pool/micropython
SHA256
17
0
Fork 3
Code Issues Pull Requests 1 Activity

CVE-2026-1998 #3

Open
dheidler wants to merge 3 commits from dheidler/micropython:leap-16.0 into leap-16.0
pull from: dheidler/micropython:leap-16.0
merge into: pool:leap-16.0
Conversation 14 Commits 3 Files Changed 6 +176 -6
dheidler commented 2026-02-06 17:23:08 +01:00
Contributor
Copy Link
No description provided.
dheidler added 6 commits 2026-02-06 17:23:08 +01:00
- Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438 c328f134d3 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/micropython?expand=0&rev=56
Accepting request 1313040 from devel:languages:python 3ca66751b3 
- Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438

OBS-URL: https://build.opensuse.org/request/show/1313040
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/micropython?expand=0&rev=23
- Fix building on single core systems a00206d42c 
* Skip tests/thread/stress_schedule.py when single core system detected

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/micropython?expand=0&rev=58
- Version 1.26.1 36fded7970 
* esp32: update esp_tinyusb component to v1.7.6
  * tools: add an environment variable MICROPY_MAINTAINER_BUILD
  * esp32: add IDF Component Lockfiles to git repo
  * shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag
  * shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop
  * tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/micropython?expand=0&rev=59
Accepting request 1313856 from devel:languages:python 594aac1953 
- Version 1.26.1
  * esp32: update esp_tinyusb component to v1.7.6
  * tools: add an environment variable MICROPY_MAINTAINER_BUILD
  * esp32: add IDF Component Lockfiles to git repo
  * shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag
  * shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop
  * tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev

- Fix building on single core systems
  * Skip tests/thread/stress_schedule.py when single core system detected

OBS-URL: https://build.opensuse.org/request/show/1313856
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/micropython?expand=0&rev=24
CVE-2026-1998.patch 2322691c90
autogits_workflow_pr_bot requested review from legaldb 2026-02-06 17:23:34 +01:00
autogits_workflow_pr_bot requested review from maintenance-release-review 2026-02-06 17:23:34 +01:00
autogits_workflow_pr_bot requested review from opensuse-review 2026-02-06 17:23:34 +01:00
maintenance-release-review commented 2026-02-06 17:26:46 +01:00
First-time contributor
Copy Link

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @maintenance-release-review: approve.
To request changes on behalf of the group, create the following comment: @maintenance-release-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@maintenance-release-review: approve`. To request changes on behalf of the group, create the following comment: `@maintenance-release-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
opensuse-review commented 2026-02-06 17:32:14 +01:00
Member
Copy Link

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @opensuse-review: approve.
To request changes on behalf of the group, create the following comment: @opensuse-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@opensuse-review: approve`. To request changes on behalf of the group, create the following comment: `@opensuse-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
legaldb commented 2026-02-06 17:38:43 +01:00
Member
Copy Link

Legal review in progress.

Legal review [in progress](https://legaldb.suse.de/reviews/details/503885).
report.md
3.5 KiB
legaldb commented 2026-02-07 10:08:15 +01:00
Member
Copy Link

Legal reviewed as acceptable:

Accepted because of no significant difference (503883)
Legal reviewed as [acceptable](https://legaldb.suse.de/reviews/details/503885): ``` Accepted because of no significant difference (503883) ```
report.md
3.4 KiB
legaldb approved these changes 2026-02-07 10:08:15 +01:00
Dismissed
rfrohl commented 2026-02-09 11:00:40 +01:00
First-time contributor
Copy Link

@dheidler If I look at the released branch [0], then it seems that there are part of the changes (mbedtls) already released

[0] https://src.opensuse.org/pool/micropython/src/branch/leap-16.0/micropython.changes

@dheidler If I look at the released branch [0], then it seems that there are part of the changes (mbedtls) already released [0] https://src.opensuse.org/pool/micropython/src/branch/leap-16.0/micropython.changes
rfrohl commented 2026-02-09 13:46:09 +01:00
First-time contributor
Copy Link

@maintenance-release-review: decline

@maintenance-release-review: decline
maintenance-release-review requested changes 2026-02-09 13:54:13 +01:00
maintenance-release-review left a comment
First-time contributor
Copy Link

rfrohl requested changes on behalf of maintenance-release-review. See #3 (comment)

rfrohl requested changes on behalf of maintenance-release-review. See https://src.opensuse.org/pool/micropython/pulls/3#issuecomment-89893
dheidler force-pushed leap-16.0 from 2322691c90 to 2f1f619ea1 2026-02-09 15:57:41 +01:00 Compare
dheidler force-pushed leap-16.0 from 2f1f619ea1 to e86b8ce449 2026-02-09 15:57:55 +01:00 Compare
autogits_workflow_pr_bot requested review from legaldb 2026-02-09 15:58:10 +01:00
autogits_workflow_pr_bot requested review from maintenance-release-review 2026-02-09 15:58:11 +01:00
opensuse-review commented 2026-02-09 15:58:35 +01:00
Member
Copy Link

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @opensuse-review: approve.
To request changes on behalf of the group, create the following comment: @opensuse-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@opensuse-review: approve`. To request changes on behalf of the group, create the following comment: `@opensuse-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
dheidler force-pushed leap-16.0 from e86b8ce449 to 1a105a4362 2026-02-09 16:02:22 +01:00 Compare
dheidler commented 2026-02-09 16:02:43 +01:00
Author
Contributor
Copy Link

@rfrohl please have another look

@rfrohl please have another look
maintenance-release-review commented 2026-02-09 16:05:41 +01:00
First-time contributor
Copy Link

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @maintenance-release-review: approve.
To request changes on behalf of the group, create the following comment: @maintenance-release-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@maintenance-release-review: approve`. To request changes on behalf of the group, create the following comment: `@maintenance-release-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
opensuse-review commented 2026-02-09 16:08:43 +01:00
Member
Copy Link

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @opensuse-review: approve.
To request changes on behalf of the group, create the following comment: @opensuse-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@opensuse-review: approve`. To request changes on behalf of the group, create the following comment: `@opensuse-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
rfrohl commented 2026-02-09 16:16:28 +01:00
First-time contributor
Copy Link

@rfrohl please have another look

looks better, but the tooling still does not like something with the PR. Will have a closer look tomorrow.

> @rfrohl please have another look looks better, but the tooling still does not like something with the PR. Will have a closer look tomorrow.
legaldb commented 2026-02-09 16:17:49 +01:00
Member
Copy Link

Legal reviewed as acceptable:

Accepted because of no significant difference (503885)
Legal reviewed as [acceptable](https://legaldb.suse.de/reviews/details/504159): ``` Accepted because of no significant difference (503885) ```
report.md
3.5 KiB
legaldb approved these changes 2026-02-09 16:17:49 +01:00
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u leap-16.0:dheidler-leap-16.0
git checkout dheidler-leap-16.0
Sign in to join this conversation.
Reviewers
No Reviewers
opensuse-review
maintenance-release-review
legaldb
Labels
Clear labels
legaldb
Critical Priority
Critical legaldb priority
Archived
legaldb
High Priority
2
High legaldb priority
legaldb
Normal Priority
1
Normal legaldb priority
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
adamm_super adrianSuSE autobuild-owner autobuild-review autogits_workflow_pr_bot bigironman dirkmueller eroca factory_bot gitea_test legaldb lkocman-factory maxlin_factory opensuse-review packagehub-review smithfarm
No Assignees
5 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: pool/micropython#3
Delete Branch "dheidler/micropython:leap-16.0"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?