| Message ID | cover.1774391127.git.yoann.congal@smile.fr |
|---|---|
| State | Not Applicable, archived |
| Headers | show |
What happened to [scarthgap][PATCHv2] busybox: fix for CVE-2026-26157, CVE-2026-26158 from Hitendra Prajapati? Den tis 24 mars 2026 kl 23:28 skrev Yoann Congal via lists.openembedded.org <yoann.congal=smile.fr@lists.openembedded.org>: > Those are the patches from the last patch review: > > https://lore.kernel.org/openembedded-core/cover.1773966414.git.yoann.congal@smile.fr/T/#t > > Passed a-full on autobuilder (with an AB-INT): > https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3502 > * qemuarm64-tc failed on what look like the bug 16058 – AB-INT: rust > do_test_compile/do_install segfault > * rebuilt successfully in > https://autobuilder.yoctoproject.org/valkyrie/#/builders/5/builds/3396 > > The following changes since commit > 077f258eb2125359ffe3982c58433ee14cb21f09: > > busybox: Fixes CVE-2025-60876 (2026-03-16 09:21:34 +0000) > > are available in the Git repository at: > > https://git.openembedded.org/openembedded-core-contrib > stable/scarthgap-next > > https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-next > > for you to fetch changes up to 9f2a6cfda6a2305f52411ca8121f27c8a5a91fa2: > > python3-pip: drop unused Windows distlib launcher templates (2026-03-20 > 10:56:43 +0100) > > ---------------------------------------------------------------- > > Ankur Tyagi (2): > wireless-regdb: upgrade 2025.10.07 -> 2026.02.04 > tiff: ignore CVE-2025-61143, CVE-2025-61144 and CVE-2025-61145 > > Daniel Turull (3): > improve_kernel_cve_report: do not override backported-patch > improve_kernel_cve_report: do not use custom version > improve_kernel_cve_report: add option to read debugsources.zstd > > Eduardo Ferreira (1): > go: Fix CVE-2025-61726.patch variable ordering > > Krupal Ka Patel (2): > python3-setuptools: drop Windows launcher executables on non-mingw > builds > python3-pip: drop unused Windows distlib launcher templates > > Martin Jansa (1): > lsb.py: strip ' from os-release file > > Peter Marko (1): > inetutils: patch CVE-2026-28372 > > Ryan Eatmon (1): > oe-setup-build: Fix typo > > Trent Piepho (1): > systemd-systemctl: Fix instance name parsing with escapes or periods > > Vijay Anusuri (3): > freetype: Fix CVE-2026-23865 > python3-pip: Fix CVE-2026-1703 > inetutils: Fix CVE-2026-32746 > > meta/lib/oe/lsb.py | 2 +- > .../inetutils/inetutils/CVE-2026-28372.patch | 86 +++++++++++++++++++ > .../inetutils/inetutils/CVE-2026-32746.patch | 40 +++++++++ > .../inetutils/inetutils_2.5.bb | 2 + > .../systemd/systemd-systemctl/systemctl | 7 +- > .../go/go/CVE-2025-61726.patch | 21 ++--- > .../python/python3-pip/CVE-2026-1703.patch | 37 ++++++++ > .../python/python3-pip_24.0.bb | 13 ++- > .../python/python3-setuptools_69.1.1.bb | 9 ++ > .../freetype/freetype/CVE-2026-23865.patch | 54 ++++++++++++ > .../freetype/freetype_2.13.2.bb | 1 + > ....10.07.bb => wireless-regdb_2026.02.04.bb} | 2 +- > meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | 2 +- > scripts/contrib/improve_kernel_cve_report.py | 37 +++++++- > scripts/oe-setup-build | 2 +- > 15 files changed, 295 insertions(+), 20 deletions(-) > create mode 100644 > meta/recipes-connectivity/inetutils/inetutils/CVE-2026-28372.patch > create mode 100644 > meta/recipes-connectivity/inetutils/inetutils/CVE-2026-32746.patch > create mode 100644 > meta/recipes-devtools/python/python3-pip/CVE-2026-1703.patch > create mode 100644 > meta/recipes-graphics/freetype/freetype/CVE-2026-23865.patch > rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2025.10.07.bb > => wireless-regdb_2026.02.04.bb} (94%) > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#233828): > https://lists.openembedded.org/g/openembedded-core/message/233828 > Mute This Topic: https://lists.openembedded.org/mt/118492584/4947266 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > ernstp@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
On Wed Mar 25, 2026 at 12:12 PM CET, Ernst Persson wrote: > What happened to [scarthgap][PATCHv2] busybox: fix for CVE-2026-26157, > CVE-2026-26158 > from Hitendra Prajapati? It came while I was building this series. I'll include it in the next review cycle. Regards, > Den tis 24 mars 2026 kl 23:28 skrev Yoann Congal via lists.openembedded.org > <yoann.congal=smile.fr@lists.openembedded.org>: > >> Those are the patches from the last patch review: >> >> https://lore.kernel.org/openembedded-core/cover.1773966414.git.yoann.congal@smile.fr/T/#t >> >> Passed a-full on autobuilder (with an AB-INT): >> https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3502 >> * qemuarm64-tc failed on what look like the bug 16058 – AB-INT: rust >> do_test_compile/do_install segfault >> * rebuilt successfully in >> https://autobuilder.yoctoproject.org/valkyrie/#/builders/5/builds/3396 >> >> The following changes since commit >> 077f258eb2125359ffe3982c58433ee14cb21f09: >> >> busybox: Fixes CVE-2025-60876 (2026-03-16 09:21:34 +0000) >> >> are available in the Git repository at: >> >> https://git.openembedded.org/openembedded-core-contrib >> stable/scarthgap-next >> >> https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-next >> >> for you to fetch changes up to 9f2a6cfda6a2305f52411ca8121f27c8a5a91fa2: >> >> python3-pip: drop unused Windows distlib launcher templates (2026-03-20 >> 10:56:43 +0100) >> >> ---------------------------------------------------------------- >> >> Ankur Tyagi (2): >> wireless-regdb: upgrade 2025.10.07 -> 2026.02.04 >> tiff: ignore CVE-2025-61143, CVE-2025-61144 and CVE-2025-61145 >> >> Daniel Turull (3): >> improve_kernel_cve_report: do not override backported-patch >> improve_kernel_cve_report: do not use custom version >> improve_kernel_cve_report: add option to read debugsources.zstd >> >> Eduardo Ferreira (1): >> go: Fix CVE-2025-61726.patch variable ordering >> >> Krupal Ka Patel (2): >> python3-setuptools: drop Windows launcher executables on non-mingw >> builds >> python3-pip: drop unused Windows distlib launcher templates >> >> Martin Jansa (1): >> lsb.py: strip ' from os-release file >> >> Peter Marko (1): >> inetutils: patch CVE-2026-28372 >> >> Ryan Eatmon (1): >> oe-setup-build: Fix typo >> >> Trent Piepho (1): >> systemd-systemctl: Fix instance name parsing with escapes or periods >> >> Vijay Anusuri (3): >> freetype: Fix CVE-2026-23865 >> python3-pip: Fix CVE-2026-1703 >> inetutils: Fix CVE-2026-32746 >> >> meta/lib/oe/lsb.py | 2 +- >> .../inetutils/inetutils/CVE-2026-28372.patch | 86 +++++++++++++++++++ >> .../inetutils/inetutils/CVE-2026-32746.patch | 40 +++++++++ >> .../inetutils/inetutils_2.5.bb | 2 + >> .../systemd/systemd-systemctl/systemctl | 7 +- >> .../go/go/CVE-2025-61726.patch | 21 ++--- >> .../python/python3-pip/CVE-2026-1703.patch | 37 ++++++++ >> .../python/python3-pip_24.0.bb | 13 ++- >> .../python/python3-setuptools_69.1.1.bb | 9 ++ >> .../freetype/freetype/CVE-2026-23865.patch | 54 ++++++++++++ >> .../freetype/freetype_2.13.2.bb | 1 + >> ....10.07.bb => wireless-regdb_2026.02.04.bb} | 2 +- >> meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | 2 +- >> scripts/contrib/improve_kernel_cve_report.py | 37 +++++++- >> scripts/oe-setup-build | 2 +- >> 15 files changed, 295 insertions(+), 20 deletions(-) >> create mode 100644 >> meta/recipes-connectivity/inetutils/inetutils/CVE-2026-28372.patch >> create mode 100644 >> meta/recipes-connectivity/inetutils/inetutils/CVE-2026-32746.patch >> create mode 100644 >> meta/recipes-devtools/python/python3-pip/CVE-2026-1703.patch >> create mode 100644 >> meta/recipes-graphics/freetype/freetype/CVE-2026-23865.patch >> rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2025.10.07.bb >> => wireless-regdb_2026.02.04.bb} (94%) >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#233828): >> https://lists.openembedded.org/g/openembedded-core/message/233828 >> Mute This Topic: https://lists.openembedded.org/mt/118492584/4947266 >> Group Owner: openembedded-core+owner@lists.openembedded.org >> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ >> ernstp@gmail.com] >> -=-=-=-=-=-=-=-=-=-=-=- >> >>
Those are the patches from the last patch review: https://lore.kernel.org/openembedded-core/cover.1773966414.git.yoann.congal@smile.fr/T/#t Passed a-full on autobuilder (with an AB-INT): https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3502 * qemuarm64-tc failed on what look like the bug 16058 – AB-INT: rust do_test_compile/do_install segfault * rebuilt successfully in https://autobuilder.yoctoproject.org/valkyrie/#/builders/5/builds/3396 The following changes since commit 077f258eb2125359ffe3982c58433ee14cb21f09: busybox: Fixes CVE-2025-60876 (2026-03-16 09:21:34 +0000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-next https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-next for you to fetch changes up to 9f2a6cfda6a2305f52411ca8121f27c8a5a91fa2: python3-pip: drop unused Windows distlib launcher templates (2026-03-20 10:56:43 +0100) ---------------------------------------------------------------- Ankur Tyagi (2): wireless-regdb: upgrade 2025.10.07 -> 2026.02.04 tiff: ignore CVE-2025-61143, CVE-2025-61144 and CVE-2025-61145 Daniel Turull (3): improve_kernel_cve_report: do not override backported-patch improve_kernel_cve_report: do not use custom version improve_kernel_cve_report: add option to read debugsources.zstd Eduardo Ferreira (1): go: Fix CVE-2025-61726.patch variable ordering Krupal Ka Patel (2): python3-setuptools: drop Windows launcher executables on non-mingw builds python3-pip: drop unused Windows distlib launcher templates Martin Jansa (1): lsb.py: strip ' from os-release file Peter Marko (1): inetutils: patch CVE-2026-28372 Ryan Eatmon (1): oe-setup-build: Fix typo Trent Piepho (1): systemd-systemctl: Fix instance name parsing with escapes or periods Vijay Anusuri (3): freetype: Fix CVE-2026-23865 python3-pip: Fix CVE-2026-1703 inetutils: Fix CVE-2026-32746 meta/lib/oe/lsb.py | 2 +- .../inetutils/inetutils/CVE-2026-28372.patch | 86 +++++++++++++++++++ .../inetutils/inetutils/CVE-2026-32746.patch | 40 +++++++++ .../inetutils/inetutils_2.5.bb | 2 + .../systemd/systemd-systemctl/systemctl | 7 +- .../go/go/CVE-2025-61726.patch | 21 ++--- .../python/python3-pip/CVE-2026-1703.patch | 37 ++++++++ .../python/python3-pip_24.0.bb | 13 ++- .../python/python3-setuptools_69.1.1.bb | 9 ++ .../freetype/freetype/CVE-2026-23865.patch | 54 ++++++++++++ .../freetype/freetype_2.13.2.bb | 1 + ....10.07.bb => wireless-regdb_2026.02.04.bb} | 2 +- meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | 2 +- scripts/contrib/improve_kernel_cve_report.py | 37 +++++++- scripts/oe-setup-build | 2 +- 15 files changed, 295 insertions(+), 20 deletions(-) create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-28372.patch create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-32746.patch create mode 100644 meta/recipes-devtools/python/python3-pip/CVE-2026-1703.patch create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2026-23865.patch rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2025.10.07.bb => wireless-regdb_2026.02.04.bb} (94%)