All of lore.kernel.org
 help / color / mirror / Atom feed
* Re: [oe] [PATCH 1/2] wolfssl: upgrade 5.7.2 -> 5.9.2
  2026-07-16  8:08 Lian Wang
@ 2026-07-17  4:13 ` Khem Raj
  0 siblings, 0 replies; 3+ messages in thread
From: Khem Raj @ 2026-07-17  4:13 UTC (permalink / raw)
  To: lianux.mm; +Cc: openembedded-devel, Lian Wang

[-- Attachment #1: Type: text/plain, Size: 38140 bytes --]

Please rebase this on top of master or master-next

On Thu, Jul 16, 2026 at 1:08 AM wang lian via lists.openembedded.org <
lianux.mm=gmail.com@lists.openembedded.org> wrote:

> - Drop 9 CVE patches (CVE-2025-7394, CVE-2025-7395) fixed upstream
> - All security fixes included in 5.9.2 release
>
> Signed-off-by: Lian Wang <lianux.wang@processmission.com>
> ---
>  .../wolfssl/files/CVE-2025-7394-1.patch       |  46 ---
>  .../wolfssl/files/CVE-2025-7394-2.patch       | 275 ------------------
>  .../wolfssl/files/CVE-2025-7394-3.patch       | 125 --------
>  .../wolfssl/files/CVE-2025-7394-4.patch       |  85 ------
>  .../wolfssl/files/CVE-2025-7394-5.patch       |  40 ---
>  .../wolfssl/files/CVE-2025-7394-6.patch       |  48 ---
>  .../wolfssl/files/CVE-2025-7395-1.patch       |  84 ------
>  .../wolfssl/files/CVE-2025-7395-2.patch       |  27 --
>  .../wolfssl/files/CVE-2025-7395-3.patch       |  25 --
>  .../{wolfssl_5.7.2.bb => wolfssl_5.9.2.bb}    |  11 +-
>  10 files changed, 1 insertion(+), 765 deletions(-)
>  delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-1.patch
>  delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-2.patch
>  delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-3.patch
>  delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-4.patch
>  delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-5.patch
>  delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-6.patch
>  delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-1.patch
>  delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-2.patch
>  delete mode 100644
> meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-3.patch
>  rename meta-networking/recipes-connectivity/wolfssl/{wolfssl_5.7.2.bb =>
> wolfssl_5.9.2.bb} (78%)
>
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-1.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-1.patch
> deleted file mode 100644
> index e561b26..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-1.patch
> +++ /dev/null
> @@ -1,46 +0,0 @@
> -From 6d0ee56813d69eee72108e1dc859743e02f70077 Mon Sep 17 00:00:00 2001
> -From: Josh Holtrop <josh@wolfssl.com>
> -Date: Thu, 5 Jun 2025 19:48:34 -0400
> -Subject: [PATCH] Reseed DRBG in RAND_poll()
> -
> -CVE: CVE-2025-7394
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/0c12337194ee6dd082f082f0ccaed27fc4ee44f5
> ]
> -(cherry picked from commit 0c12337194ee6dd082f082f0ccaed27fc4ee44f5)
> -Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
> ----
> - src/ssl.c | 20 +++++++++++++++++---
> - 1 file changed, 17 insertions(+), 3 deletions(-)
> -
> -diff --git a/src/ssl.c b/src/ssl.c
> -index 9ba891d62..a1421d523 100644
> ---- a/src/ssl.c
> -+++ b/src/ssl.c
> -@@ -24159,11 +24159,25 @@ int wolfSSL_RAND_poll(void)
> -         return  WOLFSSL_FAILURE;
> -     }
> -     ret = wc_GenerateSeed(&globalRNG.seed, entropy, entropy_sz);
> --    if (ret != 0){
> -+    if (ret != 0) {
> -         WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
> -         ret = WOLFSSL_FAILURE;
> --    }else
> --        ret = WOLFSSL_SUCCESS;
> -+    }
> -+    else {
> -+#ifdef HAVE_HASHDRBG
> -+        ret = wc_RNG_DRBG_Reseed(&globalRNG, entropy, entropy_sz);
> -+        if (ret != 0) {
> -+            WOLFSSL_MSG("Error reseeding DRBG");
> -+            ret = WOLFSSL_FAILURE;
> -+        }
> -+        else {
> -+            ret = WOLFSSL_SUCCESS;
> -+        }
> -+#else
> -+        WOLFSSL_MSG("RAND_poll called with HAVE_HASHDRBG not set");
> -+        ret = WOLFSSL_FAILURE;
> -+#endif
> -+    }
> -
> -     return ret;
> - }
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-2.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-2.patch
> deleted file mode 100644
> index 883a5a1..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-2.patch
> +++ /dev/null
> @@ -1,275 +0,0 @@
> -From b506ed4aeb2c86788422427624a03eb9bda52efc Mon Sep 17 00:00:00 2001
> -From: JacobBarthelmeh <jacob@wolfssl.com>
> -Date: Tue, 10 Jun 2025 12:49:08 -0600
> -Subject: [PATCH] add sanity checks on pid with RNG
> -
> -CVE: CVE-2025-7394
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/31490ab813a5aac096f50800c26c690d8ae586d2
> ]
> -Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
> ----
> - CMakeLists.txt             |   1 +
> - configure.ac               |   4 +-
> - src/ssl.c                  |  40 +++++++++++-
> - wolfcrypt/src/random.c     | 126 ++++++++++++++++++++++---------------
> - wolfssl/wolfcrypt/random.h |   3 +
> - 5 files changed, 118 insertions(+), 56 deletions(-)
> -
> -diff --git a/CMakeLists.txt b/CMakeLists.txt
> -index 4e6f05fc6..910a36648 100644
> ---- a/CMakeLists.txt
> -+++ b/CMakeLists.txt
> -@@ -124,6 +124,7 @@ check_function_exists("memset" HAVE_MEMSET)
> - check_function_exists("socket" HAVE_SOCKET)
> - check_function_exists("strftime" HAVE_STRFTIME)
> - check_function_exists("__atomic_fetch_add" HAVE_C___ATOMIC)
> -+check_function_exists("getpid" HAVE_GETPID)
> -
> - include(CheckTypeSize)
> -
> -diff --git a/configure.ac b/configure.ac
> -index c973b7e39..43ddd4767 100644
> ---- a/configure.ac
> -+++ b/configure.ac
> -@@ -125,8 +125,8 @@ AC_CHECK_HEADER(stdatomic.h,
> [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_HAVE_ATOMIC_H"
> - # check if functions of interest are linkable, but also check if
> - # they're declared by the expected headers, and if not, supersede the
> - # unusable positive from AC_CHECK_FUNCS().
> --AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s
> inet_ntoa memset socket strftime atexit])
> --AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r,
> gmtime_s, inet_ntoa, memset, socket, strftime, atexit], [], [
> -+AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s
> inet_ntoa memset socket strftime atexit getpid])
> -+AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r,
> gmtime_s, inet_ntoa, memset, socket, strftime, atexit, getpid], [], [
> - if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" =
> "yes"
> - then
> -     AC_MSG_NOTICE([    note: earlier check for $(eval 'echo
> ${as_decl_name}') superseded.])
> -diff --git a/src/ssl.c b/src/ssl.c
> -index a1421d523..872aed594 100644
> ---- a/src/ssl.c
> -+++ b/src/ssl.c
> -@@ -23615,6 +23615,10 @@ int wolfSSL_RAND_Init(void)
> -         if (initGlobalRNG == 0) {
> -             ret = wc_InitRng(&globalRNG);
> -             if (ret == 0) {
> -+            #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \
> -+                FIPS_VERSION3_LT(6,0,0)))
> -+                currentPid = getpid();
> -+            #endif
> -                 initGlobalRNG = 1;
> -                 ret = WOLFSSL_SUCCESS;
> -             }
> -@@ -24045,8 +24049,30 @@ int wolfSSL_RAND_pseudo_bytes(unsigned char*
> buf, int num)
> -     return ret;
> - }
> -
> --/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise
> -- * WOLFSSL_FAILURE */
> -+#if defined(HAVE_GETPID) && defined(HAVE_FIPS) &&
> FIPS_VERSION3_LT(6,0,0)))
> -+/* In older FIPS bundles add check for reseed here since it does not
> exist in
> -+ * the older random.c certified files. */
> -+static pid_t currentPid = 0;
> -+
> -+/* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */
> -+static int RandCheckReSeed()
> -+{
> -+    int ret = WOLFSSL_SUCCESS;
> -+    pid_t p;
> -+
> -+    p = getpid();
> -+    if (p != currentPid) {
> -+        currentPid = p;
> -+        if (wolfSSL_RAND_poll() != WOLFSSL_SUCCESS) {
> -+            ret = WOLFSSL_FAILURE;
> -+        }
> -+    }
> -+    return ret;
> -+}
> -+#endif
> -+
> -+/* returns WOLFSSL_SUCCESS (1) if the bytes generated are valid
> otherwise 0
> -+ * on failure */
> - int wolfSSL_RAND_bytes(unsigned char* buf, int num)
> - {
> -     int     ret = 0;
> -@@ -24089,6 +24115,16 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int
> num)
> -          */
> -         if (initGlobalRNG) {
> -             rng = &globalRNG;
> -+
> -+        #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \
> -+                FIPS_VERSION3_LT(6,0,0)))
> -+            if (RandCheckReSeed() != WOLFSSL_SUCCESS) {
> -+                wc_UnLockMutex(&globalRNGMutex);
> -+                WOLFSSL_MSG("Issue with check pid and reseed");
> -+                return ret;
> -+            }
> -+        #endif
> -+
> -             used_global = 1;
> -         }
> -         else {
> -diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
> -index 89c7411c9..b440e274b 100644
> ---- a/wolfcrypt/src/random.c
> -+++ b/wolfcrypt/src/random.c
> -@@ -1599,6 +1599,9 @@ static int _InitRng(WC_RNG* rng, byte* nonce,
> word32 nonceSz,
> - #else
> -     rng->heap = heap;
> - #endif
> -+#ifdef HAVE_GETPID
> -+    rng->pid = getpid();
> -+#endif
> - #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
> -     rng->devId = devId;
> -     #if defined(WOLF_CRYPTO_CB)
> -@@ -1849,6 +1852,63 @@ int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce,
> word32 nonceSz,
> -     return _InitRng(rng, nonce, nonceSz, heap, devId);
> - }
> -
> -+#ifdef HAVE_HASHDRBG
> -+static int PollAndReSeed(WC_RNG* rng)
> -+{
> -+    int ret   = DRBG_NEED_RESEED;
> -+    int devId = INVALID_DEVID;
> -+#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
> -+    devId = rng->devId;
> -+#endif
> -+    if (wc_RNG_HealthTestLocal(1, rng->heap, devId) == 0) {
> -+    #ifndef WOLFSSL_SMALL_STACK
> -+        byte newSeed[SEED_SZ + SEED_BLOCK_SZ];
> -+        ret = DRBG_SUCCESS;
> -+    #else
> -+        byte* newSeed = (byte*)XMALLOC(SEED_SZ + SEED_BLOCK_SZ,
> rng->heap,
> -+            DYNAMIC_TYPE_SEED);
> -+        ret = (newSeed == NULL) ? MEMORY_E : DRBG_SUCCESS;
> -+    #endif
> -+        if (ret == DRBG_SUCCESS) {
> -+        #ifdef WC_RNG_SEED_CB
> -+            if (seedCb == NULL) {
> -+                ret = DRBG_NO_SEED_CB;
> -+            }
> -+            else {
> -+                ret = seedCb(&rng->seed, newSeed, SEED_SZ +
> SEED_BLOCK_SZ);
> -+                if (ret != 0) {
> -+                    ret = DRBG_FAILURE;
> -+                }
> -+            }
> -+        #else
> -+            ret = wc_GenerateSeed(&rng->seed, newSeed,
> -+                              SEED_SZ + SEED_BLOCK_SZ);
> -+        #endif
> -+            if (ret != 0)
> -+                ret = DRBG_FAILURE;
> -+        }
> -+        if (ret == DRBG_SUCCESS)
> -+            ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ);
> -+
> -+        if (ret == DRBG_SUCCESS)
> -+            ret = Hash_DRBG_Reseed((DRBG_internal *)rng->drbg,
> -+                                   newSeed + SEED_BLOCK_SZ, SEED_SZ);
> -+    #ifdef WOLFSSL_SMALL_STACK
> -+        if (newSeed != NULL) {
> -+            ForceZero(newSeed, SEED_SZ + SEED_BLOCK_SZ);
> -+        }
> -+        XFREE(newSeed, rng->heap, DYNAMIC_TYPE_SEED);
> -+    #else
> -+        ForceZero(newSeed, sizeof(newSeed));
> -+    #endif
> -+    }
> -+    else {
> -+        ret = DRBG_CONT_FAILURE;
> -+    }
> -+
> -+    return ret;
> -+}
> -+#endif
> -
> - /* place a generated block in output */
> - WOLFSSL_ABI
> -@@ -1908,60 +1968,22 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte*
> output, word32 sz)
> -     if (rng->status != DRBG_OK)
> -         return RNG_FAILURE_E;
> -
> -+#ifdef HAVE_GETPID
> -+    if (rng->pid != getpid()) {
> -+        rng->pid = getpid();
> -+        ret = PollAndReSeed(rng);
> -+        if (ret != DRBG_SUCCESS) {
> -+            rng->status = DRBG_FAILED;
> -+            return RNG_FAILURE_E;
> -+        }
> -+    }
> -+#endif
> -+
> -     ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz);
> -     if (ret == DRBG_NEED_RESEED) {
> --        int devId = INVALID_DEVID;
> --    #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
> --        devId = rng->devId;
> --    #endif
> --        if (wc_RNG_HealthTestLocal(1, rng->heap, devId) == 0) {
> --        #ifndef WOLFSSL_SMALL_STACK
> --            byte newSeed[SEED_SZ + SEED_BLOCK_SZ];
> --            ret = DRBG_SUCCESS;
> --        #else
> --            byte* newSeed = (byte*)XMALLOC(SEED_SZ + SEED_BLOCK_SZ,
> rng->heap,
> --                DYNAMIC_TYPE_SEED);
> --            ret = (newSeed == NULL) ? MEMORY_E : DRBG_SUCCESS;
> --        #endif
> --            if (ret == DRBG_SUCCESS) {
> --            #ifdef WC_RNG_SEED_CB
> --                if (seedCb == NULL) {
> --                    ret = DRBG_NO_SEED_CB;
> --                }
> --                else {
> --                    ret = seedCb(&rng->seed, newSeed, SEED_SZ +
> SEED_BLOCK_SZ);
> --                    if (ret != 0) {
> --                        ret = DRBG_FAILURE;
> --                    }
> --                }
> --            #else
> --                ret = wc_GenerateSeed(&rng->seed, newSeed,
> --                                  SEED_SZ + SEED_BLOCK_SZ);
> --            #endif
> --                if (ret != 0)
> --                    ret = DRBG_FAILURE;
> --            }
> --            if (ret == DRBG_SUCCESS)
> --                ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ);
> --
> --            if (ret == DRBG_SUCCESS)
> --                ret = Hash_DRBG_Reseed((DRBG_internal *)rng->drbg,
> --                                       newSeed + SEED_BLOCK_SZ, SEED_SZ);
> --            if (ret == DRBG_SUCCESS)
> --                ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg,
> output, sz);
> --
> --        #ifdef WOLFSSL_SMALL_STACK
> --            if (newSeed != NULL) {
> --                ForceZero(newSeed, SEED_SZ + SEED_BLOCK_SZ);
> --            }
> --            XFREE(newSeed, rng->heap, DYNAMIC_TYPE_SEED);
> --        #else
> --            ForceZero(newSeed, sizeof(newSeed));
> --        #endif
> --        }
> --        else {
> --            ret = DRBG_CONT_FAILURE;
> --        }
> -+        ret = PollAndReSeed(rng);
> -+        if (ret == DRBG_SUCCESS)
> -+            ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output,
> sz);
> -     }
> -
> -     if (ret == DRBG_SUCCESS) {
> -diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h
> -index 9dd616328..f472e1f40 100644
> ---- a/wolfssl/wolfcrypt/random.h
> -+++ b/wolfssl/wolfcrypt/random.h
> -@@ -183,6 +183,9 @@ struct WC_RNG {
> - #endif
> -     byte status;
> - #endif
> -+#ifdef HAVE_GETPID
> -+    pid_t pid;
> -+#endif
> - #ifdef WOLFSSL_ASYNC_CRYPT
> -     WC_ASYNC_DEV asyncDev;
> - #endif
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-3.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-3.patch
> deleted file mode 100644
> index e70a3fe..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-3.patch
> +++ /dev/null
> @@ -1,125 +0,0 @@
> -From 62a3a4f0b8b307bdacc34204db44627521de4bf9 Mon Sep 17 00:00:00 2001
> -From: JacobBarthelmeh <jacob@wolfssl.com>
> -Date: Tue, 10 Jun 2025 14:15:38 -0600
> -Subject: [PATCH] add mutex locking and compat layer FIPS case
> -
> -CVE: CVE-2025-7394
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/fbbb6b7707f7f8ae1c38ab68daec0af02ee0208a
> ]
> -(cherry picked from commit fbbb6b7707f7f8ae1c38ab68daec0af02ee0208a)
> -Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
> ----
> - src/ssl.c | 62 +++++++++++++++++++++++++++----------------------------
> - 1 file changed, 31 insertions(+), 31 deletions(-)
> -
> -diff --git a/src/ssl.c b/src/ssl.c
> -index 872aed594..f0186b253 100644
> ---- a/src/ssl.c
> -+++ b/src/ssl.c
> -@@ -23603,6 +23603,12 @@ static int wolfSSL_RAND_InitMutex(void)
> -
> - #ifdef OPENSSL_EXTRA
> -
> -+#if defined(HAVE_GETPID) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> -+/* In older FIPS bundles add check for reseed here since it does not
> exist in
> -+ * the older random.c certified files. */
> -+static pid_t currentRandPid = 0;
> -+#endif
> -+
> - /* Checks if the global RNG has been created. If not then one is created.
> -  *
> -  * Returns WOLFSSL_SUCCESS when no error is encountered.
> -@@ -23616,8 +23622,8 @@ int wolfSSL_RAND_Init(void)
> -             ret = wc_InitRng(&globalRNG);
> -             if (ret == 0) {
> -             #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \
> --                FIPS_VERSION3_LT(6,0,0)))
> --                currentPid = getpid();
> -+                FIPS_VERSION3_LT(6,0,0)
> -+                currentRandPid = getpid();
> -             #endif
> -                 initGlobalRNG = 1;
> -                 ret = WOLFSSL_SUCCESS;
> -@@ -24049,28 +24055,6 @@ int wolfSSL_RAND_pseudo_bytes(unsigned char*
> buf, int num)
> -     return ret;
> - }
> -
> --#if defined(HAVE_GETPID) && defined(HAVE_FIPS) &&
> FIPS_VERSION3_LT(6,0,0)))
> --/* In older FIPS bundles add check for reseed here since it does not
> exist in
> -- * the older random.c certified files. */
> --static pid_t currentPid = 0;
> --
> --/* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */
> --static int RandCheckReSeed()
> --{
> --    int ret = WOLFSSL_SUCCESS;
> --    pid_t p;
> --
> --    p = getpid();
> --    if (p != currentPid) {
> --        currentPid = p;
> --        if (wolfSSL_RAND_poll() != WOLFSSL_SUCCESS) {
> --            ret = WOLFSSL_FAILURE;
> --        }
> --    }
> --    return ret;
> --}
> --#endif
> --
> - /* returns WOLFSSL_SUCCESS (1) if the bytes generated are valid
> otherwise 0
> -  * on failure */
> - int wolfSSL_RAND_bytes(unsigned char* buf, int num)
> -@@ -24114,17 +24098,27 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int
> num)
> -          * have the lock.
> -          */
> -         if (initGlobalRNG) {
> --            rng = &globalRNG;
> --
> -         #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \
> --                FIPS_VERSION3_LT(6,0,0)))
> --            if (RandCheckReSeed() != WOLFSSL_SUCCESS) {
> -+                FIPS_VERSION3_LT(6,0,0)
> -+            pid_t p;
> -+
> -+            p = getpid();
> -+            if (p != currentRandPid) {
> -                 wc_UnLockMutex(&globalRNGMutex);
> --                WOLFSSL_MSG("Issue with check pid and reseed");
> --                return ret;
> -+                if (wolfSSL_RAND_poll() != WOLFSSL_SUCCESS) {
> -+                    WOLFSSL_MSG("Issue with check pid and reseed");
> -+                    ret = WOLFSSL_FAILURE;
> -+                }
> -+
> -+                /* reclaim lock after wolfSSL_RAND_poll */
> -+                if (wc_LockMutex(&globalRNGMutex) != 0) {
> -+                    WOLFSSL_MSG("Bad Lock Mutex rng");
> -+                    return ret;
> -+                }
> -+                currentRandPid = p;
> -             }
> -         #endif
> --
> -+            rng = &globalRNG;
> -             used_global = 1;
> -         }
> -         else {
> -@@ -24201,6 +24195,11 @@ int wolfSSL_RAND_poll(void)
> -     }
> -     else {
> - #ifdef HAVE_HASHDRBG
> -+        if (wc_LockMutex(&globalRNGMutex) != 0) {
> -+            WOLFSSL_MSG("Bad Lock Mutex rng");
> -+            return ret;
> -+        }
> -+
> -         ret = wc_RNG_DRBG_Reseed(&globalRNG, entropy, entropy_sz);
> -         if (ret != 0) {
> -             WOLFSSL_MSG("Error reseeding DRBG");
> -@@ -24209,6 +24208,7 @@ int wolfSSL_RAND_poll(void)
> -         else {
> -             ret = WOLFSSL_SUCCESS;
> -         }
> -+        wc_UnLockMutex(&globalRNGMutex);
> - #else
> -         WOLFSSL_MSG("RAND_poll called with HAVE_HASHDRBG not set");
> -         ret = WOLFSSL_FAILURE;
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-4.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-4.patch
> deleted file mode 100644
> index 7d6413f..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-4.patch
> +++ /dev/null
> @@ -1,85 +0,0 @@
> -From d7a68e85ebe4705e7345b0e5012c806615cd86c7 Mon Sep 17 00:00:00 2001
> -From: JacobBarthelmeh <jacob@wolfssl.com>
> -Date: Tue, 10 Jun 2025 16:12:09 -0600
> -Subject: [PATCH] add a way to restore previous pid behavior
> -
> -CVE: CVE-2025-7394
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/47cf634965a3aabe82fd97a8feed9efd6688e34a
> ]
> -Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
> ----
> - src/ssl.c                  | 11 ++++++-----
> - wolfcrypt/src/random.c     |  4 ++--
> - wolfssl/wolfcrypt/random.h |  2 +-
> - 3 files changed, 9 insertions(+), 8 deletions(-)
> -
> -diff --git a/src/ssl.c b/src/ssl.c
> -index f0186b253..e214fa504 100644
> ---- a/src/ssl.c
> -+++ b/src/ssl.c
> -@@ -23603,7 +23603,8 @@ static int wolfSSL_RAND_InitMutex(void)
> -
> - #ifdef OPENSSL_EXTRA
> -
> --#if defined(HAVE_GETPID) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> -+#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
> -+    defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> - /* In older FIPS bundles add check for reseed here since it does not
> exist in
> -  * the older random.c certified files. */
> - static pid_t currentRandPid = 0;
> -@@ -23621,8 +23622,8 @@ int wolfSSL_RAND_Init(void)
> -         if (initGlobalRNG == 0) {
> -             ret = wc_InitRng(&globalRNG);
> -             if (ret == 0) {
> --            #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \
> --                FIPS_VERSION3_LT(6,0,0)
> -+            #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
> -+                defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> -                 currentRandPid = getpid();
> -             #endif
> -                 initGlobalRNG = 1;
> -@@ -24098,8 +24099,8 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int
> num)
> -          * have the lock.
> -          */
> -         if (initGlobalRNG) {
> --        #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \
> --                FIPS_VERSION3_LT(6,0,0)
> -+        #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
> -+                defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> -             pid_t p;
> -
> -             p = getpid();
> -diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
> -index b440e274b..dc89db542 100644
> ---- a/wolfcrypt/src/random.c
> -+++ b/wolfcrypt/src/random.c
> -@@ -1599,7 +1599,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce,
> word32 nonceSz,
> - #else
> -     rng->heap = heap;
> - #endif
> --#ifdef HAVE_GETPID
> -+#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID)
> -     rng->pid = getpid();
> - #endif
> - #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
> -@@ -1968,7 +1968,7 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output,
> word32 sz)
> -     if (rng->status != DRBG_OK)
> -         return RNG_FAILURE_E;
> -
> --#ifdef HAVE_GETPID
> -+#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID)
> -     if (rng->pid != getpid()) {
> -         rng->pid = getpid();
> -         ret = PollAndReSeed(rng);
> -diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h
> -index f472e1f40..320641548 100644
> ---- a/wolfssl/wolfcrypt/random.h
> -+++ b/wolfssl/wolfcrypt/random.h
> -@@ -183,7 +183,7 @@ struct WC_RNG {
> - #endif
> -     byte status;
> - #endif
> --#ifdef HAVE_GETPID
> -+#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID)
> -     pid_t pid;
> - #endif
> - #ifdef WOLFSSL_ASYNC_CRYPT
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-5.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-5.patch
> deleted file mode 100644
> index 6747f24..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-5.patch
> +++ /dev/null
> @@ -1,40 +0,0 @@
> -From 670437d91ae3025b4721eb4f450e5dc31fc3d6ee Mon Sep 17 00:00:00 2001
> -From: Chris Conlon <chris@wolfssl.com>
> -Date: Wed, 18 Jun 2025 16:08:34 -0600
> -Subject: [PATCH] Add HAVE_GETPID to options.h if getpid detected, needed
> for
> - apps to correctly detect size of WC_RNG struct
> -
> -CVE: CVE-2025-7394
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/9c35c0de65e135e621400958f22829c0d2555ed4
> ]
> -Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
> ----
> - configure.ac | 9 +++++++++
> - 1 file changed, 9 insertions(+)
> -
> -diff --git a/configure.ac b/configure.ac
> -index 43ddd4767..636c45aef 100644
> ---- a/configure.ac
> -+++ b/configure.ac
> -@@ -156,6 +156,9 @@ fi
> - #ifdef HAVE_STDLIB_H
> -     #include <stdlib.h>
> - #endif
> -+#ifdef HAVE_UNISTD_H
> -+    #include <unistd.h>
> -+#endif
> - ]])
> -
> - AC_PROG_INSTALL
> -@@ -9479,6 +9482,12 @@ then
> -     AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T=1"
> - fi
> -
> -+# Add HAVE_GETPID to AM_CFLAGS for inclusion in options.h
> -+if test "$ac_cv_func_getpid" = "yes"
> -+then
> -+    AM_CFLAGS="$AM_CFLAGS -DHAVE_GETPID=1"
> -+fi
> -+
> - LIB_SOCKET_NSL
> - AX_HARDEN_CC_COMPILER_FLAGS
> -
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-6.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-6.patch
> deleted file mode 100644
> index e86bc8b..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-6.patch
> +++ /dev/null
> @@ -1,48 +0,0 @@
> -From aaad0035e4e795b8b225bd481e3942de015a362d Mon Sep 17 00:00:00 2001
> -From: Chris Conlon <chris@wolfssl.com>
> -Date: Wed, 18 Jun 2025 16:57:02 -0600
> -Subject: [PATCH] Add check for reseed in ssl.c for HAVE_SELFTEST, similar
> to
> - old FIPS bundles that do not have older random.c files
> -
> -CVE: CVE-2025-7394
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/cdd02f9665ef43126503307972e4389070a00a73
> -(cherry
> <https://github.com/wolfSSL/wolfssl/commit/cdd02f9665ef43126503307972e4389070a00a73-(cherry>
> picked from commit cdd02f9665ef43126503307972e4389070a00a73)
> -Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
> ----
> - src/ssl.c | 9 ++++++---
> - 1 file changed, 6 insertions(+), 3 deletions(-)
> -
> -diff --git a/src/ssl.c b/src/ssl.c
> -index e214fa504..e538233fc 100644
> ---- a/src/ssl.c
> -+++ b/src/ssl.c
> -@@ -23604,7 +23604,7 @@ static int wolfSSL_RAND_InitMutex(void)
> - #ifdef OPENSSL_EXTRA
> -
> - #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
> --    defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> -+    ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) ||
> defined(HAVE_SELFTEST))
> - /* In older FIPS bundles add check for reseed here since it does not
> exist in
> -  * the older random.c certified files. */
> - static pid_t currentRandPid = 0;
> -@@ -23623,7 +23623,9 @@ int wolfSSL_RAND_Init(void)
> -             ret = wc_InitRng(&globalRNG);
> -             if (ret == 0) {
> -             #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
> --                defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> -+                ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || \
> -+                 defined(HAVE_SELFTEST))
> -+
> -                 currentRandPid = getpid();
> -             #endif
> -                 initGlobalRNG = 1;
> -@@ -24100,7 +24102,8 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int
> num)
> -          */
> -         if (initGlobalRNG) {
> -         #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
> --                defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
> -+                ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || \
> -+                 defined(HAVE_SELFTEST))
> -             pid_t p;
> -
> -             p = getpid();
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-1.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-1.patch
> deleted file mode 100644
> index 9c661d6..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-1.patch
> +++ /dev/null
> @@ -1,84 +0,0 @@
> -From e6c0d1ac7b480c0b5e36f660dd3c0f2b45e4c3ab Mon Sep 17 00:00:00 2001
> -From: Ruby Martin <ruby@wolfssl.com>
> -Date: Mon, 2 Jun 2025 16:38:32 -0600
> -Subject: [PATCH] create policy for WOLFSSL_APPLE_NATIVE_CERT_VALIDATION,
> - domain name checking
> -
> -CVE: CVE-2025-7395
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/9864959e41bd9259f258c09171ae2ec1c43fbc7f
> ]
> -Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
> ----
> - src/internal.c | 25 ++++++++++++++++++++-----
> - 1 file changed, 20 insertions(+), 5 deletions(-)
> -
> -diff --git a/src/internal.c b/src/internal.c
> -index 6bbd38fa8..2b090382f 100644
> ---- a/src/internal.c
> -+++ b/src/internal.c
> -@@ -221,7 +221,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please
> add LARGE_STATIC_BUFFERS
> - #include <Security/SecCertificate.h>
> - #include <Security/SecTrust.h>
> - #include <Security/SecPolicy.h>
> --static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs,
> -+static int DoAppleNativeCertValidation(WOLFSSL* ssl, const
> WOLFSSL_BUFFER_INFO* certs,
> -                                             int totalCerts);
> - #endif /* #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */
> -
> -@@ -15992,7 +15992,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input,
> word32* inOutIdx,
> -              * into wolfSSL, try to validate against the system
> certificates
> -              * using Apple's native trust APIs */
> -             if ((ret != 0) &&
> (ssl->ctx->doAppleNativeCertValidationFlag)) {
> --                if (DoAppleNativeCertValidation(args->certs,
> -+                if (DoAppleNativeCertValidation(ssl, args->certs,
> -                                                      args->totalCerts)) {
> -                     WOLFSSL_MSG("Apple native cert chain validation
> SUCCESS");
> -                     ret = 0;
> -@@ -41246,7 +41246,8 @@ cleanup:
> -  * wolfSSL's built-in certificate validation mechanisms anymore. We
> instead
> -  * must call into the Security Framework APIs to authenticate peer
> certificates
> -  */
> --static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs,
> -+static int DoAppleNativeCertValidation(WOLFSSL* ssl,
> -+                                            const WOLFSSL_BUFFER_INFO*
> certs,
> -                                             int totalCerts)
> - {
> -     int i;
> -@@ -41255,7 +41256,8 @@ static int DoAppleNativeCertValidation(const
> WOLFSSL_BUFFER_INFO* certs,
> -     CFMutableArrayRef certArray = NULL;
> -     SecCertificateRef secCert   = NULL;
> -     SecTrustRef       trust     = NULL;
> --    SecPolicyRef      policy    = NULL ;
> -+    SecPolicyRef      policy    = NULL;
> -+    CFStringRef       hostname  = NULL;
> -
> -     WOLFSSL_ENTER("DoAppleNativeCertValidation");
> -
> -@@ -41283,7 +41285,17 @@ static int DoAppleNativeCertValidation(const
> WOLFSSL_BUFFER_INFO* certs,
> -     }
> -
> -     /* Create trust object for SecCertifiate Ref */
> --    policy = SecPolicyCreateSSL(true, NULL);
> -+    if (ssl->buffers.domainName.buffer &&
> -+            ssl->buffers.domainName.length > 0) {
> -+        /* Create policy with specified value to require host name match
> */
> -+        hostname = CFStringCreateWithCString(kCFAllocatorDefault,
> -+        (const char*)ssl->buffers.domainName.buffer,
> kCFStringEncodingUTF8);
> -+    }
> -+    if (hostname != NULL) {
> -+        policy = SecPolicyCreateSSL(true, hostname);
> -+    } else {
> -+        policy = SecPolicyCreateSSL(true, NULL);
> -+    }
> -     status = SecTrustCreateWithCertificates(certArray, policy, &trust);
> -     if (status != errSecSuccess) {
> -         WOLFSSL_MSG_EX("Error creating trust object, "
> -@@ -41314,6 +41326,9 @@ cleanup:
> -     if (policy) {
> -         CFRelease(policy);
> -     }
> -+    if (hostname) {
> -+        CFRelease(hostname);
> -+    }
> -
> -     WOLFSSL_LEAVE("DoAppleNativeCertValidation", ret);
> -
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-2.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-2.patch
> deleted file mode 100644
> index 857f6bb..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-2.patch
> +++ /dev/null
> @@ -1,27 +0,0 @@
> -From aad4e7c38f3784942923f4871d61a7e41d3de842 Mon Sep 17 00:00:00 2001
> -From: Brett <bigbrett@users.noreply.github.com>
> -Date: Wed, 4 Jun 2025 15:48:15 -0600
> -Subject: [PATCH] prevent apple native cert validation from overriding
> error
> - codes other than ASN_NO_SIGNER_E
> -
> -CVE: CVE-2025-7395
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/bc8eeea703253bd65d472a9541b54fef326e8050
> ]
> -Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
> ----
> - src/internal.c | 3 ++-
> - 1 file changed, 2 insertions(+), 1 deletion(-)
> -
> -diff --git a/src/internal.c b/src/internal.c
> -index 2b090382f..79f584a0a 100644
> ---- a/src/internal.c
> -+++ b/src/internal.c
> -@@ -15991,7 +15991,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input,
> word32* inOutIdx,
> -             /* If we can't validate the peer cert chain against the CAs
> loaded
> -              * into wolfSSL, try to validate against the system
> certificates
> -              * using Apple's native trust APIs */
> --            if ((ret != 0) &&
> (ssl->ctx->doAppleNativeCertValidationFlag)) {
> -+            if ((ret == ASN_NO_SIGNER_E) &&
> -+                (ssl->ctx->doAppleNativeCertValidationFlag)) {
> -                 if (DoAppleNativeCertValidation(ssl, args->certs,
> -                                                      args->totalCerts)) {
> -                     WOLFSSL_MSG("Apple native cert chain validation
> SUCCESS");
> diff --git
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-3.patch
> b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-3.patch
> deleted file mode 100644
> index a7e1c33..0000000
> ---
> a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-3.patch
> +++ /dev/null
> @@ -1,25 +0,0 @@
> -From f2a85e37e552d8dfafa2cbf32507b2fa545ee593 Mon Sep 17 00:00:00 2001
> -From: Brett <bigbrett@users.noreply.github.com>
> -Date: Wed, 4 Jun 2025 16:56:16 -0600
> -Subject: [PATCH] add missing error trace macro
> -
> -CVE: CVE-2025-7395
> -Upstream-Status: Backport [
> https://github.com/wolfSSL/wolfssl/commit/0e2a3fd0b64bc6ba633aa9227e92ecacb42b5b1b
> ]
> -Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
> ----
> - src/internal.c | 2 +-
> - 1 file changed, 1 insertion(+), 1 deletion(-)
> -
> -diff --git a/src/internal.c b/src/internal.c
> -index 79f584a0a..5557b5698 100644
> ---- a/src/internal.c
> -+++ b/src/internal.c
> -@@ -15991,7 +15991,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input,
> word32* inOutIdx,
> -             /* If we can't validate the peer cert chain against the CAs
> loaded
> -              * into wolfSSL, try to validate against the system
> certificates
> -              * using Apple's native trust APIs */
> --            if ((ret == ASN_NO_SIGNER_E) &&
> -+            if ((ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)) &&
> -                 (ssl->ctx->doAppleNativeCertValidationFlag)) {
> -                 if (DoAppleNativeCertValidation(ssl, args->certs,
> -                                                      args->totalCerts)) {
> diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.7.2.bb
> b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.9.2.bb
> similarity index 78%
> rename from meta-networking/recipes-connectivity/wolfssl/wolfssl_5.7.2.bb
> rename to meta-networking/recipes-connectivity/wolfssl/wolfssl_5.9.2.bb
> index 0dc488d..2600e94 100644
> --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.7.2.bb
> +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.9.2.bb
> @@ -14,17 +14,8 @@ RPROVIDES:${PN} = "cyassl"
>
>  SRC_URI = "git://
> github.com/wolfSSL/wolfssl.git;protocol=https;branch=master \
>             file://run-ptest \
> -           file://CVE-2025-7395-1.patch \
> -           file://CVE-2025-7395-2.patch \
> -           file://CVE-2025-7395-3.patch \
> -           file://CVE-2025-7394-1.patch \
> -           file://CVE-2025-7394-2.patch \
> -           file://CVE-2025-7394-3.patch \
> -           file://CVE-2025-7394-4.patch \
> -           file://CVE-2025-7394-5.patch \
> -           file://CVE-2025-7394-6.patch \
>             "
> -SRCREV = "00e42151ca061463ba6a95adb2290f678cbca472"
> +SRCREV = "ac01707f552c611fbd135cc723b2682b3e7f80f2"
>
>  S = "${WORKDIR}/git"
>
> --
> 2.55.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#128230):
> https://lists.openembedded.org/g/openembedded-devel/message/128230
> Mute This Topic: https://lists.openembedded.org/mt/120295424/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [
> raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>

[-- Attachment #2: Type: text/html, Size: 47550 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [oe] [PATCH 1/2] wolfssl: upgrade 5.7.2 -> 5.9.2
@ 2026-07-17  6:45 Lian Wang
  0 siblings, 0 replies; 3+ messages in thread
From: Lian Wang @ 2026-07-17  6:45 UTC (permalink / raw)
  To: openembedded-devel; +Cc: raj.khem

Hi Khem,

Thank you for the review.

I've checked the master branch and found:
- opensc (2/2) is already at 0.27.1 on master - no upgrade needed
- tcpdump is already at 4.99.6 on master - no upgrade needed
- wolfssl needed 5.9.1 -> 5.9.2, I've sent a v2 rebased on master

Thanks for the guidance on the branch policy. I'll target master for
version upgrades going forward.

Thanks,
Lian


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [oe] [PATCH 1/2] wolfssl: upgrade 5.7.2 -> 5.9.2
@ 2026-07-17  6:48 Lian Wang
  0 siblings, 0 replies; 3+ messages in thread
From: Lian Wang @ 2026-07-17  6:48 UTC (permalink / raw)
  To: openembedded-devel; +Cc: raj.khem

Hi Khem,

Thank you for the review. I've rebased on master as requested:
- wolfssl 5.9.1 -> 5.9.2 v2 sent to master
- opensc (2/2) is already at 0.27.1 on master, no upgrade needed
- tcpdump is already at 4.99.6 on master, no upgrade needed

Thanks for the guidance on the branch policy.

Thanks,
Lian


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-07-17  6:48 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-17  6:45 [oe] [PATCH 1/2] wolfssl: upgrade 5.7.2 -> 5.9.2 Lian Wang
  -- strict thread matches above, loose matches on Subject: below --
2026-07-17  6:48 Lian Wang
2026-07-16  8:08 Lian Wang
2026-07-17  4:13 ` [oe] " Khem Raj

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.