Hi, Thanks for pointing out. Fixed in v2
________________________________ From: Mathieu Dubois-Briand <[email protected]> Sent: Tuesday, February 10, 2026 1:44 PM To: Adarsh Jagadish Kamini <[email protected]>; [email protected] <[email protected]> Subject: Re: [OE-core][master][PATCH] python3-pip: Backport fix CVE-2026-1703 On Mon Feb 9, 2026 at 10:24 PM CET, Adarsh Jagadish Kamini wrote: > From: Adarsh Jagadish Kamini <[email protected]> > > Include the patch linked in the NVD report: > https://github.com/pypa/pip/commit/8e227a9be4faa9594e05d02ca05a413a2a4e7735 > > Signed-off-by: Adarsh Jagadish Kamini <[email protected]> > --- Hi Adarsh, Thanks for your patch. > --- a/meta/recipes-devtools/python/python3-pip_24.0.bb > +++ b/meta/recipes-devtools/python/python3-pip_24.0.bb > @@ -31,7 +31,8 @@ LIC_FILES_CHKSUM = > "file://LICENSE.txt;md5=63ec52baf95163b597008bb46db68030 \ > > inherit pypi python_setuptools_build_meta > > -SRC_URI += "file://no_shebang_mangling.patch" > +SRC_URI += "file://no_shebang_mangling.patch \ > + file://CVE-2026-1703.patch \" There is an extra backslash before the ending quote. Thanks, Mathieu -- Mathieu Dubois-Briand, Bootlin Embedded Linux and Kernel engineering https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#230933): https://lists.openembedded.org/g/openembedded-core/message/230933 Mute This Topic: https://lists.openembedded.org/mt/117728696/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
