[wrynose,2/2] busybox: fix CVE-2026-29004

Return-Path: <Qi.Chen@windriver.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D19A1CD4F3C
	for <webhook@archiver.kernel.org>; Tue, 19 May 2026 05:27:42 +0000 (UTC)
Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com
 [205.220.178.238])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.15124.1779168454994638850
 for <openembedded-core@lists.openembedded.org>;
 Mon, 18 May 2026 22:27:35 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=CV4cwk53;
 spf=permerror,
 err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}:
 invalid domain name (domain: windriver.com, ip: 205.220.178.238,
 mailfrom: prvs=959934a5a1=qi.chen@windriver.com)
Received: from pps.filterd (m0250812.ppops.net [127.0.0.1])
	by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id
 64J5F3mS3001337
	for <openembedded-core@lists.openembedded.org>; Tue, 19 May 2026 05:27:34 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com;
	 h=content-transfer-encoding:content-type:date:from:in-reply-to
	:message-id:mime-version:references:subject:to; s=PPS06212021;
	 bh=rmfm7JNgCSPRwWyTffdo93jh5c/CHWExtvam6ZOZe98=; b=CV4cwk53HQ5G
	R4+DqNCogjrB9gdM0MJnBBKlwempzfyEf0zyQEJ0qz2SQflh+6GanM1VDQz25Wy1
	1wdORp19a4u3dYc5Vs0bEqf4zRNWATWcj+X9y5z4Zlu5FSlbRfqam7SQba2lGaAN
	2BMME53co/Qsh5mM65I7nBdv94pjwE8NezPWxlKX9lvNKTsmNDwap6HEz4u+MU3J
	7AgJTkHKZNyQ4zIsjGdSX8LEK7gC+uzCc/uuuscmwRKnqGQBS2yFKFuMM+l/bf75
	7rGuDGtN+xgcPMJT1mwDbmeqSDaP4gJXMD24ccA3KfOHx17SAL+W8dXdSeVtycLr
	VXv8unJ8pg==
Received: from ch5pr02cu005.outbound.protection.outlook.com
 (mail-northcentralusazon11012061.outbound.protection.outlook.com
 [40.107.200.61])
	by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4e6fj3u2r2-2
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT)
	for <openembedded-core@lists.openembedded.org>;
 Tue, 19 May 2026 05:27:33 +0000 (GMT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=Qil4O7Odze7yhtJ+FbFjJGjdh8smWDmsvpn18oYzbuVV+wb8GgQs0ZXcJKCfbVkR1+Mx6fPVPEPTruZxPDRLjVvPyqe3y8ro31CGEScnOdLklftDqnvh0bEqmdDzWIfrDOM3cvdCXNlkaM0awEF/lbb/yWJ3zjhclnFHc47vIinfyGDZdlkdH9v9HqEKqjYlFbGYthZlZM+xh9BVnr5o/4Xwyqk+O4w2nte1wdNaFq1Vvem+uZxxBSb0HST9kw5o86ihTe63cHEZtzaObfLm6YpRtiKo/TOIBsR/hMmmYdQPUCkuhi0/4tPE80dXOHmLf2ZWV46e1Umbphd64ew1sg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=rmfm7JNgCSPRwWyTffdo93jh5c/CHWExtvam6ZOZe98=;
 b=WlGCIBBDEHYEFdSiQucV8Lti/8iHYE6Jrs+WcoI10dvnyEmKFz7TmLdL8STMNCdNeG0Xl7lB3PbGHDDffRd4NsgTZzL527HerD5Lv7rnGjOvuj/ZK0/nxUr5NfeRo3NNgEu7yYQxGE3mHllUrcfV4Gkp3L/cdRQLMwufj0+ynvSGNng7sT/qZYIhFx6q3ip8ANaQ8fZRM3UonSZ4pOHEGrT/JQBAvY8ltIkrF0pyyr8xNtVWZCmb3bt8PpS6k5HhnU9roELTOadKZbVMrkEZZLbSHPLybSd4HWQ6xS8F5SKvAga9rO5+jQa0EV3eZz517mQVYe/zTXtddpdR26KMRQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=windriver.com; dmarc=pass action=none
 header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none
Received: from PH0PR11MB5611.namprd11.prod.outlook.com (2603:10b6:510:ed::9)
 by DS7PR11MB6221.namprd11.prod.outlook.com (2603:10b6:8:9a::15) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.48.14; Tue, 19 May
 2026 05:27:31 +0000
Received: from PH0PR11MB5611.namprd11.prod.outlook.com
 ([fe80::ecf9:dbb:16bf:5b2d]) by PH0PR11MB5611.namprd11.prod.outlook.com
 ([fe80::ecf9:dbb:16bf:5b2d%4]) with mapi id 15.21.0025.023; Tue, 19 May 2026
 05:27:31 +0000
From: Qi.Chen@windriver.com
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][wrynose][PATCH 2/2] busybox: fix CVE-2026-29004
Date: Tue, 19 May 2026 13:27:11 +0800
Message-Id: <20260519052711.3732145-2-Qi.Chen@windriver.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20260519052711.3732145-1-Qi.Chen@windriver.com>
References: <20260519052711.3732145-1-Qi.Chen@windriver.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-ClientProxiedBy: SG2PR01CA0148.apcprd01.prod.exchangelabs.com
 (2603:1096:4:8f::28) To PH0PR11MB5611.namprd11.prod.outlook.com
 (2603:10b6:510:ed::9)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PH0PR11MB5611:EE_|DS7PR11MB6221:EE_
X-MS-Office365-Filtering-Correlation-Id: 0602f4d2-5a63-40f8-3a91-08deb56752d5
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|366016|52116014|376014|1800799024|22082099003|18002099003|12006099003|56012099003|38350700014|11063799003;
X-Microsoft-Antispam-Message-Info: 
	12mnmW20/MMQ8VRF5D5OUZmc8GseSfO6wuWmV3VRB0e2FmceSfhAtxE+e5R5Zbrj5WP3qMujk/0VLEMFRlR3sj/BOPyIZjvmHmYUqgCsR33AQbplVZRJWPnreg/3UyIrNzDIBRoTCMXdJJQVhAWA7szU4rWueGXneqg68iJ4miJcweRqEyF6fbNZQ57dDekt0LY8DRcYV9F+j6yW+aIqjA5yf73ytSwruql0FCKdc3695m69B8/Q4bAmcMZPGpcHKHD+uYcjilv84b98R+ZbLcAq/meT0OLZZgSGhXtX975P98Qyz11E3tJhnGWmxFW/Am8OPxktA0m4oACTlh6nLsVeYjegmyPJ3dbDSitLwoarBOMq/nbAB9x9Vedrsnbhn3WrYp9Yhll9ORW+CDO59qZY7iZnD8HtURSoqeVWL8pEDGCiwRHOA+nVpm67AtTSoCQE/YSxmuoJGvNPjH0W+6lpwhs4NYb9hGSc9XQyVCr0XV5EYHoHYtpb0gA3ISDaslW0Ta4Id3IMeHsw/Fk3TgCX5X6s9izK3Zpm0dcI7WFcCTlm7lAFIeEI8kXqcStRRz0qqzni1D41RKQ0bsh4wUd6VlY4pYVQnlmYJDxVfEkDHHMebE7tsFRm7RnL5dadIk7fbvCH60kVRvCtMOTzgAlR77LPAXq3xnsvhJqiS7g+qpj3rtNPiXZHg3OWXA/mI4bmxHXqwdZkuBb0cLZ69oJFsTfhh4So6bjCF1QNWf3LgpS5rQywpWnKRYrWRPiQ
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5611.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(52116014)(376014)(1800799024)(22082099003)(18002099003)(12006099003)(56012099003)(38350700014)(11063799003);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 ABzigIyDODBp+dulCC8WwxRUFgb1sME3eEY2x34d0aU3QFN0eXFyBUihXxclGT/NvVDN1zYvutIaFdrHHXNk1YBqDgzfcuRwz6UGxuT/36GEOkMe6F/iy2SWH7KIw70bIu6xOdyPVrEYdeUHNl3WIPr7poC+cywB1PNTUb/bsD3BPcj4yjgzbM883c2zYVD92D3/chiY5Yp2YDmuOBHDUMbghDWhV6XrmGlWaHgbXsRSDzizvc5zxX/Y3owLCUrt/jj7IRmYbGviRq4wC0zp3RhBjl0dS0tLr2h2lUv0w3pQTBjEKspg89HJbsXsC8OHIbWVgDEyKTNPtpw/5TXgmXAWjoL5YdW8dEBsyPa75ETUD7lE8ZPmk1UsGtL6v7ZGkhZs7HCYUXLGoYKAyylDi6recJootpooXSKz1rE5+dTxa3oBvAT+KPcCe+YTIke5LFHIK3K2DeHhCa46r+JiWLO/QSsCS7HwUoJb+sYzCHjKa4KyDABzGfqnwGngvexvbF2Vtptgi1qc27yN01tGNrJuievoKFy6zuskCltd+kZn+24nlu8F+fD0sGKzAmfACIapgMXteRrPusl0M3JgQ1bHSfov2gJ+bE5/ZHoDA2OyzpQQZFLLjHGxIZ7EXYFMupZhzeSBNL5NE9H1oRVLqexCUaKpKVCL4STX4SFzz084DcWW0hScprMM4WqdBOC4wqwEydWMcBzUXxq4HOtmk+NZjekOryeK2gEE1cilmYNmF33O6EZ16Znwgvp90BDEY65VRX2uAmYgEupxnlOvA1GuxBBHIZg6NBJROmOSzvNPRqGetMgrBxBEWRde9CffdKr67Vq2Ot+Q17c5slkJ/9z7nf44z23Ykw+9ITcJWpkQikwx1LNmTY7edCJkfBGPo6hBljfeVQZubmf4GipdJMBOEjbuAC1KXUVhPDNQcMxHfAs/sUmUSLkIzOy1elilg8GADuKsbs4xi9wQKaaOQiWcnrK2L3+usqZCmLzPcqEjstQKep9OJs68VNuUzwoVUT1k05NhEBKemSLRGOxlq3Qd8eqgN0m+gkMicDsaErikPZGBV3IIRvpwiJuO+yuohhFLqvWRaGOSIv2ZS/jw06bOJUcHjfvBj7K4maZASUsMbbK4Ud+5cwxecOtrL5MFFuzr9sg6yHG9NnB5KOw+Y3IInrWAOmWlGpu/tyok4wRiewGyIjgJTltKKLEsiw805aouADbudO0dCJxoYXJYcyPz9cJzUMJkqZdeg2HVPpxr6vgePvjPEIy2s9/IHSTMD/y5tNqwgDs3gr0VTIrtmmFi5EA483XVeav9oJi3vNljGfwJRAW3AY8VbdHG9ZL/KTmPQdgozbPYEsOGr7feMaeX0JzCLcDcsNke7pLDZC88md8i6j2P1j3xlC686LF/2H0s7xgSdZJ2mXJjTmbfpvCiEI4Y451h7zuOUMfuBMZmHVRpFuvemcNpud7ESbqmh7+v5gq6BueEpnJ3ewsYJE3b6pHDJfJy6HUjzGni1HknrU2bpLcmF/x74ERMvAK4uCrwghMfcPsek5LGy/tg+T3T3EuBTO7P/Zug1XyejxradGAoPsNUmMH+k6GSqU4k1V1hK3+1W8+nARy79fQOwzzbclJDpJv8L09INEQ2+yh6XGWThHNWs6+yzbcAc8IsxZQTDxyyv5obKdqjyVhIiSTXFd/DYYE11FW0u4+I6Ox5hsxQ6dZ5gSFIVvFJhdV6a51kOMNvTw0PC85oizVr1g==
X-Exchange-RoutingPolicyChecked: 
	AVche21JIf5+VN8CVgleV0cBBoJDYchiwgz1/0Y4JSfr44bX4T21ACJgDVweZ0BSDopFR03OunZ0GgK5j60F0Yxh9d8Rk+k10LxZ3nkm3rf+903FCOfB10kvx7ygrBHxCpS42o9/jhDVyM0pJ2xmiOA+osVIvdpQ+AqctFDE096KBReqYKQk/2lMxBoXdlZPnQbsa8hSG/vcecP8drR1IOmHGva4yLiNPVsXL412qKM17OWvTpct+nBCIocyk97yDa4m+2jGkCUFsRL7dOufB8oN+bJQZk35OufKV0Ea3bjitojhxU7GSBuJXDF9+Pi99Sat/UsLkbwnnziNAVPQJg==
X-OriginatorOrg: windriver.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 0602f4d2-5a63-40f8-3a91-08deb56752d5
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5611.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 May 2026 05:27:31.0939
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 Ra5jIX4RaPT/7I2mNpTvBq07Y84yPjrRwKC84yf6/5rLvWSdwMcDFH5SmyHkBwQt+bHRN2HD3Q/BRnIK9OkCwg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR11MB6221
X-Proofpoint-GUID: GwB9HO_4oRM_S5HFEGMErzTsIZBnj6-C
X-Proofpoint-ORIG-GUID: GwB9HO_4oRM_S5HFEGMErzTsIZBnj6-C
X-Authority-Analysis: v=2.4 cv=VssTxe2n c=1 sm=1 tr=0 ts=6a0bf4c5 cx=c_pps
 a=1c0oZQ8MA7sDNsoFSDv1iA==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19
 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19
 a=xqWC_Br6kY4A:10 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22
 a=bi6dqmuHe4P4UrxVR6um:22 a=fTW__CHxibyLmBMfj2wP:22 a=PYnjg3YJAAAA:8
 a=NEAV23lmAAAA:8 a=J0Tn2xNtAAAA:8 a=t7CeM3EgAAAA:8 a=mK_AVkanAAAA:8
 a=0ZRd5boCRadUMG0dJzQA:9 a=9ZcRxastL33iXWX1AWsW:22 a=FdTzh2GWekK77mhwV6Dw:22
 a=3gWm3jAn84ENXaBijsEo:22
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTE5MDA1MCBTYWx0ZWRfX07d1jJtSWFvq
 xDDPBcfV0maNLJeWwGo7LXY4aT4XnXfY8QR2lpzq/WEw9z86NE1Es2kAN63YzxbmTQqz+fDX5bF
 /734Ho1p64mSjWxPeLkvG2VIAorv0oneq1U+6TIpO4mZ3SqaSWZ6hmtY/bwnA6qfGy7XWBFSPrP
 X0Le9RZWQ3xbz1P4joigDVQ8VbKorOSmeeQGpJ7t52fyUsTOAwxZKz8LleR/jP5uESO3J8Wd1Gv
 7lDkpbo8/ho8YJplyFuWr/5AXp2TU/gs9xHNqK2vz4iTiwfe4e9o35aBeW5bl3yNnzFbL5cblXE
 ySge3IMtSmC+BrOiYuTRaw6dOgnHiA0Zc1ixk84H/iMhkyqK+kH7UMofit7wKsOU0UC8qLhLlwZ
 q03ThnsiHJ7JfsfmDHhP6FJuncYyowymjtteDVC97wRiJdXRlVS737aToqxdwNDYd+rhkE2L6Ya
 6xVAZuGvkgdatCRRT4g==
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49
 definitions=2026-05-19_02,2026-05-18_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 impostorscore=0 suspectscore=0 lowpriorityscore=0 malwarescore=0 phishscore=0
 adultscore=0 spamscore=0 bulkscore=0 clxscore=1015 priorityscore=1501
 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0
 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605190050
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 19 May 2026 05:27:42 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/237268