> certificates
> - * using Apple's native trust APIs */
> -- if ((ret != 0) &&
> (ssl->ctx->doAppleNativeCertValidationFlag)) {
> -+ if ((ret == ASN_NO_SIGNER_E) &&
> -+ (ssl->ctx->doAppleNativeCertValidationFlag)) {
> - if (DoAppleNativeCertValidation(ssl, args->certs,
> - args->totalCerts)) {
> - WOLFSSL_MSG("Apple native cert chain validation
> SUCCESS");
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-3.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-3.patch
> deleted file mode 100644
> index a7e1c33..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-3.patch
> +++ /dev/null
> @@ -1,25 +0,0 @@
> -From f2a85e37e552d8dfafa2cbf32507b2fa545ee593 Mon Sep 17 00:00:00 2001
> -From: Brett <bigbrett@users.noreply.github.com>
> -Date: Wed, 4 Jun 2025 16:56:16 -0600
> -Subject: [PATCH] add missing error trace macro
> -
> -CVE: CVE-2025-7395
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/0e2a3fd0b64bc6ba633aa9227e92ecacb42b5b1b
> ]
> -Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
> ----
> - src/internal.c | 2 +-
> - 1 file changed, 1 insertion(+), 1 deletion(-)
> -
> -diff --git a/src/internal.c b/src/internal.c
> -index 79f584a0a..5557b5698 100644
> ---- a/src/internal.c
> -+++ b/src/internal.c
> -@@ -15991,7 +15991,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input,
> word32* inOutIdx,
> - /* If we can't validate the peer cert chain against the CAs
> loaded
> - * into wolfSSL, try to validate against the system
> certificates
> - * using Apple's native trust APIs */
> -- if ((ret == ASN_NO_SIGNER_E) &&
> -+ if ((ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)) &&
> - (ssl->ctx->doAppleNativeCertValidationFlag)) {
> - if (DoAppleNativeCertValidation(ssl, args->certs,
> - args->totalCerts)) {
> diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.7.2.bb
> b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.9.2.bb
> similarity index 78%
> rename from meta-networking/recipes-connectivity/wolfssl/wolfssl_5.7.2.bb
> rename to meta-networking/recipes-connectivity/wolfssl/wolfssl_5.9.2.bb
> index 0dc488d..2600e94 100644
> --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.7.2.bb
> +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.9.2.bb
> @@ -14,17 +14,8 @@ RPROVIDES:${PN} = "cyassl"
>
> SRC_URI = "git://
> github.com/wolfSSL/wolfssl.git;protocol=https;branch=master \
> file://run-ptest \
> - file://CVE-2025-7395-1.patch \
> - file://CVE-2025-7395-2.patch \
> - file://CVE-2025-7395-3.patch \
> - file://CVE-2025-7394-1.patch \
> - file://CVE-2025-7394-2.patch \
> - file://CVE-2025-7394-3.patch \
> - file://CVE-2025-7394-4.patch \
> - file://CVE-2025-7394-5.patch \
> - file://CVE-2025-7394-6.patch \
> "
> -SRCREV = "00e42151ca061463ba6a95adb2290f678cbca472"
> +SRCREV = "ac01707f552c611fbd135cc723b2682b3e7f80f2"
>
> S = "${WORKDIR}/git"
>
> --
> 2.55.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#128230):
> https://lists.openembedded.org/g/openembedded-devel/message/128230
> Mute This Topic: https://lists.openembedded.org/mt/120295424/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [
> raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
[-- Attachment #2: Type: text/html, Size: 47550 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [oe] [PATCH 1/2] wolfssl: upgrade 5.7.2 -> 5.9.2
@ 2026-07-17 6:45 Lian Wang
0 siblings, 0 replies; 3+ messages in thread
From: Lian Wang @ 2026-07-17 6:45 UTC (permalink / raw)
To: openembedded-devel; +Cc: raj.khem
Hi Khem,
Thank you for the review.
I've checked the master branch and found:
- opensc (2/2) is already at 0.27.1 on master - no upgrade needed
- tcpdump is already at 4.99.6 on master - no upgrade needed
- wolfssl needed 5.9.1 -> 5.9.2, I've sent a v2 rebased on master
Thanks for the guidance on the branch policy. I'll target master for
version upgrades going forward.
Thanks,
Lian
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [oe] [PATCH 1/2] wolfssl: upgrade 5.7.2 -> 5.9.2
@ 2026-07-17 6:48 Lian Wang
0 siblings, 0 replies; 3+ messages in thread
From: Lian Wang @ 2026-07-17 6:48 UTC (permalink / raw)
To: openembedded-devel; +Cc: raj.khem
Hi Khem,
Thank you for the review. I've rebased on master as requested:
- wolfssl 5.9.1 -> 5.9.2 v2 sent to master
- opensc (2/2) is already at 0.27.1 on master, no upgrade needed
- tcpdump is already at 4.99.6 on master, no upgrade needed
Thanks for the guidance on the branch policy.
Thanks,
Lian
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-07-17 6:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-17 6:45 [oe] [PATCH 1/2] wolfssl: upgrade 5.7.2 -> 5.9.2 Lian Wang
-- strict thread matches above, loose matches on Subject: below --
2026-07-17 6:48 Lian Wang
2026-07-16 8:08 Lian Wang
2026-07-17 4:13 ` [oe] " Khem Raj
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.