[scarthgap] Backport fix for CVE-2026-21441 Python3 urllib3

Return-Path: <adarsh.jagadish.kamini@est.tech>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 04297D44C4B
	for <webhook@archiver.kernel.org>; Thu, 15 Jan 2026 13:33:34 +0000 (UTC)
Received: from DUZPR83CU001.outbound.protection.outlook.com
 (DUZPR83CU001.outbound.protection.outlook.com [52.101.66.37])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.35683.1768484012767352532
 for <openembedded-core@lists.openembedded.org>;
 Thu, 15 Jan 2026 05:33:33 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@est.tech
 header.s=selector1 header.b=Gz11a9hn;
 spf=pass (domain: est.tech, ip: 52.101.66.37,
 mailfrom: adarsh.jagadish.kamini@est.tech)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=H2k8ZCAqr35tD+qdWizJdmfKyChINfkO4R7IIWsS2enS+tKqkiojb8sWiBv1tNeuLzrhpExnjtJPUvMioJkmZadrdmN/jVXq7q9FaLmq0rX2CEcLxfXtooWh4lvHka3OOUtSTUtAXy9EvTh+BXXOWMAVMZ6/v8ITrD6iUwNSSo4TF2GehJJcQMM7g6V/nprrGODUncVmXtdUGw56kyXnwFGWTIWqlBITr6Aoapm8V66VuoZjIvoOdK36pGx+MXt6Ice6eNaUpvvXTqlzEDL0FCQTAeO1iuE/QXOK5I2+75zAKvTyDH9fZgg7J0IE1ikD5MaXnqYozSLHMioGZu7Fng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=1g7XKX8K1EMRRs2BbNobekOqMsag6EIy20lDY2rO6cA=;
 b=p7ur74DYZQA8B/SaFLJlRfEn0CR/X6VHMos1SuNqSPnvnORhsJ5cedkSYNHarSvhdJfVX9Cd0LtvAUjRiMY+gAfzQ4eYJJDorN06SdArr+H/5JA7GNM2Dh2zZy9raODq2fRQgCcaXVFvDpc/i740U61CsVUsFOIADpIqpPy/yrST33NWld5fPkXtstCj3F51xrm9LwMEZ89M5LMsGUe3mEmGREPr1hzdAmE+WI9MhQWhPRkhvk4rz/BVdSE4NA+CI7/TJniMOq/MAbj5sdlqecRCUrlStGihwvqV8F43vK+gj5ur0W744u/2QuvMwwDZX0XT849m7qF3S0UeCEM8RQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech;
 dkim=pass header.d=est.tech; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=1g7XKX8K1EMRRs2BbNobekOqMsag6EIy20lDY2rO6cA=;
 b=Gz11a9hnhW449CROgcVJH3Wyffrk8ackRnhcBXt/pGN/1CPI3VU7JH0ZB2W0RWijgk71lO0qU7R4soRKU+iRQv1Mg/8BtMzMaSNhcvewsCP6n/dImZpNCLESMb+GRyJQdcOt1+z6X11KoLE7TW2PpozbGvGuq1POsd0szMYenL0EMf8TuZuTNJAHtYAWvwjn82KgQJYXc3r4rggHWapwAogeU7hAOsourJUSE/K8oi6AeZYyY4nN0TVOB+QDa7rD9DZKAXZdADPq3PqYQ3A0BGhZ5ePWy7WoyalnsMBvFxsOkh2UtuL6EHeu6IBtcDUlGJxKjdeAWDDcrvdkL2IkZA==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=est.tech;
Received: from AS8P189MB1672.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:396::9)
 by BESP189MB3244.EURP189.PROD.OUTLOOK.COM (2603:10a6:b10:f0::12) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9520.4; Thu, 15 Jan
 2026 13:33:29 +0000
Received: from AS8P189MB1672.EURP189.PROD.OUTLOOK.COM
 ([fe80::f147:85e5:34de:eeff]) by AS8P189MB1672.EURP189.PROD.OUTLOOK.COM
 ([fe80::f147:85e5:34de:eeff%5]) with mapi id 15.20.9520.005; Thu, 15 Jan 2026
 13:33:29 +0000
From: adarsh.jagadish.kamini@est.tech
To: openembedded-core@lists.openembedded.org
CC: david.nystrom@est.tech,
	Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
Subject: [OE-core][scarthgap][PATCH] Backport fix for CVE-2026-21441 Python3
 urllib3
Date: Thu, 15 Jan 2026 14:32:17 +0100
Message-ID: <20260115133246.405765-1-adarsh.jagadish.kamini@est.tech>
X-Mailer: git-send-email 2.43.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
X-ClientProxiedBy: LO4P265CA0244.GBRP265.PROD.OUTLOOK.COM
 (2603:10a6:600:350::10) To AS8P189MB1672.EURP189.PROD.OUTLOOK.COM
 (2603:10a6:20b:396::9)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AS8P189MB1672:EE_|BESP189MB3244:EE_
X-MS-Office365-Filtering-Correlation-Id: 847cb461-d7cb-4e03-8e12-08de543aab1d
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|10070799003;
X-Microsoft-Antispam-Message-Info: 
 EsmWk7G2TQ1etdZBlXbrJ+pbgVU5HbmORznDoERzGlZV+EDC31fo9ZZdYs42RcLCiMeTQu5Tv/VYGpQjo7/tCTmrUuV3Hy+n6532EKNAC+imQ4M6Trn+x2cyDgZ/nc2tHCxbMwLnDFfE2bQgTmK/oI8qlsfRRH1/ZaLrL9lj/seoqvE8JBlgnWdON6WOWC6Cv9czncdokzKgrnNaM/Vt77dFcqVKwaL41sJayo/eO9aAxpYHLrVQDUzVeWJnDqbDTsbLByD4IADxA0n9TcN4F1a+bG+pRILYUge6r/d8oUgktA8hLkXpKU+Ge1OQhRCJFOutXdD6gkUwXPM+2MjgKRRz1sjz6dX95QoQXYTLVe9bxCOIz8EFs4mUX2RzmpusTB9nkwvmXQyfgXxDjzn9qN4iWbVCyVLBc4D7FkMhLNgSi4/pL4fRHi0YkJhYfneHfOcSJV9VGybL9uSljv282QKvuE1BduutL7flVSZCmN9wDrEiwQ/3LHewm5aRcsGxWpM6rGzooP7AbNpxu2FvUE4PkoqrY98/J4Xm5whtKShjOhuZf1aLP84hrCl7QmY64svNy4XhMx7AIkA3xnF+T+FVaH8Q6extLm59lS0wTU2lqehJBkAIn6dkMip/OqLbARkUvPTk9NmTGpjvAlqny6ASku+VtI+nMhsOOD3ET1XrBdvOMHcr0egkJCQB2EiIQc6opCM/5DsJGVq4EZpzHKtm9B6I9gG7I2UwJd/rxFA54HIiEgJtBCe0B8yZ8878DEb7mRLXgLt9w019eEcU0Lw48ctlHV1o1P7DSOoUSSWPkGMKxBLXRNvFW40qezf/fkxIGA2ERAI8c6ytTFqvT8oOiGBwr+STgOPua+lECQndrXpsrsWojE0OJR3cAZWb6tw+IOOq0cHcjrI5USlkIjNgLjIXuMwVST0NP+K6vWNs4WIAJg3dV7F7SNOxaCDpa2k+vK5mr4Fy4cQcO9173JeUXGIuldm4Tbd3Bb+wZMSD8tvb6vPKugjLzFi92FYAVV2SYk2HLp+Z0JnjGTU1VEBMWvtvlxSibD4SFYBOVGUhJ0NZti8ptpPUZNyLoo7azhxgw3pqz8rjFK4OCsjT/7IqX7ROPCnYoJfule6xb4XKosRN5YopCxuPGl4J77oiFCPU9QTSeptJnqK0uAQhsl0JpvF5UMRRMbpNeTqvH9IGYoLUwGULlj5wPFVCh21gtVcY4vUOx8E3NFYDiU/YMM0E7OPMBDJQQGMT1azrF/J0S6gf/HaoCYX+50y/f5CANQOUidMhM1mniutneXVT8QIZhT1TSZEXmHb8GFrGco+57Ooj8NsfkNGQLOVuHQkWu29O5yfct+ezKF8i+1i33kzOsW9WXf24XzhA68L0wVqkhaTlGVoMfwUNtkifQ745wXFq5Y2Oe6zDDYUemasCC7Ehs9k3ej7JEx6ok1hnVje563IT0IZHKqsrrZI0E9/aP/f0rT7W4/WerUW3aZEwydMnYBXJBpoSOxIulpNU/HxmEZS9HYnalnbqeukoM5AH3buwFsesx0jwRZGav5Zjl5urS7kUDBWTh3qtwn/tPfg6cpqQTAK04r19WPxpEKtV
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8P189MB1672.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(10070799003);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2
X-MS-Exchange-AntiSpam-MessageData-0: 
 V/lNrDfzaco6/vUbaEq5Dm7ZbXrJL7D+00rL9gIW0HrAxt4dKJXf4tK2Nhu0M0nVWIkOIrpvjMU2f3ghXS4CMJ+8p5mZGFSwGxDNaftJ1ZtfsBWEWu0cnA1b3iUbK5kBjElQIPxBKMDDzxoYrnSopmgo2y70LX4F/WCIVN5eqkSurp0AbCau9EZ/1KqP/NHLcfhcCB1XraLkxHYhO4kLmWbtfK0Qt6msIWirzTbrbdpsBxuMZlflMYqYUstoSvxfveS8f3iXmHK7BXpAgMJei9ceppcDAZ3ipxPTdo3vSK24piMk9fh9FLVIq0ul+GRLiuSRPF+yyt7cdsce3gi2p4lS4HHCwA0od3XdNOwTkqMBAT6cPMlYL9tIQ+yWcIi2UXjMzxD6nCcPkfs9w+ILsWVJluRbseu9ZQdr9ifdf/QL0ZmAyYn3CnXmUlhrxRFOpPlx8ZE/aazX43zJG6xf8BkKNZ11S3jqsk0/Lul4poLQRiLYv6XkNdq1I5R/WMvxIUd3YNwEkACjjYrduQqc5UGjqLESbuobGPmkmXH1fbf3Y4RzvtFe+VvWpcUH5Dt+W6JbuwWuaSHtdLOjq/L0sFfkC3MTEnmF00t6kch3U/9u8UcutO1zEsBmWvmws5GTVgsADRP//PFpi8KCJxQJZHxHRF9F8GX5W7poPOdzbMHVh2/n4t0sHzmI70naoBuRLGyPp7MNb5smh866rObiYW0nhRtWYLqRUUvnTmKqHxf5HZUvLnCdGkqegwbzOFOVgqU+kA0rCtqSuEqE0mKLH6Do2z+zCTweapZ3LVSmJvI1cqVBN+QGgdlpu9RzqNLmMEFTfC3Qgseo27W2IfqUmVZntMlw1Fnkcq6AqZAh4uotrwyjWCMLcYc0tIJTJOB1qGGU6rnO9vD8OFTKKI9qom0LXbtfd9hgPStxCol827+55eQkdhx0/zQVk0S6OoMyBmQyzTzU8q5YbuR+7QWIr3/dE9SmvtYfsPXHUm6+MWgxggHqecO6VF6GN9WHOieSpmk8uYc2XYPWmcKwf6137WqEBYGLysGb4LHHstOqoBZZxk/tcWNKcO8bddwCpRHyk+JXdmP/cw05pT7fvnx40CQLSMay2faoBljKs/g8CbrQO1f/JeiIsrRl1vtyLhdJmcxppeAbApi77YWEL2axfifAsCytmQgfwuNpVH0MfsBWzp1vTGJYwUsKJ18zlxN/OX2xf0No5lAna9BniowmbX0GAc+CkevsAgrlnepQKGZtRM6I80fqWsRANG1RYnGOwAS/+5A9cahe/ZHqEkZFz55blFrnsikhk3zMe9cTDJsQmZX+xcUndQsTAU3haWyE1re/9poO9m6JNOAGAxh0B/E7nGq4NH785UpHqnFQxAUviZv4vWLVMtr9O0Jt7LETbs5bFxl0Rp2PqqIUcXqvhbduuMqbVbEQvKJLeoihTMpwV3PbODxgZj77ZWnXEmuQDhLlS2YDx7pGOKlTcXgUiIo7RlITZKhNZQYYWnJeITfnycyRc2cU5UnVTx8DR/rjOYST45+K2KsObqEIMla/1VCWxmwEadBiCFAf7JNz94Z94TDAJ5ePz6x20ytLNVlu7zWRKrBO//RiEz72kqV4kK6EdexBNuM8nDZdslB/hFNrXxXDUd0CZ5hgV2l1BcRrYLTMEfuhYOho1voef5292XPqUF23biwxRZImxyf0VKugy6Vvu+McSYOPjz/EdfIzbBWitMT8b0raiZjtuMfOPtW11O1FEqnuXcc42dzBj/MRgC5eIt3JcSFOLOFntbBPUnnig4X2
X-MS-Exchange-AntiSpam-MessageData-1: 
	tKcn//3e606hqUPG/cObJ9Trw8pFSWoLqkAdV8eTPo7eTrWrrKel/z/R
X-OriginatorOrg: est.tech
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 847cb461-d7cb-4e03-8e12-08de543aab1d
X-MS-Exchange-CrossTenant-AuthSource: AS8P189MB1672.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jan 2026 13:33:28.9654
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 K1FU2BasB5+bDIXF+RL61+tDwkADdElAhdzB06FkbvcYmXAwV/bcs3N6puaNrZNrma86foOzQKLxdAGeDb3KkTRXmZyh1Uw9+sUhT7711o8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BESP189MB3244
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 15 Jan 2026 13:33:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229410