On Fri Jun 12, 2026 at 2:12 PM CEST, Himanshu Jadon -X (hjadon - E INFOCHIPS
PRIVATE LIMITED at Cisco) via lists.openembedded.org wrote:
> From: Himanshu Jadon <[email protected]>
>
> Backport the upstream 3-commit fix chain for CVE-2026-5704.
>
> The final fix is [1], which depends on the earlier cleanup in [2]
> and the behavioral change in [3]. Keep this patch order so the final
> fix applies cleanly and preserves the upstream logic.
>
> [1]
> https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=b8d8a61b25588caca4efaf9bdd2e3f1a49da77e3
> [2]
> https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=112ead79312ea308e58414b74623f101b8c06f0b
> [3]
> https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=b009124ffde415515081db844d7a104e1d1c6c58
> [4] https://security-tracker.debian.org/tracker/CVE-2026-5704
>
> Signed-off-by: Himanshu Jadon <[email protected]>
> ---
Hi Himanshu,
Thanks for your patch.
It looks like this is breaking some ptest:
AssertionError:
Failed ptests:
{'tar': ['--no-overwrite-dir']}
https://autobuilder.yoctoproject.org/valkyrie/#/builders/61/builds/3820
https://autobuilder.yoctoproject.org/valkyrie/#/builders/73/builds/3838
Can you have a look at the issue?
As this is a CVE fix, we probably still have to get the patch. So either
there is a fix upstream, or we have to disable this specific test.
Thanks,
Mathieu
--
Mathieu Dubois-Briand, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#238829):
https://lists.openembedded.org/g/openembedded-core/message/238829
Mute This Topic: https://lists.openembedded.org/mt/119772217/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
