From: "Yoann Congal" <yoann.congal@smile.fr>
To: "Benjamin Robin" <benjamin.robin@bootlin.com>,
<openembedded-core@lists.openembedded.org>
Cc: mathieu.dubois-briand@bootlin.com,
richard.purdie@linuxfoundation.org, JPEWhacker@gmail.com,
thomas.petazzoni@bootlin.com, pascal.eberhard@se.com,
"Ross Burton" <ross.burton@arm.com>,
"David Nyström" <david.nystrom@est.tech>,
kamel.bouhara@bootlin.com
Subject: Re: [OE-core] [PATCH scarthgap 0/3] meta: Backport rejected CVEs and SPDX3 fixes
Date: Thu, 05 Mar 2026 10:27:37 +0100 [thread overview]
Message-ID: <DGUQPU1BN6DT.3QWYXCIXTY7C@smile.fr> (raw)
In-Reply-To: <8651428.T7Z3S40VBb@brobin-bootlin>
On Thu Mar 5, 2026 at 9:29 AM CET, Benjamin Robin wrote:
> On Wednesday, March 4, 2026 at 8:14 PM, Yoann Congal wrote:
>> On Tue Mar 3, 2026 at 5:46 PM CET, Benjamin Robin via lists.openembedded.org wrote:
>> > This series backports three patches from `master` to `Scarthgap`.
>> >
>> > Removed references to rejected CVEs:
>> > - Removed references to `CVE-2025-62813` and `CVE-2021-3502` in patch
>> > files, as these CVEs have been rejected.
>> > - This change prevents rejected CVE references from appearing in the
>> > generated SBOM.
>> >
>> > Fixed kernel `CONFIG_` generation in SPDX3:
>> > - Backported a fix for the generation of kernel `CONFIG_` values in
>> > SPDX3 output.
>> > - This is a important fix, as the generated SBOM file might otherwise
>> > randomly omit kernel `CONFIG_` values.
>>
>> Hello,
>>
>> Can you please send the equivalent series for whinlatter?
>
> Hello Yoann,
>
> I can send an "equivalent" series for whinlatter but only with the CVE
> "fixes".
> The generation of kernel `CONFIG_` values in SPDX3 output was not
> backported in whinlatter: It is only in master and Scarthgap.
Oh that's why I couldn't trivialy backport the patch (I did not look
why)
> Let me know what I need to do in this case?
I can do the cherry-pick for the 2 rejected CVE patches.
Thanks!
--
Yoann Congal
Smile ECS
prev parent reply other threads:[~2026-03-05 9:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-03 16:46 [PATCH scarthgap 0/3] meta: Backport rejected CVEs and SPDX3 fixes Benjamin Robin (Schneider Electric)
2026-03-03 16:46 ` [PATCH scarthgap 1/3] avahi: Remove a reference to the rejected CVE-2021-36217 Benjamin Robin (Schneider Electric)
2026-03-03 16:46 ` [PATCH scarthgap 2/3] lz4: Remove a reference to the rejected CVE-2025-62813 Benjamin Robin (Schneider Electric)
2026-03-03 16:46 ` [PATCH scarthgap 3/3] meta: fix generation of kernel CONFIG_ in SPDX3 Benjamin Robin (Schneider Electric)
2026-03-04 19:14 ` [OE-core] [PATCH scarthgap 0/3] meta: Backport rejected CVEs and SPDX3 fixes Yoann Congal
2026-03-05 8:29 ` Benjamin Robin
2026-03-05 9:27 ` Yoann Congal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DGUQPU1BN6DT.3QWYXCIXTY7C@smile.fr \
--to=yoann.congal@smile.fr \
--cc=JPEWhacker@gmail.com \
--cc=benjamin.robin@bootlin.com \
--cc=david.nystrom@est.tech \
--cc=kamel.bouhara@bootlin.com \
--cc=mathieu.dubois-briand@bootlin.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=pascal.eberhard@se.com \
--cc=richard.purdie@linuxfoundation.org \
--cc=ross.burton@arm.com \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox