From: "Yoann Congal" <yoann.congal@smile.fr>
To: <Jinfeng.Wang.CN@windriver.com>,
<openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core] [scarthgap][PATCH 03/12] libsoup-2.4: fix CVE-2025-14523/CVE-2025-32049
Date: Thu, 23 Apr 2026 19:13:42 +0200 [thread overview]
Message-ID: <DI0PBE3G6FDD.3A1SAHXZP0MYI@smile.fr> (raw)
In-Reply-To: <20260409061639.1688205-4-jinfeng.wang.cn@windriver.com>
On Thu Apr 9, 2026 at 8:16 AM CEST, Jinfeng (CN) via lists.openembedded.org Wang wrote:
> From: Changqing Li <changqing.li@windriver.com>
>
> Refer:
> https://gitlab.gnome.org/GNOME/libsoup/-/issues/472
> https://gitlab.gnome.org/GNOME/libsoup/-/issues/390
>
> Signed-off-by: Changqing Li <changqing.li@windriver.com>
> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
> ---
> .../libsoup/libsoup-2.4/CVE-2025-14523.patch | 52 ++++
> .../libsoup-2.4/CVE-2025-32049-1.patch | 229 ++++++++++++++++++
> .../libsoup-2.4/CVE-2025-32049-2.patch | 131 ++++++++++
> .../libsoup/libsoup-2.4_2.74.3.bb | 3 +
> 4 files changed, 415 insertions(+)
> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch
> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-1.patch
> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-2.patch
>
> diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch
> new file mode 100644
> index 0000000000..7815dba55a
> --- /dev/null
> +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch
> @@ -0,0 +1,52 @@
> +From d6028a6e6a8417b7fb6c89f6c10fb94781435ee6 Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Wed, 4 Feb 2026 15:08:50 +0800
> +Subject: [PATCH] Reject duplicate Host headers (for libsoup 2)
> +
> +This is a simplified version of my patch for libsoup 3:
> +
> +!491
> +
> +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/d3db5a6f8f03e1f0133754872877c92c0284c472]
> +CVE: CVE-2025-14523
See remarks made to 02/12 patch, they should apply here.
> +This patch is a MR for branch 2-74, but not merged yet, maybe it will
> +not be merged.
... then you can't mark the patch as "Upstream-Status: Backport". Maybe
the "Submitted" status is more apropriate. But, then, do we really want
to use an unmerged patch?
Regards,
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + libsoup/soup-headers.c | 3 +++
> + libsoup/soup-message-headers.c | 3 +++
> + 2 files changed, 6 insertions(+)
> +
> +diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
> +index ea2f986..6cd3dad 100644
> +--- a/libsoup/soup-headers.c
> ++++ b/libsoup/soup-headers.c
> +@@ -138,6 +138,9 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
> + for (p = strchr (value, '\r'); p; p = strchr (p, '\r'))
> + *p = ' ';
> +
> ++ if (g_ascii_strcasecmp (name, "Host") == 0 && soup_message_headers_get_one (dest, "Host"))
> ++ goto done;
> ++
> + soup_message_headers_append (dest, name, value);
> + }
> + success = TRUE;
> +diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
> +index f612bff..bb20bbb 100644
> +--- a/libsoup/soup-message-headers.c
> ++++ b/libsoup/soup-message-headers.c
> +@@ -220,6 +220,9 @@ soup_message_headers_append (SoupMessageHeaders *hdrs,
> + }
> + #endif
> +
> ++ if (g_ascii_strcasecmp (name, "Host") == 0 && soup_message_headers_get_one (hdrs, "Host"))
> ++ return;
> ++
> + header.name = intern_header_name (name, &setter);
> + header.value = g_strdup (value);
> + g_array_append_val (hdrs->array, header);
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-1.patch
> new file mode 100644
> index 0000000000..64e87cb1ec
> --- /dev/null
> +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-1.patch
> @@ -0,0 +1,229 @@
> +From c574e659c41c18fad3973bbaa3b3ec75664b3137 Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 5 Feb 2026 16:20:02 +0800
> +Subject: [PATCH 1/2] websocket: add a way to restrict the total message size
> +
> +Otherwise a client could send small packages smaller than
> +total-incoming-payload-size but still to break the server
> +with a big allocation
> +
> +Fixes: #390
> +
> +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/db87805ab565d67533dfed2cb409dbfd63c7fdce]
> +CVE: CVE-2025-32049
> +
> +libsoup2 is not maintained, the patch is backported from libsoup3, and
> +change accordingly
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + libsoup/soup-websocket-connection.c | 104 ++++++++++++++++++++++++++--
> + libsoup/soup-websocket-connection.h | 7 ++
> + 2 files changed, 107 insertions(+), 4 deletions(-)
> +
> +diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
> +index 9d5f4f8..3dad477 100644
> +--- a/libsoup/soup-websocket-connection.c
> ++++ b/libsoup/soup-websocket-connection.c
> +@@ -85,7 +85,8 @@ enum {
> + PROP_STATE,
> + PROP_MAX_INCOMING_PAYLOAD_SIZE,
> + PROP_KEEPALIVE_INTERVAL,
> +- PROP_EXTENSIONS
> ++ PROP_EXTENSIONS,
> ++ PROP_MAX_TOTAL_MESSAGE_SIZE,
> + };
> +
> + enum {
> +@@ -120,6 +121,7 @@ struct _SoupWebsocketConnectionPrivate {
> + char *origin;
> + char *protocol;
> + guint64 max_incoming_payload_size;
> ++ guint64 max_total_message_size;
> + guint keepalive_interval;
> +
> + gushort peer_close_code;
> +@@ -152,6 +154,7 @@ struct _SoupWebsocketConnectionPrivate {
> + };
> +
> + #define MAX_INCOMING_PAYLOAD_SIZE_DEFAULT 128 * 1024
> ++#define MAX_TOTAL_MESSAGE_SIZE_DEFAULT 128 * 1024
> + #define READ_BUFFER_SIZE 1024
> + #define MASK_LENGTH 4
> +
> +@@ -664,7 +667,7 @@ bad_data_error_and_close (SoupWebsocketConnection *self)
> + }
> +
> + static void
> +-too_big_error_and_close (SoupWebsocketConnection *self,
> ++too_big_incoming_payload_error_and_close (SoupWebsocketConnection *self,
> + guint64 payload_len)
> + {
> + GError *error;
> +@@ -680,6 +683,23 @@ too_big_error_and_close (SoupWebsocketConnection *self,
> + emit_error_and_close (self, error, TRUE);
> + }
> +
> ++static void
> ++too_big_message_error_and_close (SoupWebsocketConnection *self,
> ++ guint64 len)
> ++{
> ++ GError *error;
> ++
> ++ error = g_error_new_literal (SOUP_WEBSOCKET_ERROR,
> ++ SOUP_WEBSOCKET_CLOSE_TOO_BIG,
> ++ self->pv->connection_type == SOUP_WEBSOCKET_CONNECTION_SERVER ?
> ++ "Received WebSocket payload from the client larger than configured max-total-message-size" :
> ++ "Received WebSocket payload from the server larger than configured max-total-message-size");
> ++ g_debug ("%s received message of size %" G_GUINT64_FORMAT " or greater, but max supported size is %" G_GUINT64_FORMAT,
> ++ self->pv->connection_type == SOUP_WEBSOCKET_CONNECTION_SERVER ? "server" : "client",
> ++ len, self->pv->max_total_message_size);
> ++ emit_error_and_close (self, error, TRUE);
> ++}
> ++
> + static void
> + close_connection (SoupWebsocketConnection *self,
> + gushort code,
> +@@ -913,6 +933,12 @@ process_contents (SoupWebsocketConnection *self,
> + switch (pv->message_opcode) {
> + case 0x01:
> + case 0x02:
> ++ /* Safety valve */
> ++ if (pv->max_total_message_size > 0 &&
> ++ (pv->message_data->len + payload_len) > pv->max_total_message_size) {
> ++ too_big_message_error_and_close (self, (pv->message_data->len + payload_len));
> ++ return;
> ++ }
> + g_byte_array_append (pv->message_data, payload, payload_len);
> + break;
> + default:
> +@@ -1050,7 +1076,7 @@ process_frame (SoupWebsocketConnection *self)
> + /* Safety valve */
> + if (self->pv->max_incoming_payload_size > 0 &&
> + payload_len >= self->pv->max_incoming_payload_size) {
> +- too_big_error_and_close (self, payload_len);
> ++ too_big_incoming_payload_error_and_close (self, payload_len);
> + return FALSE;
> + }
> +
> +@@ -1357,6 +1383,10 @@ soup_websocket_connection_get_property (GObject *object,
> + g_value_set_pointer (value, pv->extensions);
> + break;
> +
> ++ case PROP_MAX_TOTAL_MESSAGE_SIZE:
> ++ g_value_set_uint64 (value, pv->max_total_message_size);
> ++ break;
> ++
> + default:
> + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
> + break;
> +@@ -1410,6 +1440,10 @@ soup_websocket_connection_set_property (GObject *object,
> + pv->extensions = g_value_get_pointer (value);
> + break;
> +
> ++ case PROP_MAX_TOTAL_MESSAGE_SIZE:
> ++ pv->max_total_message_size = g_value_get_uint64 (value);
> ++ break;
> ++
> + default:
> + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
> + break;
> +@@ -1631,7 +1665,24 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass)
> + G_PARAM_READWRITE |
> + G_PARAM_CONSTRUCT_ONLY |
> + G_PARAM_STATIC_STRINGS));
> +-
> ++ /**
> ++ * SoupWebsocketConnection:max-total-message-size:
> ++ *
> ++ * The total message size for incoming packets.
> ++ *
> ++ * The protocol expects or 0 to not limit it.
> ++ *
> ++ */
> ++ g_object_class_install_property (gobject_class, PROP_MAX_TOTAL_MESSAGE_SIZE,
> ++ g_param_spec_uint64 ("max-total-message-size",
> ++ "Max total message size",
> ++ "Max total message size ",
> ++ 0,
> ++ G_MAXUINT64,
> ++ MAX_TOTAL_MESSAGE_SIZE_DEFAULT,
> ++ G_PARAM_READWRITE |
> ++ G_PARAM_CONSTRUCT |
> ++ G_PARAM_STATIC_STRINGS));
> + /**
> + * SoupWebsocketConnection::message:
> + * @self: the WebSocket
> +@@ -2145,6 +2196,51 @@ soup_websocket_connection_set_max_incoming_payload_size (SoupWebsocketConnection
> + }
> + }
> +
> ++/**
> ++ * soup_websocket_connection_get_max_total_message_size:
> ++ * @self: the WebSocket
> ++ *
> ++ * Gets the maximum total message size allowed for packets.
> ++ *
> ++ * Returns: the maximum total message size.
> ++ *
> ++ */
> ++guint64
> ++soup_websocket_connection_get_max_total_message_size (SoupWebsocketConnection *self)
> ++{
> ++ SoupWebsocketConnectionPrivate *pv;
> ++
> ++ g_return_val_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self), MAX_TOTAL_MESSAGE_SIZE_DEFAULT);
> ++ pv = self->pv;
> ++
> ++ return pv->max_total_message_size;
> ++}
> ++
> ++/**
> ++ * soup_websocket_connection_set_max_total_message_size:
> ++ * @self: the WebSocket
> ++ * @max_total_message_size: the maximum total message size
> ++ *
> ++ * Sets the maximum total message size allowed for packets.
> ++ *
> ++ * It does not limit the outgoing packet size.
> ++ *
> ++ */
> ++void
> ++soup_websocket_connection_set_max_total_message_size (SoupWebsocketConnection *self,
> ++ guint64 max_total_message_size)
> ++{
> ++ SoupWebsocketConnectionPrivate *pv;
> ++
> ++ g_return_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self));
> ++ pv = self->pv;
> ++
> ++ if (pv->max_total_message_size != max_total_message_size) {
> ++ pv->max_total_message_size = max_total_message_size;
> ++ g_object_notify (G_OBJECT (self), "max-total-message-size");
> ++ }
> ++}
> ++
> + /**
> + * soup_websocket_connection_get_keepalive_interval:
> + * @self: the WebSocket
> +diff --git a/libsoup/soup-websocket-connection.h b/libsoup/soup-websocket-connection.h
> +index f82d723..d2a60e9 100644
> +--- a/libsoup/soup-websocket-connection.h
> ++++ b/libsoup/soup-websocket-connection.h
> +@@ -136,6 +136,13 @@ SOUP_AVAILABLE_IN_2_58
> + void soup_websocket_connection_set_keepalive_interval (SoupWebsocketConnection *self,
> + guint interval);
> +
> ++SOUP_AVAILABLE_IN_2_72
> ++guint64 soup_websocket_connection_get_max_total_message_size (SoupWebsocketConnection *self);
> ++
> ++SOUP_AVAILABLE_IN_2_72
> ++void soup_websocket_connection_set_max_total_message_size (SoupWebsocketConnection *self,
> ++ guint64 max_total_message_size);
> ++
> + G_END_DECLS
> +
> + #endif /* __SOUP_WEBSOCKET_CONNECTION_H__ */
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-2.patch
> new file mode 100644
> index 0000000000..f9c894aaec
> --- /dev/null
> +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049-2.patch
> @@ -0,0 +1,131 @@
> +From 0bfc66f1082f5d47df99b6fc03f742ef7fa1051e Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 5 Feb 2026 17:19:51 +0800
> +Subject: [PATCH] Set message size limit in SoupServer rather than
> + SoupWebsocketConnection
> +
> +We're not sure about the compatibility implications of having a default
> +size limit for clients.
> +
> +Also not sure whether the server limit is actually set appropriately,
> +but there is probably very little server usage of
> +SoupWebsocketConnection in the wild, so it's not so likely to break
> +things.
> +
> +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/2df34d9544cabdbfdedd3b36f098cf69233b1df7]
> +CVE: CVE-2025-32049
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + libsoup/soup-server.c | 24 +++++++++++++++++++-----
> + libsoup/soup-websocket-connection.c | 23 ++++++++++++++++-------
> + 2 files changed, 35 insertions(+), 12 deletions(-)
> +
> +diff --git a/libsoup/soup-server.c b/libsoup/soup-server.c
> +index 63875f3..a3f8597 100644
> +--- a/libsoup/soup-server.c
> ++++ b/libsoup/soup-server.c
> +@@ -216,6 +216,16 @@ enum {
> +
> + G_DEFINE_TYPE_WITH_PRIVATE (SoupServer, soup_server, G_TYPE_OBJECT)
> +
> ++/* SoupWebsocketConnection by default limits only maximum packet size. But a
> ++ * message may consist of multiple packets, so SoupServer additionally restricts
> ++ * total message size to mitigate denial of service attacks on the server.
> ++ * SoupWebsocketConnection does not do this by default because I don't know
> ++ * whether that would or would not cause compatibility problems for websites.
> ++ *
> ++ * This size is in bytes and it is arbitrary.
> ++ */
> ++#define MAX_TOTAL_MESSAGE_SIZE_DEFAULT 128 * 1024
> ++
> + static SoupClientContext *soup_client_context_ref (SoupClientContext *client);
> + static void soup_client_context_unref (SoupClientContext *client);
> +
> +@@ -1445,11 +1455,15 @@ complete_websocket_upgrade (SoupMessage *msg, gpointer user_data)
> +
> + soup_client_context_ref (client);
> + stream = soup_client_context_steal_connection (client);
> +- conn = soup_websocket_connection_new_with_extensions (stream, uri,
> +- SOUP_WEBSOCKET_CONNECTION_SERVER,
> +- soup_message_headers_get_one (msg->request_headers, "Origin"),
> +- soup_message_headers_get_one (msg->response_headers, "Sec-WebSocket-Protocol"),
> +- handler->websocket_extensions);
> ++ conn = SOUP_WEBSOCKET_CONNECTION (g_object_new (SOUP_TYPE_WEBSOCKET_CONNECTION,
> ++ "io-stream", stream,
> ++ "uri", uri,
> ++ "connection-type", SOUP_WEBSOCKET_CONNECTION_SERVER,
> ++ "origin", soup_message_headers_get_one (msg->request_headers, "Origin"),
> ++ "protocol", soup_message_headers_get_one (msg->response_headers, "Sec-WebSocket-Protocol"),
> ++ "extensions", handler->websocket_extensions,
> ++ "max-total-message-size", (guint64)MAX_TOTAL_MESSAGE_SIZE_DEFAULT,
> ++ NULL));
> + handler->websocket_extensions = NULL;
> + g_object_unref (stream);
> + soup_client_context_unref (client);
> +diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
> +index 3dad477..e7fa9b7 100644
> +--- a/libsoup/soup-websocket-connection.c
> ++++ b/libsoup/soup-websocket-connection.c
> +@@ -154,7 +154,6 @@ struct _SoupWebsocketConnectionPrivate {
> + };
> +
> + #define MAX_INCOMING_PAYLOAD_SIZE_DEFAULT 128 * 1024
> +-#define MAX_TOTAL_MESSAGE_SIZE_DEFAULT 128 * 1024
> + #define READ_BUFFER_SIZE 1024
> + #define MASK_LENGTH 4
> +
> +@@ -1615,8 +1614,9 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass)
> + /**
> + * SoupWebsocketConnection:max-incoming-payload-size:
> + *
> +- * The maximum payload size for incoming packets the protocol expects
> +- * or 0 to not limit it.
> ++ * The maximum payload size for incoming packets, or 0 to not limit it.
> ++ * Each message may consist of multiple packets, so also refer to
> ++ * [property@WebSocketConnection:max-total-message-size].
> + *
> + * Since: 2.56
> + */
> +@@ -1668,9 +1668,18 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass)
> + /**
> + * SoupWebsocketConnection:max-total-message-size:
> + *
> +- * The total message size for incoming packets.
> ++ * The maximum size for incoming messages.
> ++ * Set to a value to limit the total message size, or 0 to not
> ++ * limit it.
> + *
> +- * The protocol expects or 0 to not limit it.
> ++ * [method@Server.add_websocket_handler] will set this to a nonzero
> ++ * default value to mitigate denial of service attacks. Clients must
> ++ * choose their own default if they need to mitigate denial of service
> ++ * attacks. You also need to set your own default if creating your own
> ++ * server SoupWebsocketConnection without using SoupServer.
> ++ *
> ++ * Each message may consist of multiple packets, so also refer to
> ++ *[property@WebSocketConnection:max-incoming-payload-size].
> + *
> + */
> + g_object_class_install_property (gobject_class, PROP_MAX_TOTAL_MESSAGE_SIZE,
> +@@ -1679,7 +1688,7 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass)
> + "Max total message size ",
> + 0,
> + G_MAXUINT64,
> +- MAX_TOTAL_MESSAGE_SIZE_DEFAULT,
> ++ 0,
> + G_PARAM_READWRITE |
> + G_PARAM_CONSTRUCT |
> + G_PARAM_STATIC_STRINGS));
> +@@ -2210,7 +2219,7 @@ soup_websocket_connection_get_max_total_message_size (SoupWebsocketConnection *s
> + {
> + SoupWebsocketConnectionPrivate *pv;
> +
> +- g_return_val_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self), MAX_TOTAL_MESSAGE_SIZE_DEFAULT);
> ++ g_return_val_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self), 0);
> + pv = self->pv;
> +
> + return pv->max_total_message_size;
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
> index 7e00cd678a..915d735da3 100644
> --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
> +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
> @@ -41,6 +41,9 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
> file://CVE-2025-4476.patch \
> file://CVE-2025-2784.patch \
> file://CVE-2025-4945.patch \
> + file://CVE-2025-14523.patch \
> + file://CVE-2025-32049-1.patch \
> + file://CVE-2025-32049-2.patch \
> "
> SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
>
--
Yoann Congal
Smile ECS
next prev parent reply other threads:[~2026-04-23 17:13 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-09 6:16 [scarthgap][PATCH 00/12] Fix multiple CVEs jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 01/12] gi-docgen: fix CVE-2025-11687 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 02/12] libsoup: fix CVE-2025-14523/CVE-2025-32049 jinfeng.wang.cn
2026-04-23 17:09 ` [OE-core] " Yoann Congal
2026-04-24 7:16 ` Li, Changqing
2026-04-09 6:16 ` [scarthgap][PATCH 03/12] libsoup-2.4: " jinfeng.wang.cn
2026-04-23 17:13 ` Yoann Congal [this message]
2026-04-24 7:37 ` [OE-core] " Li, Changqing
2026-04-09 6:16 ` [scarthgap][PATCH 04/12] python3-ply: fix CVE-2025-56005 jinfeng.wang.cn
2026-04-24 6:45 ` [OE-core] " Yoann Congal
2026-04-27 6:20 ` Chen, Libo (CN)
2026-04-09 6:16 ` [scarthgap][PATCH 05/12] python3-pyasn1: fix CVE-2026-23490 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 06/12] python3-wheel: fix CVE-2026-24049 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 07/12] gnupg: fix CVE-2026-24882 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 08/12] libxml2: Fix CVE-2026-1757 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 09/12] python3-pyasn1: fix CVE-2026-30922 jinfeng.wang.cn
2026-04-24 7:36 ` [OE-core] " Yoann Congal
2026-04-27 6:04 ` Song, Jiaying (CN)
2026-04-09 6:16 ` [scarthgap][PATCH 10/12] busybox: fix CVE-2026-26157 and CVE-2026-26158 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 11/12] zlib: upgrade 1.3.1 -> 1.3.2 jinfeng.wang.cn
2026-04-24 8:10 ` [OE-core] " Yoann Congal
2026-04-09 6:16 ` [scarthgap][PATCH 12/12] libpcap: 1.10.4 -> 1.10.6 jinfeng.wang.cn
2026-04-24 8:21 ` [OE-core] " Yoann Congal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DI0PBE3G6FDD.3A1SAHXZP0MYI@smile.fr \
--to=yoann.congal@smile.fr \
--cc=Jinfeng.Wang.CN@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox