From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: yoann.congal@smile.fr, ankur.tyagi85@gmail.com,
openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][whinlatter][PATCH] barebox/barebox-tools: upgrade 2025.09.0 -> 2025.09.3
Date: Thu, 16 Apr 2026 13:34:15 +0200 [thread overview]
Message-ID: <aeef1553-eec2-480e-bbc3-21766628dec5@pengutronix.de> (raw)
In-Reply-To: <DHU1874ATB71.203BIG61AS590@smile.fr>
Hello Yoann!
On 4/15/26 11:05 PM, Yoann Congal via lists.openembedded.org wrote:
> On Wed Apr 8, 2026 at 2:09 AM CEST, Ankur Tyagi via lists.openembedded.org wrote:
>> From: Ankur Tyagi <ankur.tyagi85@gmail.com>
>>
>> 2025.09.3
>> ---------
>> Fixed FIT image vulnerability
>> https://lore.barebox.org/barebox/abljJRMecNdejSD0@pengutronix.de/
>>
>> Changelog:
>> https://github.com/barebox/barebox/compare/v2025.09.2...v2025.09.3
>>
>> 2025.09.2
>> ---------
>> Changelog:
>> https://github.com/barebox/barebox/compare/v2025.09.1...v2025.09.2
>>
>> 2025.09.1
>> ---------
>> This stable release is specifically targeted at whinlatter which is
>> currently at v2025.09.0
>> https://lore.barebox.org/barebox/aUkaSKDePHF8__LB@pengutronix.de/
>>
>> Changelog:
>> https://github.com/barebox/barebox/compare/v2025.09.0...v2025.09.1
>>
>> Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
>
> I'm a bit torn on this one. Because on one hand, this looks like a
> proper stable branch (and I appreciate the effort),
I had prepared the v2025.09.y releases, so we (barebox) can hone a
workflow to be able to support the release that makes it into Wrynose
for a longer time than the usual 1 month it takes between the monthly
releases of barebox.
> but on the other
> hand, there are changes that I find too risky:
> For example:
> * API Change: https://github.com/barebox/barebox/commit/5e9f709b2b56bd9689e174572ef2af59b9fed5d2
barebox is a bare metal bootloader. Its API surface is:
- the data formats it parses
- the data it passes along, e.g. fixed up device trees
- the boot/runtime services it provides to an OS (UEFI/PSCI/TEE-supplicant).
The change to bootm_set_overrides is not a change that affects
user-visible API for any of that; it is completely internal to barebox.
Revisiting it, I still think it was appropriate to backport it.
> * New feature: https://github.com/barebox/barebox/compare/v2025.09.0...v2025.09.3#diff-2dd6d3e4c91931c982f091155a47dd8d03e26731f8d59b112e938508fe12255aR1
Which features do you see there?
I read through the 50 commit titles on the first page and nearly all of
them are fixes. The very few that aren't direct fixes are relatively
benign preparatory commits followed by a fix and they were then
backported together.
> Thoughts?
For the record, v2026.09.3 and v2026.03.1 were released together and
that's the number of commits they have compared to v2025.09.0:
$ git log v2025.09.0..v2025.09.3 --oneline | wc -l
111
$ git log v2025.09.0..v2026.03.1 --oneline | wc -l
1023
So roughly 10% of commits to master since v2025.09.0 were hand selected
to be backported as fixes. FWIW, I got curious and compared v6.19.12 to
v7.0 and there it's 21%, so there's still some untapped potential (for
squashing bugs!).
> In the meantime, I will keep it in my branch for awareness.
I appreciate that the stable branch was picked up, so many thanks for that!
Cheers,
Ahmad
>
>> ---
>> meta/recipes-bsp/barebox/barebox-common.inc | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/meta/recipes-bsp/barebox/barebox-common.inc b/meta/recipes-bsp/barebox/barebox-common.inc
>> index e41d0858fd..91865b4d44 100644
>> --- a/meta/recipes-bsp/barebox/barebox-common.inc
>> +++ b/meta/recipes-bsp/barebox/barebox-common.inc
>> @@ -3,6 +3,6 @@ SECTION = "bootloaders"
>>
>> LIC_FILES_CHKSUM = "file://COPYING;md5=f5125d13e000b9ca1f0d3364286c4192"
>>
>> -PV = "2025.09.0"
>> +PV = "2025.09.3"
>> SRC_URI = "https://barebox.org/download/barebox-${PV}.tar.bz2"
>> -SRC_URI[sha256sum] = "7df1aa47bb7bf1763a729137ac773e69a4052812af094475d739fc63a9295f0d"
>> +SRC_URI[sha256sum] = "e87eb863cbe45e4f5af8930825c8f6e20c02b82451e9e1125ea1c73c1fb49a87"
>
>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#235329): https://lists.openembedded.org/g/openembedded-core/message/235329
> Mute This Topic: https://lists.openembedded.org/mt/118717996/4830399
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [a.fatoum@pengutronix.de]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2026-04-16 11:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-08 0:09 [OE-core][whinlatter][PATCH] barebox/barebox-tools: upgrade 2025.09.0 -> 2025.09.3 ankur.tyagi85
2026-04-15 21:05 ` Yoann Congal
2026-04-16 11:34 ` Ahmad Fatoum [this message]
2026-04-16 13:40 ` Yoann Congal
2026-04-16 15:45 ` Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aeef1553-eec2-480e-bbc3-21766628dec5@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=ankur.tyagi85@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=yoann.congal@smile.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox