From patchwork Tue Jan 13 06:35:42 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 78548
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C80A6D29DCC
	for <webhook@archiver.kernel.org>; Tue, 13 Jan 2026 06:35:49 +0000 (UTC)
Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com
 [209.85.221.47])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.53746.1768286148560156275
 for <openembedded-devel@lists.openembedded.org>;
 Mon, 12 Jan 2026 22:35:48 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=FPytcs67;
 spf=pass (domain: gmail.com, ip: 209.85.221.47,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wr1-f47.google.com with SMTP id
 ffacd0b85a97d-432d28870ddso2665502f8f.3
        for <openembedded-devel@lists.openembedded.org>;
 Mon, 12 Jan 2026 22:35:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1768286147; x=1768890947;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=I75k2+S0AqK7+khywr98UO0v9rjtj12ruP0i9aFZa3s=;
        b=FPytcs67pm0sd0ogmydNFbetl9Pk/8naKXfqdpsRp51Rgg27ebiUyUJNXAcjYhHSdP
         sqilGKmGH4WkagxYuVHvO2B/RUOAjb6uQK/JMyfoBRqx+Bk2VTCG1U9hYMEWGMX+uHPj
         g9XGGAgmGMNgJ4Z9hZBlHiXyx5bhcW4x9BWV+6VwlhLdkn2o6zWlQp87+NnbwlbSs7lz
         QLxoYZFthIW7UwpUq1ciZTmLm/n6ZOT+LGNlu4U44EbQZn7PDspbq4v4EZyxj/5u+jYG
         YtAEn7Klz5W7qji1sordkyBVP8tlXYsnjp232tTcgt8CEqhY2ZgyAwMIzygUib25Zp+H
         8yhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768286147; x=1768890947;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=I75k2+S0AqK7+khywr98UO0v9rjtj12ruP0i9aFZa3s=;
        b=M67Ij4ABnO2HHUrH3uPKL9lpYOPCUUxmCjZj9cRzDWkf1oMegwFpSIkUPlA0CFe1XV
         zjZYQgEY2cv0CfOgcnNxhkL52TR5+jFcfw8bi9KLFmEmVPZv2ERaYyPnNnXASiWsnzcK
         AVK/jl95VJr9aEnRZT9Qnna1FQ885ZFscCg32SWrNEjXWHwrTObQZwkKNk8Avs/r6iH2
         J1QWHQ9O1dpOtJlqk/llCx0TdZeipF3ZY4CeWrX54pu6+8Ew4f4rJfBYc5XlzOT2+KDE
         rFIOcxQaXS9wSXBsbLTXegDN/TSRlKuDjKhcl121ByuiGOfUVXsijnZUPbBstjXO0KAf
         gkMA==
X-Gm-Message-State: AOJu0YzpOEVUvlA4/E+VYUNpggxBh4UxqQettHfLNuwh+YgEqIqoC13U
	gUvm9TYsTf+ylIhRVgwb0qQxqRjFZjGaBx2Rek5wQStmfUs/ECX+9Ivx+GU9Rg==
X-Gm-Gg: AY/fxX6qIo5+HyZ8LpjjAVpBFTQmAcNyyaUWca4Tir6FEAVgs+j6LlgovV7RPHD9X18
	p+UwziCVTlnDGVSTGW1u7l2hryt2+84O9m0QuKIlzEhGbvLE234vSjgWAcmZQeWDLBXcKsicUFi
	9h6vXWTGvFOhti45TtJTlU7xZxkoN51pFTINs8HE6GVilH6/xuFZcj2pqBsXqI72Cc84Xm4dStA
	h+GIgqbgtB0hF/yuL65HQSfVsbiZUrrxN7m0Z9oe7nNxxOOAHsDjp2YO8+4FqrXBu3gN8E+gx+e
	2eLQmWTmPkICsdlvlosYY/W6cd7BBwNAIMVYaKChPku4oVWF8/lAVOzYL9B6OQniqrstU99Z8RK
	WJ6pMdb3mB28GrnQf/ldRvYdUdj4GaV7LlCRchWZcY6cf+j4SYp44tOamFm3dULuZ/XW4dZqzq3
	92KU05gJuA
X-Google-Smtp-Source: 
 AGHT+IEV46T8EhQN4iCCGofZVVsNLReL4ezi6mftPiKbbqh7KnSYfoo0mu2hFcNp/L7z2FPENbUkdw==
X-Received: by 2002:a05:6000:2282:b0:431:a0:7de0 with SMTP id
 ffacd0b85a97d-432c374fd9amr24071257f8f.35.1768286146805;
        Mon, 12 Jan 2026 22:35:46 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-432bd5edb7esm42273385f8f.30.2026.01.12.22.35.46
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 12 Jan 2026 22:35:46 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-python][kirkstone][PATCH 1/5] python3-eventlet: upgrade 0.33.0
 -> 0.33.3
Date: Tue, 13 Jan 2026 07:35:42 +0100
Message-ID: <20260113063546.1497839-1-skandigraun@gmail.com>
X-Mailer: git-send-email 2.52.0
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 13 Jan 2026 06:35:49 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/123396

Bugfix releases.

Changelog:
0.33.3:
* dnspython 2.3.0 raised AttributeError: module 'dns.rdtypes' has no
  attribute 'ANY' https://github.com/eventlet/eventlet/issues/781

0.33.2:
* greenio: GreenPipe/fdopen() with 'a' in mode raised io.UnsupportedOperation:
  File or stream is not writable https://github.com/eventlet/eventlet/pull/758

0.33.1:
* Prevent deadlock on logging._lock https://github.com/eventlet/eventlet/issues/742

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../{python3-eventlet_0.33.0.bb => python3-eventlet_0.33.3.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-eventlet_0.33.0.bb => python3-eventlet_0.33.3.bb} (80%)

diff --git a/meta-python/recipes-devtools/python/python3-eventlet_0.33.0.bb b/meta-python/recipes-devtools/python/python3-eventlet_0.33.3.bb
similarity index 80%
rename from meta-python/recipes-devtools/python/python3-eventlet_0.33.0.bb
rename to meta-python/recipes-devtools/python/python3-eventlet_0.33.3.bb
index 6a4449cf55..c1256661b4 100644
--- a/meta-python/recipes-devtools/python/python3-eventlet_0.33.0.bb
+++ b/meta-python/recipes-devtools/python/python3-eventlet_0.33.3.bb
@@ -4,7 +4,7 @@ SECTION = "devel/python"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=56472ad6de4caf50e05332a34b66e778"
 
-SRC_URI[sha256sum] = "80144f489c1bb273a51b6f96ff9785a382d2866b9bab1f5bd748385019f4141f"
+SRC_URI[sha256sum] = "722803e7eadff295347539da363d68ae155b8b26ae6a634474d0a920be73cfda"
 
 inherit pypi setuptools3
 

From patchwork Tue Jan 13 06:35:43 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 78549
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C6E34D29DD7
	for <webhook@archiver.kernel.org>; Tue, 13 Jan 2026 06:35:49 +0000 (UTC)
Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com
 [209.85.221.48])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.53747.1768286149169454444
 for <openembedded-devel@lists.openembedded.org>;
 Mon, 12 Jan 2026 22:35:49 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=cXrvb0OJ;
 spf=pass (domain: gmail.com, ip: 209.85.221.48,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wr1-f48.google.com with SMTP id
 ffacd0b85a97d-432755545fcso4190014f8f.1
        for <openembedded-devel@lists.openembedded.org>;
 Mon, 12 Jan 2026 22:35:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1768286147; x=1768890947;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=DMSI60NZYnpVdFSQs1/81t5KEzgOhF4sWe/TgvpNTk8=;
        b=cXrvb0OJObq6uVqiaZYVTKxGBxa8yniE88TSuLSLy4s1GdTGjmuzLXdKUJEwr+p9T3
         j1ibBfc4VsRMkiz0A6eQVUVoi0UEQzjfVjZlc6I13q2eRrAAO1lfncm9gIyAFv2A41gA
         K/Zoa3iFV8s9t8UnL6UK8BxcS1KqrGMTwXvjWsWqj9YNcUl5YrkQHAJPKSVIRoVxu2Vt
         mSa1mZBX6OsnfB52QkCvXKImI8q14pFtdAEiX80bOgVew8EVrfUA7CUsjBPvG9nuNWSP
         ugjcHvRz7QtO4xdklWhBbxBxV6UTy/wD7QHvAIKWff7Mi++D9o/ROSQjlLcatPIa9fK1
         f/Aw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768286147; x=1768890947;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=DMSI60NZYnpVdFSQs1/81t5KEzgOhF4sWe/TgvpNTk8=;
        b=r4IUrH1jc6QFbo7O3C3AnHSrpHQqYiBpVyokBuZsoqz7UjceJLxsVBYYAvjGrLSwOm
         Ab4R99+0BMiD3QBhdNqDfSnlQdoGB7EmnVuyBbHK4YOR1Wa4FGrjVeyWoC51UtDcn6NX
         IC3giMcntRht00NPqGDFLPggHwIZDRwKK3q/cGL75QuOkz8L9swg5zj09Il7P0+rOSd+
         ithwSKzadPMHMHyqiWVdC4pn+OGpuLDWx8FOQcE9Gx7SLgaBERNp2nqi0SBfMccs4SCp
         +Ljkecql+zkNyAbiEk1yYgXxsG56P0hxXDLItHeiELmBk1bOdhxemQlHhO3sC5MjoPtx
         w27A==
X-Gm-Message-State: AOJu0YyZWu70Kryy42KgVSwzIr8+GK+/QwkZnKZeE+SDWto0KOonLE/E
	KsPrknssXU3jyn7vHMoRyqXA1iG/KuF1is0s4W5O74uvOx8XbSqYhYV47qrvKQ==
X-Gm-Gg: AY/fxX43VAY8XOIeRvXN7r2JpZt1uSwcGqN9m179yZNHwk4a6DCQ1rtvC9vj+QlaPdl
	bzW3myhotS4CrMZNsnssvvkfgWGQqo72g8Mk3lr/4nLmQ96MGiOTT4Ytd5YgOCLrt7RbkBgbqMx
	5U04sevC362abXewXml5se2d6h48/qj8Z2SbiwbZDX918n22IrfbHrcy3jMznerShaGoGt0Yrtc
	bm4mi+7ZKxXr+2SH79s27oiO6jeFUL4JwUyZXowIai8toO09YGdV1LHMSH/qmCHJcy5vXU4ut9A
	ju+CySixiey25eA/pqviBtjWm1SpnLMOod3EvurZU9RfT4rmejDySylNZr0r4u4U7traMU+lIqs
	ER4pZVkvt3JtCAN8ViogSxLV9i1DKa6my8XOSd691uGW4TkEfYi+XVF8jRJGaI5rjyHdkLM/g08
	MO6OOvy+MU
X-Google-Smtp-Source: 
 AGHT+IHZq5kibQuHThvQs/rBaqVeoaJhou4roLrFJahr2o+UhSCAToVVpu/0rO6Cyyw5D/5b6QwXTg==
X-Received: by 2002:a05:6000:2404:b0:432:dfea:1fb8 with SMTP id
 ffacd0b85a97d-432dfea2242mr13457645f8f.27.1768286147488;
        Mon, 12 Jan 2026 22:35:47 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-432bd5edb7esm42273385f8f.30.2026.01.12.22.35.46
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 12 Jan 2026 22:35:47 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-python][kirkstone][PATCH 2/5] python3-eventlet: patch
 CVE-2025-58068
Date: Tue, 13 Jan 2026 07:35:43 +0100
Message-ID: <20260113063546.1497839-2-skandigraun@gmail.com>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260113063546.1497839-1-skandigraun@gmail.com>
References: <20260113063546.1497839-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 13 Jan 2026 06:35:49 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/123397

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-58068

Pick the patch mentioned in the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../python3-eventlet/CVE-2025-58068.patch     | 41 +++++++++++++++++++
 .../python/python3-eventlet_0.33.3.bb         |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta-python/recipes-devtools/python/python3-eventlet/CVE-2025-58068.patch

diff --git a/meta-python/recipes-devtools/python/python3-eventlet/CVE-2025-58068.patch b/meta-python/recipes-devtools/python/python3-eventlet/CVE-2025-58068.patch
new file mode 100644
index 0000000000..3fc7cb1b54
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-eventlet/CVE-2025-58068.patch
@@ -0,0 +1,41 @@
+From 4e151d13a160e4d2a98dc77d32e5c3fe2c42f2b9 Mon Sep 17 00:00:00 2001
+From: sebsrt <s@sebsrt.xyz>
+Date: Mon, 11 Aug 2025 11:46:28 +0200
+Subject: [PATCH] Fix request smuggling vulnerability by discarding trailers
+ (#1062)
+
+The WSGI parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. This patch fix that by discarding trailers.
+
+CVE: CVE-2025-58068
+Upstream-Status: Backport [https://github.com/eventlet/eventlet/commit/0bfebd1117d392559e25b4bfbfcc941754de88fb]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ eventlet/wsgi.py | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/eventlet/wsgi.py b/eventlet/wsgi.py
+index 7ef0254..fb0d805 100644
+--- a/eventlet/wsgi.py
++++ b/eventlet/wsgi.py
+@@ -154,6 +154,12 @@ class Input(object):
+             read = b''
+         self.position += len(read)
+         return read
++    
++    def _discard_trailers(self, rfile):
++        while True:
++            line = rfile.readline()
++            if not line or line in (b'\r\n', b'\n', b''):
++                break
+ 
+     def _chunked_read(self, rfile, length=None, use_readline=False):
+         if self.should_send_hundred_continue:
+@@ -204,7 +210,7 @@ class Input(object):
+                         raise ChunkReadError(err)
+                     self.position = 0
+                     if self.chunk_length == 0:
+-                        rfile.readline()
++                        self._discard_trailers(rfile)
+         except greenio.SSL.ZeroReturnError:
+             pass
+         return b''.join(response)
diff --git a/meta-python/recipes-devtools/python/python3-eventlet_0.33.3.bb b/meta-python/recipes-devtools/python/python3-eventlet_0.33.3.bb
index c1256661b4..12ee39aee9 100644
--- a/meta-python/recipes-devtools/python/python3-eventlet_0.33.3.bb
+++ b/meta-python/recipes-devtools/python/python3-eventlet_0.33.3.bb
@@ -4,6 +4,7 @@ SECTION = "devel/python"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=56472ad6de4caf50e05332a34b66e778"
 
+SRC_URI += "file://CVE-2025-58068.patch"
 SRC_URI[sha256sum] = "722803e7eadff295347539da363d68ae155b8b26ae6a634474d0a920be73cfda"
 
 inherit pypi setuptools3

From patchwork Tue Jan 13 06:35:44 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 78550
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A9E94D29DD8
	for <webhook@archiver.kernel.org>; Tue, 13 Jan 2026 06:35:59 +0000 (UTC)
Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com
 [209.85.221.44])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.53378.1768286149933901393
 for <openembedded-devel@lists.openembedded.org>;
 Mon, 12 Jan 2026 22:35:50 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=YsTfFDfq;
 spf=pass (domain: gmail.com, ip: 209.85.221.44,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wr1-f44.google.com with SMTP id
 ffacd0b85a97d-432d256c2a9so3586328f8f.3
        for <openembedded-devel@lists.openembedded.org>;
 Mon, 12 Jan 2026 22:35:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1768286148; x=1768890948;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=oQLsxpVSgzIjzaVJ4xSb/5h5HjbmI6AZlAT8CZEUWwg=;
        b=YsTfFDfqRR0Sbz7A9C1Lwnt1WQ8DM2i+TMMGiIQe1gIjR8SyKyScf318eHGsEra8B4
         cEfSSfiNRuH9GUoRvy9jvspIfdAjsidsInqqQ0hEZQwJ4kfkmlG8a3Iro6Hgeow1kRQf
         OjBlICArU91E45rdTiJPt5nP7uyKQVKyjEGw4wyFxj8foB9hqeH9dV4yZiJzkwkjFh1F
         j+WOdN9r9YYpyzwPiMzZvv2jAuGBduJl6uX7aK2rPweAPUxJNfsJZ48R3d1Ho0ijWzq7
         dl9Rdz4IItcv0ipFjc4XEBq9l7XRNTvnUU3c8ozskS5Z9qE9xH7Gw0qU5o0zQg4nEzLW
         7/VQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768286148; x=1768890948;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=oQLsxpVSgzIjzaVJ4xSb/5h5HjbmI6AZlAT8CZEUWwg=;
        b=o/Pe6c+S+s/gyAICvUY9ntObDhjnDYRe/sJh85Xcd2FSVcJpta+CQuUD/peEFj1ZlZ
         IfcNcBSX+Do9o8Wwono+DugK/ebGDAGCHZJL/R/nhEgdFUA1IAa/WAW/qth1wDA0b27Y
         6/FdebSJrlEL2//ZbdyrRFOkyUpWvMIm7BesJ9/+VcdT0l+4/zda8lG4yhfPsGmAD8UN
         0OvnQcnylGWKKEvDUndYt8lgYyBESbuW56asX0mvK6TJdk+Fz/517ZRJH4ALb6bZ0x+h
         4v13xGdPXmS3boZyA7H+7Qtn7IpMOlms63TOf6RWPN9YjeyFwxFWJ4kcBQg7Zd4ZdhQx
         dvxA==
X-Gm-Message-State: AOJu0Yzt05a73QThc+H2iiMand0yAtx8fXLN+RobNoTHmum24TY4Wsq9
	O/UvEKVrrTpHpz9SVTqOyPY4xEO72I94+Suoi9KOnhAqYaMMOttRYLgtKa60hQ==
X-Gm-Gg: AY/fxX6vuAtNU+2pwzezIwpxyApW+V0NH0c7DlOMHuE6N3r3Ax4tAVQBUUWU1/vUFw5
	6/nOGZahO1wNxKIb3miwsmQEjYG6hC9ZWurwYsm8yEQ7ECDUC79h8s6cIkGUlhBY3Urgy/gD3KZ
	oHEgrpkK22jN4+tD9CdhwUfHZVGm/ol+l0q2WTeJo+I/3Z5tN6AFmYJI9jp0q6bKbmsF9RQyTDa
	U9xneYgpjTJVzlKX56qLiQ5na5iMOzlSMRWUaMeaVfi1M474HDBjfZi/BSErkAmnOF9rYhmySEc
	pVCkS5iUWe2492N1LUVJbKj9bzpZAPHoceE3mOaYUv1WIc+o2FWsVxDghoz5tBN34XbpP8pWivv
	gpSkdF3UMqvHbWslRyT4d5MmpXoMQzQcgiV/jS/PTB1GwHzH9veM7rQDV93LLrUeYSBRzs522c8
	1nsAfEZ54F
X-Google-Smtp-Source: 
 AGHT+IH9RsXlW05ViRwcUt4frfx0jGIFAUSxDsqPZCC6u3l3giqlJFFyjJYGNUxJpiecY1F9CWObjQ==
X-Received: by 2002:a05:6000:26c2:b0:430:fdfc:7dd0 with SMTP id
 ffacd0b85a97d-432c37a36e7mr24641120f8f.63.1768286148175;
        Mon, 12 Jan 2026 22:35:48 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-432bd5edb7esm42273385f8f.30.2026.01.12.22.35.47
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 12 Jan 2026 22:35:47 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-python][kirkstone][PATCH 3/5] python3-ldap: patch
 CVE-2025-61911
Date: Tue, 13 Jan 2026 07:35:44 +0100
Message-ID: <20260113063546.1497839-3-skandigraun@gmail.com>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260113063546.1497839-1-skandigraun@gmail.com>
References: <20260113063546.1497839-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 13 Jan 2026 06:35:59 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/123398

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61911

Pick the patch referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../python/python3-ldap/CVE-2025-61911.patch  | 41 +++++++++++++++++++
 .../python/python3-ldap_3.4.0.bb              |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta-networking/recipes-devtools/python/python3-ldap/CVE-2025-61911.patch

diff --git a/meta-networking/recipes-devtools/python/python3-ldap/CVE-2025-61911.patch b/meta-networking/recipes-devtools/python/python3-ldap/CVE-2025-61911.patch
new file mode 100644
index 0000000000..39426268ac
--- /dev/null
+++ b/meta-networking/recipes-devtools/python/python3-ldap/CVE-2025-61911.patch
@@ -0,0 +1,41 @@
+From ecbd037205723884036b4a467c19d7904b8b6cee Mon Sep 17 00:00:00 2001
+From: lukas-eu <62448426+lukas-eu@users.noreply.github.com>
+Date: Fri, 10 Oct 2025 19:47:46 +0200
+Subject: [PATCH] Merge commit from fork
+
+CVE: CVE-2025-61911
+Upstream-Status: Backport [https://github.com/python-ldap/python-ldap/commit/3957526fb1852e84b90f423d9fef34c7af25b85a]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ Lib/ldap/filter.py     | 2 ++
+ Tests/t_ldap_filter.py | 4 ++++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/Lib/ldap/filter.py b/Lib/ldap/filter.py
+index 782737a..5bd41b2 100644
+--- a/Lib/ldap/filter.py
++++ b/Lib/ldap/filter.py
+@@ -24,6 +24,8 @@ def escape_filter_chars(assertion_value,escape_mode=0):
+       If 1 all NON-ASCII chars are escaped.
+       If 2 all chars are escaped.
+   """
++  if not isinstance(assertion_value, str):
++    raise TypeError("assertion_value must be of type str.")
+   if escape_mode:
+     r = []
+     if escape_mode==1:
+diff --git a/Tests/t_ldap_filter.py b/Tests/t_ldap_filter.py
+index 313b373..5431205 100644
+--- a/Tests/t_ldap_filter.py
++++ b/Tests/t_ldap_filter.py
+@@ -49,6 +49,10 @@ class TestDN(unittest.TestCase):
+             ),
+             r'\c3\a4\c3\b6\c3\bc\c3\84\c3\96\c3\9c\c3\9f'
+         )
++        with self.assertRaises(TypeError):
++            escape_filter_chars(["abc@*()/xyz"], escape_mode=1)
++        with self.assertRaises(TypeError):
++            escape_filter_chars({"abc@*()/xyz": 1}, escape_mode=1)
+ 
+     def test_escape_filter_chars_mode2(self):
+         """
diff --git a/meta-networking/recipes-devtools/python/python3-ldap_3.4.0.bb b/meta-networking/recipes-devtools/python/python3-ldap_3.4.0.bb
index 4299058315..59ced40021 100644
--- a/meta-networking/recipes-devtools/python/python3-ldap_3.4.0.bb
+++ b/meta-networking/recipes-devtools/python/python3-ldap_3.4.0.bb
@@ -13,6 +13,7 @@ PYPI_PACKAGE = "python-ldap"
 
 inherit pypi setuptools3
 
+SRC_URI += "file://CVE-2025-61911.patch"
 SRC_URI[sha256sum] = "60464c8fc25e71e0fd40449a24eae482dcd0fb7fcf823e7de627a6525b3e0d12"
 
 do_configure:prepend() {

From patchwork Tue Jan 13 06:35:45 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 78551
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B86A0D29DDB
	for <webhook@archiver.kernel.org>; Tue, 13 Jan 2026 06:35:59 +0000 (UTC)
Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com
 [209.85.128.42])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.53379.1768286150622724665
 for <openembedded-devel@lists.openembedded.org>;
 Mon, 12 Jan 2026 22:35:50 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=Bz3hTAry;
 spf=pass (domain: gmail.com, ip: 209.85.128.42,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f42.google.com with SMTP id
 5b1f17b1804b1-47755de027eso41104815e9.0
        for <openembedded-devel@lists.openembedded.org>;
 Mon, 12 Jan 2026 22:35:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1768286149; x=1768890949;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=4hffrS6vYRFJMjiwY9lHkR3EsEmk5fNt9dFY4HI+MXE=;
        b=Bz3hTAry0tYFx3CdTLBOBUNypOH1Wh1C1stKY9nixmvDAx3ctbjY3ClXlamZ3/LhBo
         lwegF1g4ESYUJcaoh6sh06DhbzzJAue9Hqbp8TV058imKDt8OsfJxYuHTxRm/1QCSsUb
         CwU1+3Ba8YtEdpCmr9DVb0QBU7qPyggOavx448tlSKtyyVxbdwWLQfVuRZAnX6Fqw3lZ
         31kvx6ErqdD7ODzHj1350kjQMEQTakaKk7VWVmSp9VpNJYBmbic3nOKSfwSaAXqXpgRX
         prAMgeqgD+Asop2vGUGZLDo/9Mn3zZdseOfA3Psv5UNrsXe+hK0BdRQi6MYzAh8rT5JC
         pnJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768286149; x=1768890949;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=4hffrS6vYRFJMjiwY9lHkR3EsEmk5fNt9dFY4HI+MXE=;
        b=c8uT7sRpAO5m8Ex84fZfOAaDtQRxKmtdaZKjxDKwh8OaoYPAfvqS6k12/67q9IaEgv
         A+HavBpqVso70k/9N8BCVdIo0mPnkwHVEk4txkNit64ZgVCMKeZlai1mv+lmtC/RBtLo
         BP+cdAUXDn02EHgFHdSVUx0sryBmizde1MVJ1RLHOld80qWg3oVIwglopccL9T2BGxld
         nAydrsGct8DT4qiCC6VR2NTOJ/e83udR7S3YPzx+m81I5y9HOOStHBKwndUEwUyLXbhj
         GInNL3UuWziC9Gr9jxEakTuQgOlncuYQo1rKVE7g6bpTdNhlFMz53BSGR4fmhYwNuzxS
         s4zg==
X-Gm-Message-State: AOJu0YzTdQ/IoNreEzcyJ3qjNjWkJ7Z87fUSJmFUJC2uTvzp0QV1Ib0c
	TxSwTcvIO5XdcZQ4nv8KF5uUffCdOaHiSw7cM3BRK7/QjAuyGIj+CXpC7ihMOw==
X-Gm-Gg: AY/fxX7YTx8korRa0K5WqtPS+HdquRz0HXkB61Pvmlhv6uAJHSmu8AMag3K8wq1skeS
	dkUWXVHDVsTDFWnsBSMXFcE5RFXdKlfYzAdSoHGi1QypYrDlCTbrrx+Qmg2X1ArY88gbrTfbinR
	HikFlR2NlKujYaVkW9dpjJWkoSXxhRUI+Szmet5WlIT4dh8lU2EZB1kIhffuxhqqkl6ID3yrEcZ
	uZl5NqUz/7+sYz+rhpwqqs9rKQR8NO7tnY06s6V3gDXpQsndY893EDMYAXdgHnlgcQlglmaI6vq
	0SS02MqzEmEAL22aMJuXzNDOYRQp+LLOSgfBZKWLbt6t9EXps6l0xScWs1x/WXBygfJSRsujGLM
	yrSD++5LsTdPDmgebU6OJATSjUSdTHl9iXe5qYQavbEysZpcFXdkViDuaUwoTNCqYJsaC6FaQXR
	POF0QQrKlB
X-Google-Smtp-Source: 
 AGHT+IF0yIuf4SbNRyez/c87E39cxuAkRnd4ZT514CEPtr1PhogpF0EKXAPKnfhOBa52itnM6+Vdcg==
X-Received: by 2002:a05:600c:a102:b0:477:7a53:f493 with SMTP id
 5b1f17b1804b1-47d84b32793mr205006755e9.23.1768286148881;
        Mon, 12 Jan 2026 22:35:48 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-432bd5edb7esm42273385f8f.30.2026.01.12.22.35.48
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 12 Jan 2026 22:35:48 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-python][kirkstone][PATCH 4/5] python3-ldap: patch
 CVE-2025-61912
Date: Tue, 13 Jan 2026 07:35:45 +0100
Message-ID: <20260113063546.1497839-4-skandigraun@gmail.com>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260113063546.1497839-1-skandigraun@gmail.com>
References: <20260113063546.1497839-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 13 Jan 2026 06:35:59 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/123399

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61912

Pick the patch that's mentioned by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../python/python3-ldap/CVE-2025-61912.patch  | 42 +++++++++++++++++++
 .../python/python3-ldap_3.4.0.bb              |  3 +-
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 meta-networking/recipes-devtools/python/python3-ldap/CVE-2025-61912.patch

diff --git a/meta-networking/recipes-devtools/python/python3-ldap/CVE-2025-61912.patch b/meta-networking/recipes-devtools/python/python3-ldap/CVE-2025-61912.patch
new file mode 100644
index 0000000000..1e3940e662
--- /dev/null
+++ b/meta-networking/recipes-devtools/python/python3-ldap/CVE-2025-61912.patch
@@ -0,0 +1,42 @@
+From b80ba3e3b41859bfc79830b726e95e457502ca00 Mon Sep 17 00:00:00 2001
+From: Simon Pichugin <simon.pichugin@gmail.com>
+Date: Fri, 10 Oct 2025 10:46:45 -0700
+Subject: [PATCH] Merge commit from fork
+
+Update tests to expect \00 and verify RFC-compliant escaping
+
+CVE: CVE-2025-61912
+Upstream-Status: Backport [https://github.com/python-ldap/python-ldap/commit/6ea80326a34ee6093219628d7690bced50c49a3f]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ Lib/ldap/dn.py     | 3 ++-
+ Tests/t_ldap_dn.py | 2 +-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/Lib/ldap/dn.py b/Lib/ldap/dn.py
+index a9d9684..8d40673 100644
+--- a/Lib/ldap/dn.py
++++ b/Lib/ldap/dn.py
+@@ -26,7 +26,8 @@ def escape_dn_chars(s):
+     s = s.replace('>' ,'\\>')
+     s = s.replace(';' ,'\\;')
+     s = s.replace('=' ,'\\=')
+-    s = s.replace('\000' ,'\\\000')
++    # RFC 4514 requires NULL (U+0000) to be escaped as hex pair "\00"
++    s = s.replace('\x00' ,'\\00')
+     if s[-1]==' ':
+       s = ''.join((s[:-1],'\\ '))
+     if s[0]=='#' or s[0]==' ':
+diff --git a/Tests/t_ldap_dn.py b/Tests/t_ldap_dn.py
+index 86d3640..7c04777 100644
+--- a/Tests/t_ldap_dn.py
++++ b/Tests/t_ldap_dn.py
+@@ -49,7 +49,7 @@ class TestDN(unittest.TestCase):
+         self.assertEqual(ldap.dn.escape_dn_chars(' '), '\\ ')
+         self.assertEqual(ldap.dn.escape_dn_chars('  '), '\\ \\ ')
+         self.assertEqual(ldap.dn.escape_dn_chars('foobar '), 'foobar\\ ')
+-        self.assertEqual(ldap.dn.escape_dn_chars('f+o>o,b<a;r="\00"'), 'f\\+o\\>o\\,b\\<a\\;r\\=\\"\\\x00\\"')
++        self.assertEqual(ldap.dn.escape_dn_chars('f+o>o,b<a;r="\00"'), r'f\+o\>o\,b\<a\;r\=\"\00\"')
+         self.assertEqual(ldap.dn.escape_dn_chars('foo\\,bar'), 'foo\\\\\\,bar')
+ 
+     def test_str2dn(self):
diff --git a/meta-networking/recipes-devtools/python/python3-ldap_3.4.0.bb b/meta-networking/recipes-devtools/python/python3-ldap_3.4.0.bb
index 59ced40021..b2361608aa 100644
--- a/meta-networking/recipes-devtools/python/python3-ldap_3.4.0.bb
+++ b/meta-networking/recipes-devtools/python/python3-ldap_3.4.0.bb
@@ -13,7 +13,8 @@ PYPI_PACKAGE = "python-ldap"
 
 inherit pypi setuptools3
 
-SRC_URI += "file://CVE-2025-61911.patch"
+SRC_URI += "file://CVE-2025-61911.patch \
+            file://CVE-2025-61912.patch"
 SRC_URI[sha256sum] = "60464c8fc25e71e0fd40449a24eae482dcd0fb7fcf823e7de627a6525b3e0d12"
 
 do_configure:prepend() {

From patchwork Tue Jan 13 06:35:46 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 78552
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B92B4D29DDC
	for <webhook@archiver.kernel.org>; Tue, 13 Jan 2026 06:35:59 +0000 (UTC)
Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com
 [209.85.128.54])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.53380.1768286151270174419
 for <openembedded-devel@lists.openembedded.org>;
 Mon, 12 Jan 2026 22:35:51 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=eRvjfnBR;
 spf=pass (domain: gmail.com, ip: 209.85.128.54,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f54.google.com with SMTP id
 5b1f17b1804b1-47ed9b04365so1665435e9.0
        for <openembedded-devel@lists.openembedded.org>;
 Mon, 12 Jan 2026 22:35:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1768286150; x=1768890950;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=joB0yvOHTQ7C6TrAJbyXjq9yzkX2PW0TMb6PQw4+aTI=;
        b=eRvjfnBRauKNcdoRYQ0rIc/Vo8Ye2MiqLcHOAQtxPMGas62jO3yMf8p3+6uTJ0eA4x
         thuX2cYLXc5HVwqzHYlka7Iyw4zMMGSqISHWhVm2FKMDcV3uXvYmTUcssybm2JrCZced
         Z0QwF5vsYXwNgMIjbRU8cVc0vO9h7xTs5i87br26N55pN7fNZV+ApiuqD3JsRkf6k80F
         jN5/wuMxmwq10lHJTJ1n1dtVP6iBxfYrFTrpYUNTRSe9Wu/1LKrR+g+6vc3RLqlKYMq5
         px2M4CPzLql3vVj4BfePObhKkth2RsjQHLRyHblfIXDBGcZkGB7pTpG0rNis7qky+rbf
         mfOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768286150; x=1768890950;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=joB0yvOHTQ7C6TrAJbyXjq9yzkX2PW0TMb6PQw4+aTI=;
        b=b/oidttaMlXzMrBfK/EQvlZvD8p26JtPPoY27ds0rUcD8pxWuDNxS2yPaG3m6+cdOm
         PUUg72hgYEJEvBo815AQ76TZh8I9yzfKgyNlr2qNmyI9kRb0LKjGrVxnuOr/HCxqyDwl
         L5VRt67sfZ4CurXMid4zf8widjJp9p+N1seXl0iPvpppKJDxFRj12S3o4T/Wr51dPZTa
         zYW1ZxjYVYo8heEVOleORck0+83aGDoLAk5qunMhlODhF8zw9tyKMjKwdjPxl4foWHLg
         gWjfqzToQHmQcKFQ3KEk8CgshOojLJgTGy1NG9xdhAo37rZr7WrcXvzkmzpArg5OGCE5
         4+xw==
X-Gm-Message-State: AOJu0YxMNeqd7H3+rWB2BvAbRT8BM7aznahCZlkyEkKY0jzOUmZdHl7L
	Owzw8xfZRfcnUt1GrYWuHTZcVPTs/VdJZQlxh5AzJtnmZIfoUVUH4WFfV4LRVg==
X-Gm-Gg: AY/fxX63KfQlBYVnVRHr4ilBB3EucdJfyaKa6JpZeCn5810dxllVB5I5LDDxd75hPzP
	eG8fM0J/0ZMOWpzkyh2N8ro7ojCD+8Xk4hNojXkVDZqTeuY5sBB+P+d/XEQIhvgJzUAHbRHJR6f
	YiY+5p1A6cT083Vm48Mf/6RDAgcL4PBrVaMSlxbCIey5LtIZk5t59+U0Jq4LCvgNoE1z1STbLz2
	U18ApdnoE74PLPxwTSAx5AdJDWWUZm5V/BqngWIWlWoQccPemrNA8cz/MaTGbz4Ovwm1c9SQREv
	NHSc9K49EGHgMhvmEI9hTGocxaEpKTL90YwKHGYOIHnZfuMbBGrTp04Mlk8a9kjsqOekrggobAr
	ABjIrFL3nFqjWKQzHeyr8SN7Z6ltu9TvF5DbRXIsKv8fkEM38MU92uVXfW+npLk/6+WFjjQ7XqW
	UXn2rZ4Rv6
X-Google-Smtp-Source: 
 AGHT+IG80qYwt2MIFvfOfMYJgir4iuVFSDu0CVy0eV7361r02Rd/QVvla67Fv903IlER65t5tR4Vpw==
X-Received: by 2002:a05:600c:1d14:b0:477:97c7:9be7 with SMTP id
 5b1f17b1804b1-47d84b0a7bdmr219647115e9.1.1768286149494;
        Mon, 12 Jan 2026 22:35:49 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-432bd5edb7esm42273385f8f.30.2026.01.12.22.35.48
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 12 Jan 2026 22:35:49 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-python][kirkstone][PATCH 5/5] python3-werkzeug: ignore
 CVE-2026-21860
Date: Tue, 13 Jan 2026 07:35:46 +0100
Message-ID: <20260113063546.1497839-5-skandigraun@gmail.com>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260113063546.1497839-1-skandigraun@gmail.com>
References: <20260113063546.1497839-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 13 Jan 2026 06:35:59 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/123400

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-21860

The issue affects only Windows operating systems.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
index f795da80a3..0a18a48406 100644
--- a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
+++ b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
@@ -45,4 +45,4 @@ RDEPENDS:${PN} += " \
 "
 
 # Windows-only vulnerabilities
-CVE_CHECK_IGNORE = "CVE-2024-49766 CVE-2025-66221"
+CVE_CHECK_IGNORE = "CVE-2024-49766 CVE-2025-66221 CVE-2026-21860"