From: "Yoann Congal" <yoann.congal@smile.fr>
To: <Jinfeng.Wang.CN@windriver.com>,
<openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core] [scarthgap][PATCH 03/12] libsoup-2.4: fix CVE-2025-14523/CVE-2025-32049
Date: Thu, 23 Apr 2026 19:13:42 +0200 [thread overview]
Message-ID: <DI0PBE3G6FDD.3A1SAHXZP0MYI@smile.fr> (raw)
In-Reply-To: <20260409061639.1688205-4-jinfeng.wang.cn@windriver.com>
On Thu Apr 9, 2026 at 8:16 AM CEST, Jinfeng (CN) via lists.openembedded.org Wang wrote:
> From: Changqing Li <changqing.li@windriver.com>
>
> Refer:
> https://gitlab.gnome.org/GNOME/libsoup/-/issues/472
> https://gitlab.gnome.org/GNOME/libsoup/-/issues/390
>
> Signed-off-by: Changqing Li <changqing.li@windriver.com>
> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
> ---
> .../libsoup/libsoup-2.4/CVE-2025-14523.patch | 52 ++++
> .../libsoup-2.4/CVE-2025-32049-1.patch | 229 ++++++++++++++++++
> .../libsoup-2.4/CVE-2025-32049-2.patch | 131 ++++++++++
> .../libsoup/libsoup-2.4_2.74.3.bb | 3 +
> 4 files changed, 415 insertions(+)
> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch
> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-1.patch
> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-2.patch
>
> diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch
> new file mode 100644
> index 0000000000..7815dba55a
> --- /dev/null
> +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch
> @@ -0,0 +1,52 @@
> +From d6028a6e6a8417b7fb6c89f6c10fb94781435ee6 Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Wed, 4 Feb 2026 15:08:50 +0800
> +Subject: [PATCH] Reject duplicate Host headers (for libsoup 2)
> +
> +This is a simplified version of my patch for libsoup 3:
> +
> +!491
> +
> +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/d3db5a6f8f03e1f0133754872877c92c0284c472]
> +CVE: CVE-2025-14523
See remarks made to 02/12 patch, they should apply here.
> +This patch is a MR for branch 2-74, but not merged yet, maybe it will
> +not be merged.
... then you can't mark the patch as "Upstream-Status: Backport". Maybe
the "Submitted" status is more apropriate. But, then, do we really want
to use an unmerged patch?
Regards,
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + libsoup/soup-headers.c | 3 +++
> + libsoup/soup-message-headers.c | 3 +++
> + 2 files changed, 6 insertions(+)
> +
> +diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
> +index ea2f986..6cd3dad 100644
> +--- a/libsoup/soup-headers.c
> ++++ b/libsoup/soup-headers.c
> +@@ -138,6 +138,9 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
> + for (p = strchr (value, '\r'); p; p = strchr (p, '\r'))
> + *p = ' ';
> +
> ++ if (g_ascii_strcasecmp (name, "Host") == 0 && soup_message_headers_get_one (dest, "Host"))
> ++ goto done;
> ++
> + soup_message_headers_append (dest, name, value);
> + }
> + success = TRUE;
> +diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
> +index f612bff..bb20bbb 100644
> +--- a/libsoup/soup-message-headers.c
> ++++ b/libsoup/soup-message-headers.c
> +@@ -220,6 +220,9 @@ soup_message_headers_append (SoupMessageHeaders *hdrs,
> + }
> + #endif
> +
> ++ if (g_ascii_strcasecmp (name, "Host") == 0 && soup_message_headers_get_one (hdrs, "Host"))
> ++ return;
> ++
> + header.name = intern_header_name (name, &setter);
> + header.value = g_strdup (value);
> + g_array_append_val (hdrs->array, header);
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-1.patch
> new file mode 100644
> index 0000000000..64e87cb1ec
> --- /dev/null
> +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-1.patch
> @@ -0,0 +1,229 @@
> +From c574e659c41c18fad3973bbaa3b3ec75664b3137 Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 5 Feb 2026 16:20:02 +0800
> +Subject: [PATCH 1/2] websocket: add a way to restrict the total message size
> +
> +Otherwise a client could send small packages smaller than
> +total-incoming-payload-size but still to break the server
> +with a big allocation
> +
> +Fixes: #390
> +
> +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/db87805ab565d67533dfed2cb409dbfd63c7fdce]
> +CVE: CVE-2025-32049
> +
> +libsoup2 is not maintained, the patch is backported from libsoup3, and
> +change accordingly
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + libsoup/soup-websocket-connection.c | 104 ++++++++++++++++++++++++++--
> + libsoup/soup-websocket-connection.h | 7 ++
> + 2 files changed, 107 insertions(+), 4 deletions(-)
> +
> +diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
> +index 9d5f4f8..3dad477 100644
> +--- a/libsoup/soup-websocket-connection.c
> ++++ b/libsoup/soup-websocket-connection.c
> +@@ -85,7 +85,8 @@ enum {
> + PROP_STATE,
> + PROP_MAX_INCOMING_PAYLOAD_SIZE,
> + PROP_KEEPALIVE_INTERVAL,
> +- PROP_EXTENSIONS
> ++ PROP_EXTENSIONS,
> ++ PROP_MAX_TOTAL_MESSAGE_SIZE,
> + };
> +
> + enum {
> +@@ -120,6 +121,7 @@ struct _SoupWebsocketConnectionPrivate {
> + char *origin;
> + char *protocol;
> + guint64 max_incoming_payload_size;
> ++ guint64 max_total_message_size;
> + guint keepalive_interval;
> +
> + gushort peer_close_code;
> +@@ -152,6 +154,7 @@ struct _SoupWebsocketConnectionPrivate {
> + };
> +
> + #define MAX_INCOMING_PAYLOAD_SIZE_DEFAULT 128 * 1024
> ++#define MAX_TOTAL_MESSAGE_SIZE_DEFAULT 128 * 1024
> + #define READ_BUFFER_SIZE 1024
> + #define MASK_LENGTH 4
> +
> +@@ -664,7 +667,7 @@ bad_data_error_and_close (SoupWebsocketConnection *self)
> + }
> +
> + static void
> +-too_big_error_and_close (SoupWebsocketConnection *self,
> ++too_big_incoming_payload_error_and_close (SoupWebsocketConnection *self,
> + guint64 payload_len)
> + {
> + GError *error;
> +@@ -680,6 +683,23 @@ too_big_error_and_close (SoupWebsocketConnection *self,
> + emit_error_and_close (self, error, TRUE);
> + }
> +
> ++static void
> ++too_big_message_error_and_close (SoupWebsocketConnection *self,
> ++ guint64 len)
> ++{
> ++ GError *error;
> ++
> ++ error = g_error_new_literal (SOUP_WEBSOCKET_ERROR,
> ++ SOUP_WEBSOCKET_CLOSE_TOO_BIG,
> ++ self->pv->connection_type == SOUP_WEBSOCKET_CONNECTION_SERVER ?
> ++ "Received WebSocket payload from the client larger than configured max-total-message-size" :
> ++ "Received WebSocket payload from the server larger than configured max-total-message-size");
> ++ g_debug ("%s received message of size %" G_GUINT64_FORMAT " or greater, but max supported size is %" G_GUINT64_FORMAT,
> ++ self->pv->connection_type == SOUP_WEBSOCKET_CONNECTION_SERVER ? "server" : "client",
> ++ len, self->pv->max_total_message_size);
> ++ emit_error_and_close (self, error, TRUE);
> ++}
> ++
> + static void
> + close_connection (SoupWebsocketConnection *self,
> + gushort code,
> +@@ -913,6 +933,12 @@ process_contents (SoupWebsocketConnection *self,
> + switch (pv->message_opcode) {
> + case 0x01:
> + case 0x02:
> ++ /* Safety valve */
> ++ if (pv->max_total_message_size > 0 &&
> ++ (pv->message_data->len + payload_len) > pv->max_total_message_size) {
> ++ too_big_message_error_and_close (self, (pv->message_data->len + payload_len));
> ++ return;
> ++ }
> + g_byte_array_append (pv->message_data, payload, payload_len);
> + break;
> + default:
> +@@ -1050,7 +1076,7 @@ process_frame (SoupWebsocketConnection *self)
> + /* Safety valve */
> + if (self->pv->max_incoming_payload_size > 0 &&
> + payload_len >= self->pv->max_incoming_payload_size) {
> +- too_big_error_and_close (self, payload_len);
> ++ too_big_incoming_payload_error_and_close (self, payload_len);
> + return FALSE;
> + }
> +
> +@@ -1357,6 +1383,10 @@ soup_websocket_connection_get_property (GObject *object,
> + g_value_set_pointer (value, pv->extensions);
> + break;
> +
> ++ case PROP_MAX_TOTAL_MESSAGE_SIZE:
> ++ g_value_set_uint64 (value, pv->max_total_message_size);
> ++ break;
> ++
> + default:
> + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
> + break;
> +@@ -1410,6 +1440,10 @@ soup_websocket_connection_set_property (GObject *object,
> + pv->extensions = g_value_get_pointer (value);
> + break;
> +
> ++ case PROP_MAX_TOTAL_MESSAGE_SIZE:
> ++ pv->max_total_message_size = g_value_get_uint64 (value);
> ++ break;
> ++
> + default:
> + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
> + break;
> +@@ -1631,7 +1665,24 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass)
> + G_PARAM_READWRITE |
> + G_PARAM_CONSTRUCT_ONLY |
> + G_PARAM_STATIC_STRINGS));
> +-
> ++ /**
> ++ * SoupWebsocketConnection:max-total-message-size:
> ++ *
> ++ * The total message size for incoming packets.
> ++ *
> ++ * The protocol expects or 0 to not limit it.
> ++ *
> ++ */
> ++ g_object_class_install_property (gobject_class, PROP_MAX_TOTAL_MESSAGE_SIZE,
> ++ g_param_spec_uint64 ("max-total-message-size",
> ++ "Max total message size",
> ++ "Max total message size ",
> ++ 0,
> ++ G_MAXUINT64,
> ++ MAX_TOTAL_MESSAGE_SIZE_DEFAULT,
> ++ G_PARAM_READWRITE |
> ++ G_PARAM_CONSTRUCT |
> ++ G_PARAM_STATIC_STRINGS));
> + /**
> + * SoupWebsocketConnection::message:
> + * @self: the WebSocket
> +@@ -2145,6 +2196,51 @@ soup_websocket_connection_set_max_incoming_payload_size (SoupWebsocketConnection
> + }
> + }
> +
> ++/**
> ++ * soup_websocket_connection_get_max_total_message_size:
> ++ * @self: the WebSocket
> ++ *
> ++ * Gets the maximum total message size allowed for packets.
> ++ *
> ++ * Returns: the maximum total message size.
> ++ *
> ++ */
> ++guint64
> ++soup_websocket_connection_get_max_total_message_size (SoupWebsocketConnection *self)
> ++{
> ++ SoupWebsocketConnectionPrivate *pv;
> ++
> ++ g_return_val_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self), MAX_TOTAL_MESSAGE_SIZE_DEFAULT);
> ++ pv = self->pv;
> ++
> ++ return pv->max_total_message_size;
> ++}
> ++
> ++/**
> ++ * soup_websocket_connection_set_max_total_message_size:
> ++ * @self: the WebSocket
> ++ * @max_total_message_size: the maximum total message size
> ++ *
> ++ * Sets the maximum total message size allowed for packets.
> ++ *
> ++ * It does not limit the outgoing packet size.
> ++ *
> ++ */
> ++void
> ++soup_websocket_connection_set_max_total_message_size (SoupWebsocketConnection *self,
> ++ guint64 max_total_message_size)
> ++{
> ++ SoupWebsocketConnectionPrivate *pv;
> ++
> ++ g_return_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self));
> ++ pv = self->pv;
> ++
> ++ if (pv->max_total_message_size != max_total_message_size) {
> ++ pv->max_total_message_size = max_total_message_size;
> ++ g_object_notify (G_OBJECT (self), "max-total-message-size");
> ++ }
> ++}
> ++
> + /**
> + * soup_websocket_connection_get_keepalive_interval:
> + * @self: the WebSocket
> +diff --git a/libsoup/soup-websocket-connection.h b/libsoup/soup-websocket-connection.h
> +index f82d723..d2a60e9 100644
> +--- a/libsoup/soup-websocket-connection.h
> ++++ b/libsoup/soup-websocket-connection.h
> +@@ -136,6 +136,13 @@ SOUP_AVAILABLE_IN_2_58
> + void soup_websocket_connection_set_keepalive_interval (SoupWebsocketConnection *self,
> + guint interval);
> +
> ++SOUP_AVAILABLE_IN_2_72
> ++guint64 soup_websocket_connection_get_max_total_message_size (SoupWebsocketConnection *self);
> ++
> ++SOUP_AVAILABLE_IN_2_72
> ++void soup_websocket_connection_set_max_total_message_size (SoupWebsocketConnection *self,
> ++ guint64 max_total_message_size);
> ++
> + G_END_DECLS
> +
> + #endif /* __SOUP_WEBSOCKET_CONNECTION_H__ */
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-2.patch
> new file mode 100644
> index 0000000000..f9c894aaec
> --- /dev/null
> +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-2.patch
> @@ -0,0 +1,131 @@
> +From 0bfc66f1082f5d47df99b6fc03f742ef7fa1051e Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 5 Feb 2026 17:19:51 +0800
> +Subject: [PATCH] Set message size limit in SoupServer rather than
> + SoupWebsocketConnection
> +
> +We're not sure about the compatibility implications of having a default
> +size limit for clients.
> +
> +Also not sure whether the server limit is actually set appropriately,
> +but there is probably very little server usage of
> +SoupWebsocketConnection in the wild, so it's not so likely to break
> +things.
> +
> +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/2df34d9544cabdbfdedd3b36f098cf69233b1df7]
> +CVE: CVE-2025-32049
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + libsoup/soup-server.c | 24 +++++++++++++++++++-----
> + libsoup/soup-websocket-connection.c | 23 ++++++++++++++++-------
> + 2 files changed, 35 insertions(+), 12 deletions(-)
> +
> +diff --git a/libsoup/soup-server.c b/libsoup/soup-server.c
> +index 63875f3..a3f8597 100644
> +--- a/libsoup/soup-server.c
> ++++ b/libsoup/soup-server.c
> +@@ -216,6 +216,16 @@ enum {
> +
> + G_DEFINE_TYPE_WITH_PRIVATE (SoupServer, soup_server, G_TYPE_OBJECT)
> +
> ++/* SoupWebsocketConnection by default limits only maximum packet size. But a
> ++ * message may consist of multiple packets, so SoupServer additionally restricts
> ++ * total message size to mitigate denial of service attacks on the server.
> ++ * SoupWebsocketConnection does not do this by default because I don't know
> ++ * whether that would or would not cause compatibility problems for websites.
> ++ *
> ++ * This size is in bytes and it is arbitrary.
> ++ */
> ++#define MAX_TOTAL_MESSAGE_SIZE_DEFAULT 128 * 1024
> ++
> + static SoupClientContext *soup_client_context_ref (SoupClientContext *client);
> + static void soup_client_context_unref (SoupClientContext *client);
> +
> +@@ -1445,11 +1455,15 @@ complete_websocket_upgrade (SoupMessage *msg, gpointer user_data)
> +
> + soup_client_context_ref (client);
> + stream = soup_client_context_steal_connection (client);
> +- conn = soup_websocket_connection_new_with_extensions (stream, uri,
> +- SOUP_WEBSOCKET_CONNECTION_SERVER,
> +- soup_message_headers_get_one (msg->request_headers, "Origin"),
> +- soup_message_headers_get_one (msg->response_headers, "Sec-WebSocket-Protocol"),
> +- handler->websocket_extensions);
> ++ conn = SOUP_WEBSOCKET_CONNECTION (g_object_new (SOUP_TYPE_WEBSOCKET_CONNECTION,
> ++ "io-stream", stream,
> ++ "uri", uri,
> ++ "connection-type", SOUP_WEBSOCKET_CONNECTION_SERVER,
> ++ "origin", soup_message_headers_get_one (msg->request_headers, "Origin"),
> ++ "protocol", soup_message_headers_get_one (msg->response_headers, "Sec-WebSocket-Protocol"),
> ++ "extensions", handler->websocket_extensions,
> ++ "max-total-message-size", (guint64)MAX_TOTAL_MESSAGE_SIZE_DEFAULT,
> ++ NULL));
> + handler->websocket_extensions = NULL;
> + g_object_unref (stream);
> + soup_client_context_unref (client);
> +diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
> +index 3dad477..e7fa9b7 100644
> +--- a/libsoup/soup-websocket-connection.c
> ++++ b/libsoup/soup-websocket-connection.c
> +@@ -154,7 +154,6 @@ struct _SoupWebsocketConnectionPrivate {
> + };
> +
> + #define MAX_INCOMING_PAYLOAD_SIZE_DEFAULT 128 * 1024
> +-#define MAX_TOTAL_MESSAGE_SIZE_DEFAULT 128 * 1024
> + #define READ_BUFFER_SIZE 1024
> + #define MASK_LENGTH 4
> +
> +@@ -1615,8 +1614,9 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass)
> + /**
> + * SoupWebsocketConnection:max-incoming-payload-size:
> + *
> +- * The maximum payload size for incoming packets the protocol expects
> +- * or 0 to not limit it.
> ++ * The maximum payload size for incoming packets, or 0 to not limit it.
> ++ * Each message may consist of multiple packets, so also refer to
> ++ * [property@WebSocketConnection:max-total-message-size].
> + *
> + * Since: 2.56
> + */
> +@@ -1668,9 +1668,18 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass)
> + /**
> + * SoupWebsocketConnection:max-total-message-size:
> + *
> +- * The total message size for incoming packets.
> ++ * The maximum size for incoming messages.
> ++ * Set to a value to limit the total message size, or 0 to not
> ++ * limit it.
> + *
> +- * The protocol expects or 0 to not limit it.
> ++ * [method@Server.add_websocket_handler] will set this to a nonzero
> ++ * default value to mitigate denial of service attacks. Clients must
> ++ * choose their own default if they need to mitigate denial of service
> ++ * attacks. You also need to set your own default if creating your own
> ++ * server SoupWebsocketConnection without using SoupServer.
> ++ *
> ++ * Each message may consist of multiple packets, so also refer to
> ++ *[property@WebSocketConnection:max-incoming-payload-size].
> + *
> + */
> + g_object_class_install_property (gobject_class, PROP_MAX_TOTAL_MESSAGE_SIZE,
> +@@ -1679,7 +1688,7 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass)
> + "Max total message size ",
> + 0,
> + G_MAXUINT64,
> +- MAX_TOTAL_MESSAGE_SIZE_DEFAULT,
> ++ 0,
> + G_PARAM_READWRITE |
> + G_PARAM_CONSTRUCT |
> + G_PARAM_STATIC_STRINGS));
> +@@ -2210,7 +2219,7 @@ soup_websocket_connection_get_max_total_message_size (SoupWebsocketConnection *s
> + {
> + SoupWebsocketConnectionPrivate *pv;
> +
> +- g_return_val_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self), MAX_TOTAL_MESSAGE_SIZE_DEFAULT);
> ++ g_return_val_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self), 0);
> + pv = self->pv;
> +
> + return pv->max_total_message_size;
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
> index 7e00cd678a..915d735da3 100644
> --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
> +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
> @@ -41,6 +41,9 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
> file://CVE-2025-4476.patch \
> file://CVE-2025-2784.patch \
> file://CVE-2025-4945.patch \
> + file://CVE-2025-14523.patch \
> + file://CVE-2025-32049-1.patch \
> + file://CVE-2025-32049-2.patch \
> "
> SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
>
--
Yoann Congal
Smile ECS
next prev parent reply other threads:[~2026-04-23 17:13 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-09 6:16 [scarthgap][PATCH 00/12] Fix multiple CVEs jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 01/12] gi-docgen: fix CVE-2025-11687 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 02/12] libsoup: fix CVE-2025-14523/CVE-2025-32049 jinfeng.wang.cn
2026-04-23 17:09 ` [OE-core] " Yoann Congal
2026-04-24 7:16 ` Li, Changqing
2026-04-09 6:16 ` [scarthgap][PATCH 03/12] libsoup-2.4: " jinfeng.wang.cn
2026-04-23 17:13 ` Yoann Congal [this message]
2026-04-24 7:37 ` [OE-core] " Li, Changqing
2026-04-09 6:16 ` [scarthgap][PATCH 04/12] python3-ply: fix CVE-2025-56005 jinfeng.wang.cn
2026-04-24 6:45 ` [OE-core] " Yoann Congal
2026-04-27 6:20 ` Chen, Libo (CN)
[not found] ` <18AA22684C0F041F.2188217@lists.openembedded.org>
2026-05-06 8:24 ` Chen, Libo (CN)
2026-05-07 11:02 ` Yoann Congal
2026-04-09 6:16 ` [scarthgap][PATCH 05/12] python3-pyasn1: fix CVE-2026-23490 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 06/12] python3-wheel: fix CVE-2026-24049 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 07/12] gnupg: fix CVE-2026-24882 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 08/12] libxml2: Fix CVE-2026-1757 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 09/12] python3-pyasn1: fix CVE-2026-30922 jinfeng.wang.cn
2026-04-24 7:36 ` [OE-core] " Yoann Congal
2026-04-27 6:04 ` Song, Jiaying (CN)
2026-05-07 23:01 ` Yoann Congal
2026-04-09 6:16 ` [scarthgap][PATCH 10/12] busybox: fix CVE-2026-26157 and CVE-2026-26158 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 11/12] zlib: upgrade 1.3.1 -> 1.3.2 jinfeng.wang.cn
2026-04-24 8:10 ` [OE-core] " Yoann Congal
2026-04-09 6:16 ` [scarthgap][PATCH 12/12] libpcap: 1.10.4 -> 1.10.6 jinfeng.wang.cn
2026-04-24 8:21 ` [OE-core] " Yoann Congal
2026-05-06 3:05 ` Kai
2026-05-07 16:32 ` Yoann Congal
2026-05-09 6:17 ` Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DI0PBE3G6FDD.3A1SAHXZP0MYI@smile.fr \
--to=yoann.congal@smile.fr \
--cc=Jinfeng.Wang.CN@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.