Thanks, Yoann. Yes, feature changes are usually not something we should take in stable.
For this BIND work, I first submitted the individual CVE backport patches for scarthgap: - CVE-2026-1519: https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/ - CVE-2026-5950: https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/ - CVE-2026-3592: https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/ - CVE-2026-3039: https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/ - CVE-2026-5946: https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/ During review, the feedback was that BIND is one of the rare projects where the upstream stable branch matches OE stable policy, and that upgrading along the 9.18 branch would be preferable to carrying a large CVE backport patch stack. That is why I superseded the backport series and sent the 9.18.44 -> 9.18.49 upgrade instead: https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/ For the specific 9.18.45 changelog item you pointed out, the change is limited to ISC's upstream system test suite. It raises the Python requirement for running `bin/tests/system` and tracks those test-suite Python dependencies in `bin/tests/system/requirements.txt`. OE-Core's `bind` recipe does not enable or package that upstream system test suite and does not inherit `ptest`, so this change is not part of the target build, installed packages, runtime dependencies, or runtime behavior. So the reason for the upgrade is that it follows the earlier review direction to use the BIND 9.18 stable branch, while this particular feature change is test-suite-only and not target-visible in OE-Core. Regards, Ashish ________________________________ From: Yoann Congal <[email protected]> Sent: 07 July 2026 15:49 To: Ashishkumar Parmar -X (asparmar - E INFOCHIPS PRIVATE LIMITED at Cisco) <[email protected]>; [email protected] <[email protected]> Cc: xe-linux-external (Internal Group) <[email protected]> Subject: Re: [OE-core][scarthgap][PATCH v2] bind: Upgrade 9.18.44 -> 9.18.49 On Tue Jun 30, 2026 at 8:04 AM CEST, Ashishkumar Parmar X (asparmar - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org wrote: > From: Ashishkumar Parmar <[email protected]> > > This upgrade fixes CVE-2026-1519, CVE-2026-3039, CVE-2026-3592, CVE-2026-5946 > and CVE-2026-5950. > > Changelog > ========= > https://downloads.isc.org/isc/bind9/9.18.49/doc/arm/html/notes.html That changelog contains: | Notes for BIND 9.18.45 | Feature Changes | Update requirements for system test suite. | Python 3.10 or newer is now required for running the system test | suite. The required Python packages and their version requirements | are now tracked in the file bin/tests/system/requirements.txt. [GL | #5690] [GL #5614] Feature changes are not usually acceptable for stable. Can you justify why this is the case here? Thanks! > > Signed-off-by: Ashishkumar Parmar <[email protected]> > --- > .../bind/{bind_9.18.44.bb => bind_9.18.49.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > rename meta/recipes-connectivity/bind/{bind_9.18.44.bb => bind_9.18.49.bb} > (97%) > > diff --git a/meta/recipes-connectivity/bind/bind_9.18.44.bb > b/meta/recipes-connectivity/bind/bind_9.18.49.bb > similarity index 97% > rename from meta/recipes-connectivity/bind/bind_9.18.44.bb > rename to meta/recipes-connectivity/bind/bind_9.18.49.bb > index d424edcb4e..723a09e739 100644 > --- a/meta/recipes-connectivity/bind/bind_9.18.44.bb > +++ b/meta/recipes-connectivity/bind/bind_9.18.49.bb > @@ -20,7 +20,7 @@ SRC_URI = > "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ > file://0001-avoid-start-failure-with-bind-user.patch \ > " > > -SRC_URI[sha256sum] = > "81f5035a25c576af1a93f0061cf70bde6d00a0c7bd1274abf73f5b5389a6f82d" > +SRC_URI[sha256sum] = > "c43ce4548ebed788cd9df63658a7de105ceafba43fcd63fa352b1093e525cd24" > > UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" > # follow the ESV versions divisible by 2 -- Yoann Congal Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#240386): https://lists.openembedded.org/g/openembedded-core/message/240386 Mute This Topic: https://lists.openembedded.org/mt/120043131/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
