Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2225202/?format=api
{ "id": 2225202, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2225202/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/20260420154559.2707314-1-titouan.christophe@mind.be/", "project": { "id": 27, "url": "http://patchwork.ozlabs.org/api/1.1/projects/27/?format=api", "name": "Buildroot development", "link_name": "buildroot", "list_id": "buildroot.buildroot.org", "list_email": "buildroot@buildroot.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20260420154559.2707314-1-titouan.christophe@mind.be>", "date": "2026-04-20T15:45:59", "name": "[for,2025.02.x] package/systemd: add patch for CVE-2026-40226", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "a6cc69908a9668857ff0b4b84beea134ae7eca13", "submitter": { "id": 90763, "url": "http://patchwork.ozlabs.org/api/1.1/people/90763/?format=api", "name": "Titouan Christophe", "email": "titouan.christophe@mind.be" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/20260420154559.2707314-1-titouan.christophe@mind.be/mbox/", "series": [ { "id": 500623, "url": "http://patchwork.ozlabs.org/api/1.1/series/500623/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/list/?series=500623", "date": "2026-04-20T15:45:59", "name": "[for,2025.02.x] package/systemd: add patch for CVE-2026-40226", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/500623/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2225202/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2225202/checks/", "tags": {}, "headers": { "Return-Path": "<buildroot-bounces@buildroot.org>", "X-Original-To": [ "incoming-buildroot@patchwork.ozlabs.org", "buildroot@buildroot.org" ], "Delivered-To": [ "patchwork-incoming-buildroot@legolas.ozlabs.org", "buildroot@buildroot.org" ], "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=A7jcMw0A;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)" ], "Received": [ "from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fzqbz1z4wz1yGs\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Tue, 21 Apr 2026 01:46:55 +1000 (AEST)", "from localhost (localhost [127.0.0.1])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id A00CD610F1;\n\tMon, 20 Apr 2026 15:46:53 +0000 (UTC)", "from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id oZdv3Ssf2GiY; Mon, 20 Apr 2026 15:46:52 +0000 (UTC)", "from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id 8B22360AA1;\n\tMon, 20 Apr 2026 15:46:52 +0000 (UTC)", "from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n by lists1.osuosl.org (Postfix) with ESMTP id A2DBD259\n for <buildroot@buildroot.org>; Mon, 20 Apr 2026 15:46:50 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n by smtp4.osuosl.org (Postfix) with ESMTP id 893D8410F2\n for <buildroot@buildroot.org>; Mon, 20 Apr 2026 15:46:50 +0000 (UTC)", "from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id 1F95049NMXzF for <buildroot@buildroot.org>;\n Mon, 20 Apr 2026 15:46:49 +0000 (UTC)", "from mail-wr1-x431.google.com (mail-wr1-x431.google.com\n [IPv6:2a00:1450:4864:20::431])\n by smtp4.osuosl.org (Postfix) with ESMTPS id 8635E410B2\n for <buildroot@buildroot.org>; Mon, 20 Apr 2026 15:46:48 +0000 (UTC)", "by mail-wr1-x431.google.com with SMTP id\n ffacd0b85a97d-43d7a5e77b1so2266142f8f.1\n for <buildroot@buildroot.org>; Mon, 20 Apr 2026 08:46:48 -0700 (PDT)", "from dragon (ip-94-140-185-241.reverse.destiny.be. [94.140.185.241])\n by smtp.gmail.com with ESMTPSA id\n ffacd0b85a97d-43fe4cb1405sm29238383f8f.4.2026.04.20.08.46.46\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Mon, 20 Apr 2026 08:46:46 -0700 (PDT)" ], "X-Virus-Scanned": [ "amavis at osuosl.org", "amavis at osuosl.org" ], "X-Comment": "SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ", "DKIM-Filter": [ "OpenDKIM Filter v2.11.0 smtp3.osuosl.org 8B22360AA1", "OpenDKIM Filter v2.11.0 smtp4.osuosl.org 8635E410B2" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1776700012;\n\tbh=hpm+kYyYNlOKGa7HZnCb5f8vuOmJsm6uQImZc6Bmez4=;\n\th=To:Cc:Date:Subject:List-Id:List-Unsubscribe:List-Archive:\n\t List-Post:List-Help:List-Subscribe:From:Reply-To:From;\n\tb=A7jcMw0A/MlSbPzx72OfFsvx/Gy0IPo8PdXhUvJfnYGsj+xoPLFkaYXG0ywECNyjC\n\t MUt2wH04vO4fPwMTR2RRTNjF4MCT6jpFPctqwq0Oq31XlHgyFBmZ0JxcP2SI9yvlG0\n\t OqpFbYLng2iFDjo6jexlHB6ZAUYjcQ1MxOTS715gdTC75bLoxZSuLL6nLEz+kSm+4B\n\t GdFmSdr5L5q0jC+fxynqvL14pLPomunOopZdtRPJr0u1ogOtJknK9PzFGngpXEGAbH\n\t WHwti92He9DXNG867Ts8GmkTj5TSG2d9qeLaUhXGy260J6P1bjIZTyIsDtCMXZfV9O\n\t Dg28mMOJvuAzw==", "Received-SPF": "Pass (mailfrom) identity=mailfrom;\n client-ip=2a00:1450:4864:20::431; helo=mail-wr1-x431.google.com;\n envelope-from=titouan.christophe@essensium.com; receiver=<UNKNOWN>", "DMARC-Filter": "OpenDMARC Filter v1.4.2 smtp4.osuosl.org 8635E410B2", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776700007; x=1777304807;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=Rkq8/XmSRTJRGDeKIvOke4PFvwH8Rcr2xJbdy2fxs4I=;\n b=G1vdVukZVcCm1fDtPxrzzgSGr/p+/KApnI8Wvvd1iefZghBnhgAJqOPsR8ZxkmrGp0\n uiEbsyp56BksWndsRkukoBlAENKkEubVFEN+iea75bbIik5GYgZd6yJ+GhyEKJYKZL4j\n 89hDA2seJB1sOl4ZD39pGJt3BeCwaXhodufBNWaaNUuuRA17hvI2tPJmO/BR3xisz+IW\n IV0uSjfri2q48tPaUjoLPhw6ystpB2JfcNMB7UPTFQ8ogvuzSbfrjoNGX6ynmeh6M3Xo\n PbEa8SLje39n5jp5ydDyM9EgsyhzLNnEEoTLBNtfJYRZy1shu4msE9hlaB5D88ifucFO\n iZzQ==", "X-Gm-Message-State": "AOJu0YwM5sR2ygZe2uiRtIaTAD2gNL9zmzCL4Lw095CXrTBvQZYDvyNr\n uDq3OE9HHleKmxpxafBwqpxTXJMljYBDpTwCub74uL/hwVNoX8g3cq6QzxN4ntfE8FbE/vvDhz/\n V+fiR", "X-Gm-Gg": "AeBDies76t1Qsea3s+cctrqzjqJWDFC1wo9mM14s5bCXRQDS5V1CCtwz7b/ACmLQNC6\n yYKOUhnFaQRddMCQxL7ESNMmZ0G93Lufk8nGSxh0T87Ke9W+JIGDlfLPX4UupMi+nJOGZZnPLTF\n 9TzeXY2wKLbC58YUvuEouJ/XOTj32i9Aiu7gtBorqks1qLV7LnAMXpwUcSkBhfctDc43eFmkVn6\n 4gl8uN98UkuLvSW+JKOO4K1Yq4fusqN9PHS3Cx/qFYmg9Ht8FmEkY1ei39H0Nnafv+W6bo5IBKJ\n aElXOYWv5UO9zKpnDqkbHdmX2m1kJwK7EPdww46jH698FvbRJatSdLFk0JlrRiEuhdC9JgKSzy4\n DCdEtN0wdkKtBh8vCKiOq95De8ZYwfrwJoy7dujqeguwGL2dku3xABckWfUa5h/LKIERfie8MpZ\n rdQNhM3UyCrfg0btS7EkHjxQFG0rPb38hX9NZI4XmdxUOv23m9DasG3QCJoGJHFi86eZk3VYXDj\n /OVIprJiw5KYqA=", "X-Received": "by 2002:a05:6000:1846:b0:43b:5091:39db with SMTP id\n ffacd0b85a97d-43fe40737c5mr23582004f8f.13.1776700006735;\n Mon, 20 Apr 2026 08:46:46 -0700 (PDT)", "To": "buildroot@buildroot.org", "Cc": "Norbert Lange <nolange79@gmail.com>, Sen Hastings <sen@hastings.org>,\n thomas.perale@mind.be", "Date": "Mon, 20 Apr 2026 17:45:59 +0200", "Message-ID": "<20260420154559.2707314-1-titouan.christophe@mind.be>", "X-Mailer": "git-send-email 2.53.0", "MIME-Version": "1.0", "X-Mailman-Original-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=mind.be; s=google; t=1776700007; x=1777304807; darn=buildroot.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=Rkq8/XmSRTJRGDeKIvOke4PFvwH8Rcr2xJbdy2fxs4I=;\n b=DiS6/Tdld0vKzO3AHJ4DAb3RtQNqYqutpz2rVJp9Wryy3HQuzOb7pFh0m6DML7maiM\n rIDhOAjg3VPEmdCQFduYFF8dZ0UqCtlLCeQBujeSRdDxPTuen2jYs7U4BfQGq+pFEuhD\n PsD8JQES4kvmepm1jYhO2gmV4KBvWb9mLSsXKx5UsujCH5RlfSZk2Z1ZqLRLvhbfnRnd\n 8GLbHccl084gWQ74b4i2B9dj9YpO0lOWShp/tRoj4moNHWQ9Jr0kX/yWA5A5VH0d3fvH\n tdnwPhWpCaltjlvk+5+r6jjPRaJRnq/kPBHVnNnne1kENve3MkaQOhL8yRnLJsRR0STt\n KahA==", "X-Mailman-Original-Authentication-Results": [ "smtp4.osuosl.org;\n dmarc=pass (p=quarantine dis=none)\n header.from=mind.be", "smtp4.osuosl.org;\n dkim=pass (2048-bit key,\n unprotected) header.d=mind.be header.i=@mind.be header.a=rsa-sha256\n header.s=google header.b=DiS6/Tdl" ], "Subject": "[Buildroot] [PATCH for 2025.02.x] package/systemd: add patch for\n CVE-2026-40226", "X-BeenThere": "buildroot@buildroot.org", "X-Mailman-Version": "2.1.30", "Precedence": "list", "List-Id": "Discussion and development of buildroot <buildroot.buildroot.org>", "List-Unsubscribe": "<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>", "List-Archive": "<http://lists.buildroot.org/pipermail/buildroot/>", "List-Post": "<mailto:buildroot@buildroot.org>", "List-Help": "<mailto:buildroot-request@buildroot.org?subject=help>", "List-Subscribe": "<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>", "From": "Titouan Christophe via buildroot <buildroot@buildroot.org>", "Reply-To": "Titouan Christophe <titouan.christophe@mind.be>", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "buildroot-bounces@buildroot.org", "Sender": "\"buildroot\" <buildroot-bounces@buildroot.org>" }, "content": "This backports the fix for the following vulnerability:\n- CVE-2026-40226:\n In nspawn in systemd 233 through 259 before 260, an escape-to-host\n action can occur via a crafted optional config file.\n https://www.cve.org/CVERecord?id=CVE-2026-40226\n\nSigned-off-by: Titouan Christophe <titouan.christophe@mind.be>\n---\n package/systemd/0001-Fix-CVE-2026-40226.patch | 90 +++++++++++++++++++\n 1 file changed, 90 insertions(+)\n create mode 100644 package/systemd/0001-Fix-CVE-2026-40226.patch", "diff": "diff --git a/package/systemd/0001-Fix-CVE-2026-40226.patch b/package/systemd/0001-Fix-CVE-2026-40226.patch\nnew file mode 100644\nindex 0000000000..250b6aff33\n--- /dev/null\n+++ b/package/systemd/0001-Fix-CVE-2026-40226.patch\n@@ -0,0 +1,90 @@\n+From b3131f63747db53ad76a9aab2d21da1ce9d59b9d Mon Sep 17 00:00:00 2001\n+From: Titouan Christophe <titouan.christophe@mind.be>\n+Date: Mon, 20 Apr 2026 12:04:45 +0200\n+Subject: [PATCH] Fix CVE-2026-40226\n+\n+This is the concatenation of the 2 upstream commits:\n+\n+===============================================================================\n+[1/2] nspawn: apply BindUser/Ephemeral from settings file only if trusted\n+\n+Originally reported on yeswehack.com as:\n+YWH-PGM9780-116\n+\n+Follow-up for 2f8930449079403b26c9164b8eeac78d5af2c8df\n+Follow-up for a2f577fca0be79b23f61f033229b64884e7d840a\n+\n+Upstream: https://github.com/systemd/systemd/commit/61bceb1bff4b1f9c126b18dc971ca3e6d8c71c40\n+===============================================================================\n+[2/2] nspawn: normalize pivot_root paths\n+\n+Originally reported on yeswehack.com as:\n+YWH-PGM9780-116\n+\n+Follow-up for b53ede699cdc5233041a22591f18863fb3fe2672\n+\n+Upstream: https://github.com/systemd/systemd/commit/7b85f5498a958e5bb660c703b8f4a71cceed3373\n+===============================================================================\n+\n+CVE: CVE-2026-34155\n+\n+Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>\n+---\n+ src/nspawn/nspawn-mount.c | 4 +++-\n+ src/nspawn/nspawn.c | 18 ++++++++++++++----\n+ 2 files changed, 17 insertions(+), 5 deletions(-)\n+\n+diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c\n+index 874d54e734..cba69cf0a9 100644\n+--- a/src/nspawn/nspawn-mount.c\n++++ b/src/nspawn/nspawn-mount.c\n+@@ -1311,7 +1311,9 @@ int pivot_root_parse(char **pivot_root_new, char **pivot_root_old, const char *s\n+ \n+ if (!path_is_absolute(root_new))\n+ return -EINVAL;\n+- if (root_old && !path_is_absolute(root_old))\n++ if (!path_is_normalized(root_new))\n++ return -EINVAL;\n++ if (root_old && (!path_is_absolute(root_old) || !path_is_normalized(root_old)))\n+ return -EINVAL;\n+ \n+ free_and_replace(*pivot_root_new, root_new);\n+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c\n+index 459caa7c58..8692c771ba 100644\n+--- a/src/nspawn/nspawn.c\n++++ b/src/nspawn/nspawn.c\n+@@ -4626,8 +4626,13 @@ static int merge_settings(Settings *settings, const char *path) {\n+ }\n+ \n+ if ((arg_settings_mask & SETTING_EPHEMERAL) == 0 &&\n+- settings->ephemeral >= 0)\n+- arg_ephemeral = settings->ephemeral;\n++ settings->ephemeral >= 0) {\n++\n++ if (!arg_settings_trusted)\n++ log_warning(\"Ignoring ephemeral setting, file %s is not trusted.\", path);\n++ else\n++ arg_ephemeral = settings->ephemeral;\n++ }\n+ \n+ if ((arg_settings_mask & SETTING_DIRECTORY) == 0 &&\n+ settings->root) {\n+@@ -4795,8 +4800,13 @@ static int merge_settings(Settings *settings, const char *path) {\n+ }\n+ \n+ if ((arg_settings_mask & SETTING_BIND_USER) == 0 &&\n+- !strv_isempty(settings->bind_user))\n+- strv_free_and_replace(arg_bind_user, settings->bind_user);\n++ !strv_isempty(settings->bind_user)) {\n++\n++ if (!arg_settings_trusted)\n++ log_warning(\"Ignoring bind user setting, file %s is not trusted.\", path);\n++ else\n++ strv_free_and_replace(arg_bind_user, settings->bind_user);\n++ }\n+ \n+ if ((arg_settings_mask & SETTING_NOTIFY_READY) == 0 &&\n+ settings->notify_ready >= 0)\n+-- \n+2.53.0\n+\n", "prefixes": [ "for", "2025.02.x" ] }