From patchwork Thu Apr 2 05:21:18 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85104 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79165CC6B00 for ; Thu, 2 Apr 2026 05:22:14 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.9311.1775107332072060436 for ; Wed, 01 Apr 2026 22:22:12 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=nBQM+Eek; spf=pass (domain: smile.fr, ip: 209.85.128.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-48702d51cd0so5232225e9.2 for ; Wed, 01 Apr 2026 22:22:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775107330; x=1775712130; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BjStwzxqsEhZAlE4Anlyd4kFDZwobQ8X4iwP7o17ITE=; b=nBQM+Eek6pRBGRGwlKGppwhCImiiqQu3vA8BnVZ9j2l2Pnk1yOcejBJRwyd7AwgqRx MG4twNrBx1X4yT0168f9egJFjWU8Vj7ZC8UKTmRsVIMtKB+OQ+ybj/JgKOQ/QJy5s9Y9 Qi4hSUn0czYmW3a8zeqFO4KAFZiE2uDBTtQLg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775107330; x=1775712130; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=BjStwzxqsEhZAlE4Anlyd4kFDZwobQ8X4iwP7o17ITE=; b=ToJvCYFeFFPT9m2e5MXocalfNEPP596GQnlS/em7ZyqGD0nAsTXxq45TT6j+CPp7IJ t9a2+f9fuC8eseFQyK/EvzruKXgcvPv3JOHO8JrCQw5lWEieuuU+Sr9bklXIPApfc73/ hhuz0Bta9FZq4yvL2qt1XT6Fp+g1ZJ66/eweC7wSeoOlYMf94VkCoZ0GWlu2NhSddg6b yyYwzrJPsrzONsNUcAQR0tXaYBtBGHr+30/4LyAUe6w+zbdRfQaPvNvqKSsJ5AXUZGrb DoDbVjScUbiZE8aW2dpul3ldzn9P3+Lzzt3JxyOszNZ0Yxh4PHqgP6orY7QAUAsOkcQ9 CVqw== X-Gm-Message-State: AOJu0Yz90x4NP9oDcMVR6bRxBF0t2CpmoWMo2ynTdWt7/gJYvPJuD7jn j0MxjXASG/ZlNUWovu10z9l69JQJvwV6Prc4PAYGJlWuYQpYWmRBZOVD35auGAXf1cHfQ7GCfnL pMYV1I+I= X-Gm-Gg: ATEYQzw60kmKO7BZtqAuZHZtLXaPqtKDIah2xUlOSF6kYn0ph8vrbMMuQYJ1OM5Xtuy 3Jf9ebjCoAkeO4uQyAxR6ue3HVAhPBGluVOUgx047+Nxj0IdFQADTS7IlxQBuvslqbTsSvgCfKx LD5bQh4D3gD4tHnwvCZBo4xlbmGsp2rv4RosAaCfIaFYrmMyfuch9FrGdDaB6RFWtdL+0yP8Bvg r7XXj4QkmmM6NSwmm9j9bv94KFx5HcHBIPjqyPajf/9zhgqhgMUDPiROfbzhvXSWf2XfxwXmWyx RwmbYR5qYU/W23j25J573Sx78Zxf2k6fCp4i208Ma7cAh0fTIUSwRkYlUuMKUFaW+4SYRmG3ini cqtxTbYlU+sQCuugM1A/7HCqGyg/dJBZtUxWh1jO7/KEV+OcXfxk6RKLr3BpPTwBapii0KWY6cx wlwwDsf+TfbPH6BSJKPfbPPJNcHjkjBlFLeyTXul0TTnyyx4/LZwxi+wSHrB+8W/5lbYIl7EAlZ a7AuBUl44ZlIFaWi3Bi9FE89Mkz1bHp8TuiPw== X-Received: by 2002:a05:600c:3e0b:b0:488:7e6a:e70 with SMTP id 5b1f17b1804b1-48883562d72mr110419375e9.9.1775107330125; Wed, 01 Apr 2026 22:22:10 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887e829c43sm151111865e9.5.2026.04.01.22.22.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 22:22:09 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 01/15] python3-pyopenssl: Fix CVE-2026-27448 Date: Thu, 2 Apr 2026 07:21:18 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 05:22:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234473 From: Vijay Anusuri Pick patch mentioned in NVD [1] https://nvd.nist.gov/vuln/detail/CVE-2026-27448 [2] https://ubuntu.com/security/CVE-2026-27448 Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../python3-pyopenssl/CVE-2026-27448.patch | 125 ++++++++++++++++++ .../python/python3-pyopenssl_25.1.0.bb | 4 + 2 files changed, 129 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch diff --git a/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch new file mode 100644 index 00000000000..59452c168e8 --- /dev/null +++ b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch @@ -0,0 +1,125 @@ +From d41a814759a9fb49584ca8ab3f7295de49a85aa0 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor +Date: Mon, 16 Feb 2026 21:04:37 -0500 +Subject: [PATCH] Handle exceptions in set_tlsext_servername_callback callbacks + (#1478) + +When the servername callback raises an exception, call sys.excepthook +with the exception info and return SSL_TLSEXT_ERR_ALERT_FATAL to abort +the handshake. Previously, exceptions would propagate uncaught through +the CFFI callback boundary. + +https://claude.ai/code/session_01P7y1XmWkdtC5UcmZwGDvGi + +Co-authored-by: Claude + +Upstream-Status: Backport [https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0] +CVE: CVE-2026-27448 +Signed-off-by: Vijay Anusuri +--- + CHANGELOG.rst | 1 + + src/OpenSSL/SSL.py | 7 ++++++- + tests/test_ssl.py | 50 ++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 57 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG.rst b/CHANGELOG.rst +index d98901f..5d953c9 100644 +--- a/CHANGELOG.rst ++++ b/CHANGELOG.rst +@@ -37,6 +37,7 @@ Changes: + + - Corrected type annotations on ``Context.set_alpn_select_callback``, ``Context.set_session_cache_mode``, ``Context.set_options``, ``Context.set_mode``, ``X509.subject_name_hash``, and ``X509Store.load_locations``. + - Deprecated APIs are now marked using ``warnings.deprecated``. ``mypy`` will emit deprecation notices for them when used with ``--enable-error-code deprecated``. ++- ``Context.set_tlsext_servername_callback`` now handles exceptions raised in the callback by calling ``sys.excepthook`` and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. + + 24.3.0 (2024-11-27) + ------------------- +diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py +index ca8913c..178961f 100644 +--- a/src/OpenSSL/SSL.py ++++ b/src/OpenSSL/SSL.py +@@ -2,6 +2,7 @@ from __future__ import annotations + + import os + import socket ++import sys + import typing + import warnings + from collections.abc import Sequence +@@ -1729,7 +1730,11 @@ class Context: + + @wraps(callback) + def wrapper(ssl, alert, arg): # type: ignore[no-untyped-def] +- callback(Connection._reverse_mapping[ssl]) ++ try: ++ callback(Connection._reverse_mapping[ssl]) ++ except Exception: ++ sys.excepthook(*sys.exc_info()) ++ return _lib.SSL_TLSEXT_ERR_ALERT_FATAL + return 0 + + self._tlsext_servername_callback = _ffi.callback( +diff --git a/tests/test_ssl.py b/tests/test_ssl.py +index bcad6d9..9a5b19b 100644 +--- a/tests/test_ssl.py ++++ b/tests/test_ssl.py +@@ -1929,6 +1929,56 @@ class TestServerNameCallback: + + assert args == [(server, b"foo1.example.com")] + ++ def test_servername_callback_exception( ++ self, monkeypatch: pytest.MonkeyPatch ++ ) -> None: ++ """ ++ When the callback passed to `Context.set_tlsext_servername_callback` ++ raises an exception, ``sys.excepthook`` is called with the exception ++ and the handshake fails with an ``Error``. ++ """ ++ exc = TypeError("server name callback failed") ++ ++ def servername(conn: Connection) -> None: ++ raise exc ++ ++ excepthook_calls: list[ ++ tuple[type[BaseException], BaseException, object] ++ ] = [] ++ ++ def custom_excepthook( ++ exc_type: type[BaseException], ++ exc_value: BaseException, ++ exc_tb: object, ++ ) -> None: ++ excepthook_calls.append((exc_type, exc_value, exc_tb)) ++ ++ context = Context(SSLv23_METHOD) ++ context.set_tlsext_servername_callback(servername) ++ ++ # Necessary to actually accept the connection ++ context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem)) ++ context.use_certificate( ++ load_certificate(FILETYPE_PEM, server_cert_pem) ++ ) ++ ++ # Do a little connection to trigger the logic ++ server = Connection(context, None) ++ server.set_accept_state() ++ ++ client = Connection(Context(SSLv23_METHOD), None) ++ client.set_connect_state() ++ client.set_tlsext_host_name(b"foo1.example.com") ++ ++ monkeypatch.setattr(sys, "excepthook", custom_excepthook) ++ with pytest.raises(Error): ++ interact_in_memory(server, client) ++ ++ assert len(excepthook_calls) == 1 ++ assert excepthook_calls[0][0] is TypeError ++ assert excepthook_calls[0][1] is exc ++ assert excepthook_calls[0][2] is not None ++ + + class TestApplicationLayerProtoNegotiation: + """ +-- +2.43.0 + diff --git a/meta/recipes-devtools/python/python3-pyopenssl_25.1.0.bb b/meta/recipes-devtools/python/python3-pyopenssl_25.1.0.bb index c1f571c552e..25263629a4c 100644 --- a/meta/recipes-devtools/python/python3-pyopenssl_25.1.0.bb +++ b/meta/recipes-devtools/python/python3-pyopenssl_25.1.0.bb @@ -9,6 +9,10 @@ SRC_URI[sha256sum] = "8d031884482e0c67ee92bf9a4d8cceb08d92aba7136432ffb0703c5280 inherit pypi setuptools3 +SRC_URI += " \ + file://CVE-2026-27448.patch \ +" + PACKAGES =+ "${PN}-tests" FILES:${PN}-tests = "${libdir}/${PYTHON_DIR}/site-packages/OpenSSL/test" From patchwork Thu Apr 2 05:21:19 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85107 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83BE5CC6B03 for ; Thu, 2 Apr 2026 05:22:14 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.9312.1775107332634062344 for ; Wed, 01 Apr 2026 22:22:12 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=fUbK+kiy; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-486fb439299so3552475e9.0 for ; Wed, 01 Apr 2026 22:22:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775107331; x=1775712131; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=8s6+gP7b5q/FKVNjS85i6cEeSGyRAjLPkClSnk7e8FE=; b=fUbK+kiyyTiPAKS93/6EAo9VjCiP6XLlKw/5HD7pfHl/IJvqv6QVfw8KYC8JXoZuoG e39bLatRzWKFCiwFbyb2/j3bntK+ohdPAPZgOizuvGgHDal+c419UEKKfxESrYcew7SZ aatDU2lcjlzCJjwIKif1viUPAgZU0OXF2XXw0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775107331; x=1775712131; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=8s6+gP7b5q/FKVNjS85i6cEeSGyRAjLPkClSnk7e8FE=; b=Zuji+qbJHx1v8DYXPB/H9AJmVKOzbYG+PIxewecOdsNB3kRYqoZUl+1RtAawr1ELCT tMZxNrTGzJFOcOzHfINW+re5WFxkzI2ZaKNDVPBvdaac/jQiy1lINqb6vUvLn/J2qLmc gKFzLik1TMjoSG3HHknxxfcpf2Qam4/3UFldcsRWLfk2cHzzkSkxKt1aXobhQVxNHOkH gfM73Ixwy2kJYGH0m7oxATYy+jRMnv//29JaBZcTzsn92QA8wYv7Wj1U8uLL5MSmT1VH cBbEJ+zJhlKtxF0cB3uC/h8yKAJ7zxqbO5aCAj3IYF4k4MJe7Rau042TAdjQSdaFyt0d fHlA== X-Gm-Message-State: AOJu0YwDiu3nKbHbKhf96YIV00Twh81nxwjU7SRjmAkbfKSSek/h5Jmh EQJ29AHbPXuECbRnY96ztVxMKVy2NDw0tA1isFqBCNGbFtQ5/T4zI8kCmfXMNg5u5tvDEOSOzh9 JFoOF3No= X-Gm-Gg: ATEYQzzY/gpE9JBAWP+uiAGxltPsK9j4o+Z6l2BA+GwLDLdVuVS/1sjYEsav19rO98i U7WK2Tbeo+PmZTgEEuW52aWREjLnvIT3Fs09hqkWSq4L/XN8RgmbVyg6+Ix7pnZAnxq/WYyI0YQ QUvqv8Kc2Gt08HEmBxarFyiqrNoV21qALZE2i6Ik9mKAUjmJsi3FK+tVp1gROSH3UwBcDo3CBRG 4SW/fwiX1wxveeLDgZ/2sYwECQ8mv65loOKnKS9U+FBQ4R/6jVFmSMTDvxKwnBVU+BTzOWHVPqz qOTIyWoLuOww3/n5UNro3gbODB52k++x31S6tN5H59GbFzCSKcKFraaIq5VJx03Rt8yUCCbzpcH NEUEJXn1f8FlrpojSHnz7OxbxOiU2attCiQz2kAKZBrXCIF0hCCv6BkSHzg2lATnY1+0cQe/tk9 It23+V9F1FWSqg0+0kZxV1f/P2ycLeDAAMivFeKGNbP2OyRjqQIQWlMfG6u3NcjFTRaOopYrJs9 0Bck/QcSWj3k6KlJg2FMxwk7A8= X-Received: by 2002:a05:600c:34c1:b0:486:fbe1:2499 with SMTP id 5b1f17b1804b1-4888359dc6bmr93902435e9.22.1775107330645; Wed, 01 Apr 2026 22:22:10 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887e829c43sm151111865e9.5.2026.04.01.22.22.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 22:22:10 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 02/15] python3-pyopenssl: Fix CVE-2026-27459 Date: Thu, 2 Apr 2026 07:21:19 +0200 Message-ID: <699805e7ddaab18f1eb45b46425734159a353fef.1775106968.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 05:22:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234474 From: Vijay Anusuri Pick patch mentioned in NVD [1] https://nvd.nist.gov/vuln/detail/CVE-2026-27459 [2] https://ubuntu.com/security/CVE-2026-27459 Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../python3-pyopenssl/CVE-2026-27459.patch | 109 ++++++++++++++++++ .../python/python3-pyopenssl_25.1.0.bb | 1 + 2 files changed, 110 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch diff --git a/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch new file mode 100644 index 00000000000..b35525c3762 --- /dev/null +++ b/meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch @@ -0,0 +1,109 @@ +From 57f09bb4bb051d3bc2a1abd36e9525313d5cd408 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor +Date: Wed, 18 Feb 2026 07:46:15 -0500 +Subject: [PATCH] Fix buffer overflow in DTLS cookie generation callback + (#1479) + +The cookie generate callback copied user-returned bytes into a +fixed-size native buffer without enforcing a maximum length. A +callback returning more than DTLS1_COOKIE_LENGTH bytes would overflow +the OpenSSL-provided buffer, corrupting adjacent memory. + +Co-authored-by: Claude Opus 4.6 + +Upstream-Status: Backport [https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408] +CVE: CVE-2026-27459 +Signed-off-by: Vijay Anusuri +--- + CHANGELOG.rst | 1 + + src/OpenSSL/SSL.py | 7 +++++++ + tests/test_ssl.py | 38 ++++++++++++++++++++++++++++++++++++++ + 3 files changed, 46 insertions(+) + +diff --git a/CHANGELOG.rst b/CHANGELOG.rst +index 5d953c9..de8b14a 100644 +--- a/CHANGELOG.rst ++++ b/CHANGELOG.rst +@@ -35,6 +35,7 @@ Deprecations: + Changes: + ^^^^^^^^ + ++- Properly raise an error if a DTLS cookie callback returned a cookie longer than ``DTLS1_COOKIE_LENGTH`` bytes. Previously this would result in a buffer-overflow. + - Corrected type annotations on ``Context.set_alpn_select_callback``, ``Context.set_session_cache_mode``, ``Context.set_options``, ``Context.set_mode``, ``X509.subject_name_hash``, and ``X509Store.load_locations``. + - Deprecated APIs are now marked using ``warnings.deprecated``. ``mypy`` will emit deprecation notices for them when used with ``--enable-error-code deprecated``. + - ``Context.set_tlsext_servername_callback`` now handles exceptions raised in the callback by calling ``sys.excepthook`` and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. +diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py +index 178961f..6c7d6a2 100644 +--- a/src/OpenSSL/SSL.py ++++ b/src/OpenSSL/SSL.py +@@ -716,11 +716,18 @@ class _CookieGenerateCallbackHelper(_CallbackExceptionHelper): + def __init__(self, callback: _CookieGenerateCallback) -> None: + _CallbackExceptionHelper.__init__(self) + ++ max_cookie_len = getattr(_lib, "DTLS1_COOKIE_LENGTH", 255) ++ + @wraps(callback) + def wrapper(ssl, out, outlen): # type: ignore[no-untyped-def] + try: + conn = Connection._reverse_mapping[ssl] + cookie = callback(conn) ++ if len(cookie) > max_cookie_len: ++ raise ValueError( ++ f"Cookie too long (got {len(cookie)} bytes, " ++ f"max {max_cookie_len})" ++ ) + out[0 : len(cookie)] = cookie + outlen[0] = len(cookie) + return 1 +diff --git a/tests/test_ssl.py b/tests/test_ssl.py +index 9a5b19b..7dd3af8 100644 +--- a/tests/test_ssl.py ++++ b/tests/test_ssl.py +@@ -4720,6 +4720,44 @@ class TestDTLS: + def test_it_works_with_srtp(self) -> None: + self._test_handshake_and_data(srtp_profile=b"SRTP_AES128_CM_SHA1_80") + ++ def test_cookie_generate_too_long(self) -> None: ++ s_ctx = Context(DTLS_METHOD) ++ ++ def generate_cookie(ssl: Connection) -> bytes: ++ return b"\x00" * 256 ++ ++ def verify_cookie(ssl: Connection, cookie: bytes) -> bool: ++ return True ++ ++ s_ctx.set_cookie_generate_callback(generate_cookie) ++ s_ctx.set_cookie_verify_callback(verify_cookie) ++ s_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem)) ++ s_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem)) ++ s_ctx.set_options(OP_NO_QUERY_MTU) ++ s = Connection(s_ctx) ++ s.set_accept_state() ++ ++ c_ctx = Context(DTLS_METHOD) ++ c_ctx.set_options(OP_NO_QUERY_MTU) ++ c = Connection(c_ctx) ++ c.set_connect_state() ++ ++ c.set_ciphertext_mtu(1500) ++ s.set_ciphertext_mtu(1500) ++ ++ # Client sends ClientHello ++ try: ++ c.do_handshake() ++ except SSL.WantReadError: ++ pass ++ chunk = c.bio_read(self.LARGE_BUFFER) ++ s.bio_write(chunk) ++ ++ # Server tries DTLSv1_listen, which triggers cookie generation. ++ # The oversized cookie should raise ValueError. ++ with pytest.raises(ValueError, match="Cookie too long"): ++ s.DTLSv1_listen() ++ + def test_timeout(self, monkeypatch: pytest.MonkeyPatch) -> None: + c_ctx = Context(DTLS_METHOD) + c = Connection(c_ctx) +-- +2.43.0 + diff --git a/meta/recipes-devtools/python/python3-pyopenssl_25.1.0.bb b/meta/recipes-devtools/python/python3-pyopenssl_25.1.0.bb index 25263629a4c..08c821c415a 100644 --- a/meta/recipes-devtools/python/python3-pyopenssl_25.1.0.bb +++ b/meta/recipes-devtools/python/python3-pyopenssl_25.1.0.bb @@ -11,6 +11,7 @@ inherit pypi setuptools3 SRC_URI += " \ file://CVE-2026-27448.patch \ + file://CVE-2026-27459.patch \ " PACKAGES =+ "${PN}-tests" From patchwork Thu Apr 2 05:21:20 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85105 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95698CC6B05 for ; Thu, 2 Apr 2026 05:22:14 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.9228.1775107333230897178 for ; Wed, 01 Apr 2026 22:22:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=0hRZ2vfW; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-483487335c2so3565095e9.2 for ; Wed, 01 Apr 2026 22:22:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775107331; x=1775712131; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=xt1R++WZ028ka1Bgjte2oMZposZFQvB416HLI0CFI2A=; b=0hRZ2vfWTdz4Kdg7sYoaLXamkrVSF/MdJIUeZRcXNPxMB9CGYqVmnQT3Fga4nqE+Ts zSjY0HBudrsYfZFeQeBmXsfHVcs9kO84JscpMS99FutId01OF3I/6mIKhTBUVE/UMELd HbHwLzCQb3d6ygNJscL01lB5vvItRX60qltu4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775107331; x=1775712131; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=xt1R++WZ028ka1Bgjte2oMZposZFQvB416HLI0CFI2A=; b=iuavleJOaRRt0uznM6u0fDmdIKCc9yj5NyvNdNlDaNyhcu7fAUwTZ10OEf0avHJOW1 K3FVcM5OxHAT5upFqiHUsVFLEKvnZrIiudwmCml47A6iaHq+gHTVq96T0htV+ni2bITp wXwytyX46v0Ef6xQwuerfsdizJjRJrTYbXCpFZnAqik8CX/0Bo+FOrlZDXdBiN/r9YeM K6HBaoCSsnGMXKhgBFEgDnLULjEI4v/mPFuzUHOGiKUjc/eESH2KGmMmOyg8lXUIrJUu RjJMnpCNYqWMzth67wPYql4D7OhYvbG0PejxVa2MfMrcHQZXHqhQD2SBEJfH+BaTntxl ibhw== X-Gm-Message-State: AOJu0YwxeLM9SAV3jKRthXj/x4+PwBUwyfsX7OSogB0OBjEgtLKFh1Cq 8SWSuw7h8PbtnXeQYcghCnt3M5GFM5zU0mTReZ/P7KLOxdKfCs123HTWVQSfG3VT2EsjeKozOGi wb8MrNrM= X-Gm-Gg: ATEYQzwL6qZj15NtztSYakdRt1C3My2oEBle90AlEE0te6R0WOhX0r939e80Ctbkh0d g+TOcjDRx/URP8Vq0PvHHWvWn29m8tQOD0+A84/vcFIKUOrKFFaWd0xGkklhY5RnZbOPd9KKD+E WG7hhWJw7V4cMN8jUF58uxN+4cjUPLZWUP0MH611qW+mFyUHvbsfiGF1jGRCakYlnCJ4MXe1lNI JbDmRa76nAbS5U6/yhCiHGfiGE1aaNHK8L0jIESCRJfbX84O4IkJjGNTa6jpdnOfV80q751uZDw HpfZAG0E2y52R5sU9FME6/KP3FGm9ZhRATygg9KDg7XGg6W78Bkhf7ed+JY6xwHFH2UOpbeWmfS dpEeNIEjOpsKdeBRhnCcfHHzIHKLboQLkrN9mwvAh2QUOv2BFXkQjItdSekC8b2PDw7Ludru+ps ze7RfxVZAZ1MPFqbC8vAOLVHl53qzdV1V+zuHqhOHMYgLVCf1TMKd6hYrle2SQbXBuYRYu4S41q OgSKbFN3+Ynu/HOteS50s1LovCIt0EJJpyA0g== X-Received: by 2002:a05:600c:3e14:b0:485:2fe9:336f with SMTP id 5b1f17b1804b1-488835b79d1mr111623575e9.30.1775107331206; Wed, 01 Apr 2026 22:22:11 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887e829c43sm151111865e9.5.2026.04.01.22.22.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 22:22:10 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 03/15] ccache: upgrade 4.12.2 -> 4.12.3 Date: Thu, 2 Apr 2026 07:21:20 +0200 Message-ID: <0b1c97e64d90ed295f1167d7194750c1475cceb6.1775106968.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 05:22:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234475 From: Wang Mingyu License-Update: Copyright year updated to 2026 Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 76a5917034080a87c02f79bb925edf0746bf8baf) Bug fix release: https://ccache.dev/releasenotes.html#_ccache_4_12_3 Signed-off-by: Ankur Tyagi Signed-off-by: Yoann Congal --- .../ccache/{ccache_4.12.2.bb => ccache_4.12.3.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-devtools/ccache/{ccache_4.12.2.bb => ccache_4.12.3.bb} (88%) diff --git a/meta/recipes-devtools/ccache/ccache_4.12.2.bb b/meta/recipes-devtools/ccache/ccache_4.12.3.bb similarity index 88% rename from meta/recipes-devtools/ccache/ccache_4.12.2.bb rename to meta/recipes-devtools/ccache/ccache_4.12.3.bb index 28f36e5ed78..0cd9a43a1bc 100644 --- a/meta/recipes-devtools/ccache/ccache_4.12.2.bb +++ b/meta/recipes-devtools/ccache/ccache_4.12.3.bb @@ -7,7 +7,7 @@ HOMEPAGE = "http://ccache.samba.org" SECTION = "devel" LICENSE = "GPL-3.0-or-later & MIT & BSL-1.0 & ISC" -LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=5633f18ca110f0d4cb907eba07c920ef \ +LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=22ef4326c8a14ac937fc2b76ef0fd233 \ file://src/third_party/cpp-httplib/httplib.h;endline=6;md5=663aca6f84e7d67ade228aad32afc0ea \ file://src/third_party/nonstd-span/nonstd/span.hpp;endline=9;md5=b4af92a7f068b38c5b3410dceb30c186 \ file://src/third_party/win32-compat/win32/mktemp.c;endline=17;md5=d287e9c1f1cd2bb2bd164490e1cf449a \ @@ -17,7 +17,7 @@ DEPENDS = "zstd fmt xxhash" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz" -SRC_URI[sha256sum] = "2a087efb66b62d4c66d4eb276748bbfa797ff3bde20adf44c53e5a8b9f3679af" +SRC_URI[sha256sum] = "d683d5964a395f00c1c812ea1d1d523179f1097cbff7e7e54e714fa3f99711b1" inherit cmake github-releases From patchwork Thu Apr 2 05:21:21 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85106 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC262CC6B04 for ; Thu, 2 Apr 2026 05:22:14 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.9313.1775107333871543286 for ; Wed, 01 Apr 2026 22:22:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=iz7tptja; spf=pass (domain: smile.fr, ip: 209.85.128.54, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-48704db565eso4421275e9.1 for ; Wed, 01 Apr 2026 22:22:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775107332; x=1775712132; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=KIu9/ohlSM3e3rUK5FRTbptBEDpYQafGfAQSZmAjDuY=; b=iz7tptjaKWqLw1vRSu0ESobr1w4o5cUM3vzWt7mVm4l9U789wJVuqBfuL9N4p/qSg8 fnB0s5uYXeheysBot05+FHtEGqw5zY8ob0KrVfczLqoVAcnHkQhTrTIMZ1FqhbCt9pva hBqLru68JKvjuQkwtqud90lx8q75G07ZA8xtc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775107332; x=1775712132; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=KIu9/ohlSM3e3rUK5FRTbptBEDpYQafGfAQSZmAjDuY=; b=Tr0x20EPXC6blakN2KzfEeRTkgG3hciKuioj3kGKqj/r8pxwCIZJWAxNDUttEJZKCc PnsM+pvVUEopZyQtZlnjRR69+tNkR+G8vsClEU9dmPXZRfCElcFJDSKO+FaS3gGkN225 MSHi9MGBStuW4EohF/0jxfE2dwCK5sN99GodO5T9ckzJ2rpZU6UBSGh1lLBEc3+3BYD0 zwJNRZNKpB984aN5UEQJK0m69j8sEZG/vhs/CQvElStMRgF3stQNUt8o3JzX/FyPP8Oc tMlxpxzWEZAeQnCTpa4VP0Yus0fXxHH46iUXFQItUfgAs25TFBITUAltOnuaMjSPJhKl BoIg== X-Gm-Message-State: AOJu0YxphXaSiZMibqmeF5bVBh60cPAY+z9hvyF3NYv3FFhfoy8H4Xf0 7mKuPfZV/oCKkpvF5uaux7ESO5TWbrAYeywWKwcK5JdI/p78Wn/bRlujpqr2u61oGsdpvcfhU2X QRMU8XjQ= X-Gm-Gg: ATEYQzy7YU2YWV6rzZUuv4LWjVOdvCr03dQkP6nD/eqITdr63QfJ0Exrzo3d2uqYGHu +a83k95oLYis5Zt9wKPw9iSHFuIK4bp/k0PdYxnbrWoXiXXN8i6DjRNQQUBIggaGtszWFeDp4fs 81IRQsUtcBU4h6nnBeczcHVxvQt6BIUK09CIznkjnMZ0gPauyqrPTlqclAstc40xTebAJ9KDcX/ YBuhhS38oS71FRYTR+t5d05fX+Alu1MbMR+i2u6j5k0rxyk867vrjw4ReeW2cxSunSv9c6Xd2Ga LcC6riLktT8CMoxmj6UuLSQdB8LEnRupC01OE8obnd6SzfYNpEAyrWymLNem5HCeC5ZCGA0YbV/ CyCHuqCgocMkpbxo+rgR25sYKwoyfLvftkUMfpIPgjYvyeUge2TamS1YpGSugW2HePH8vss8ayH CmYZSBTR5ZgqmV48UwOXxW+zG59mGbrwar+1cT7kVKS2A1fiMZK1VzqoxcMT9jKI7XgC7fNNh6T 7XelRwP8mKqwhVoXBfY9Rpuw3g= X-Received: by 2002:a05:600c:638e:b0:483:2c98:4368 with SMTP id 5b1f17b1804b1-4888b76980bmr30764905e9.18.1775107331858; Wed, 01 Apr 2026 22:22:11 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887e829c43sm151111865e9.5.2026.04.01.22.22.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 22:22:11 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 04/15] libsoup: upgrade 3.6.5 -> 3.6.6 Date: Thu, 2 Apr 2026 07:21:21 +0200 Message-ID: <4a18760105b812db9c41da349bedbf72a9134457.1775106968.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 05:22:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234476 From: Wang Mingyu Changelog: ============ * websocket: Fix out-of-bounds read in process_frame * Check nulls returned by soup_date_time_new_from_http_string() * Numerous fixes to handling of Range headers * server: close the connection after responsing a request containing Content-Length and Transfer-Encoding * Use CRLF as line boundary when parsing chunked enconding data * websocket: do not accept messages frames after closing due to an error * Sanitize filename of content disposition header values * Always validate the headers value when coming from untrusted source * uri-utils: do host validation when checking if a GUri is valid * multipart: check length of bytes read soup_filter_input_stream_read_until() * message-headers: Reject duplicate Host headers * server: null-check soup_date_time_to_string() * auth-digest: fix crash in soup_auth_digest_get_protection_space() * session: fix 'heap-use-after-free' caused by 'finishing' queue item twice * cookies: Avoid expires attribute if date is invalid * http1: Set EOF flag once content-length bytes have been read * date-utils: Add value checks for date/time parsing * multipart: Fix multiple boundry limits * Fixed multiple possible memory leaks * message-headers: Correct merge of ranges * body-input-stream: Correct chunked trailers end detection * server-http2: Correctly validate URIs * multipart: Fix read out of buffer bounds under soup_multipart_new_from_message() * headers: Ensure Request-Line comprises entire first line * tests: Fix MSVC build error * Fix possible deadlock on init from gmodule usage * Add Cornish translation * Update Turkish translation * Update Uighur translation * Update Romanian translation * Add Uzbek (Latin) translation * Add Kazakh translation Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit b6fb8f26a26a28a13f64c4c31003b2d0bf1061a2) Signed-off-by: Ankur Tyagi Signed-off-by: Yoann Congal --- .../libsoup/{libsoup_3.6.5.bb => libsoup_3.6.6.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-support/libsoup/{libsoup_3.6.5.bb => libsoup_3.6.6.bb} (95%) diff --git a/meta/recipes-support/libsoup/libsoup_3.6.5.bb b/meta/recipes-support/libsoup/libsoup_3.6.6.bb similarity index 95% rename from meta/recipes-support/libsoup/libsoup_3.6.5.bb rename to meta/recipes-support/libsoup/libsoup_3.6.6.bb index 549bbb79810..f9dd5311a46 100644 --- a/meta/recipes-support/libsoup/libsoup_3.6.5.bb +++ b/meta/recipes-support/libsoup/libsoup_3.6.6.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2" DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl nghttp2" -SRC_URI[archive.sha256sum] = "6891765aac3e949017945c3eaebd8cc8216df772456dc9f460976fbdb7ada234" +SRC_URI[archive.sha256sum] = "51ed0ae06f9d5a40f401ff459e2e5f652f9a510b7730e1359ee66d14d4872740" PROVIDES = "libsoup-3.0" From patchwork Thu Apr 2 05:21:22 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85114 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA34ECC6B04 for ; Thu, 2 Apr 2026 05:22:24 +0000 (UTC) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.9229.1775107334854911042 for ; Wed, 01 Apr 2026 22:22:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Mq3FDSnv; spf=pass (domain: smile.fr, ip: 209.85.128.51, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-4888375f735so3287075e9.3 for ; Wed, 01 Apr 2026 22:22:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775107333; x=1775712133; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=5PfRxQc4b3jQLO2eozLxW3gbPiVydRhsLp2mn20cnsM=; b=Mq3FDSnvvPh61B5Jw2eFiYLPN5YEo0q6QSaxYymsJSBI9ykJM1MV2qy2fEzZqM2F4S 2bECJv7vDwMdxTA7WBv2xkn/vIDO5A+r57VB0AMomXyyaWanHlX1znM/TamKaY0XF3Cl hRljicPIdW9R+A16n34v7n8SJSiZRgm3raa8Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775107333; x=1775712133; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=5PfRxQc4b3jQLO2eozLxW3gbPiVydRhsLp2mn20cnsM=; b=TkaTMG8GWjSKKMC8EVAa23bAJQe0GSdUigOuS7XnMYe2kL92RdY4WUKzVsrlNysi1k 0xv4eoR9ezlRk9YijlO0/8h9wa+hdVaQzCDyuMxTkT4ItXglwv5gvq6yEyLW7zMXLC4N DAwKgeWDdby9m2KR/KJBonw82qahbfrMiWiUYnjqZQrvTUS8By1bqXtRlpzqn+dPV9I+ a6wSAdUipJOK4KLpf5Ju/jQdhxsQpgX6q3AGATIhbs+flP5/9iGR0mfXW2B5HsngjYbu noam96uLsGvilgqRV97QAISZNkhujTWAJEPcc0/ZVggHvFN50l1P8ZSt1uWyKKzYQocw 1o8Q== X-Gm-Message-State: AOJu0Yz02YMiF/xxgNIm1vEE3Pod6Z3ooQnGJxWrpvHrXnMcarvtmk/d 4U1UY1K7WErsGsmVE6CLzl5N+m0jbGazUwwhp8lOUGtu35Vk0G2rYLeZ7i8gSf0x2Z9CP8EhjrX /U3kXUhk= X-Gm-Gg: ATEYQzwhXXpNn0zb2lwZcc5vgOEKitZD89yPhmdvt9jbgsnKvPOnG8i4zWb5qPxEiNE w6PXKbmNlSysKlkNju3l+GY36/6DkvGKosCNAn8Frqzmc8ysBH2b0nRZC6iSnrElSZmBylcKQIz 6P7+kIkXOB/FNT4UKnxTfpEiCNE7rxyQnxNrIb8SiPKGyoGw14nJtYfVs8iE/f8FsgqOsmBvu2+ Izt+8ihiIuYHGmXzp2VxhcU4rnUVZMZdhcEkmyqVg6ztDCYHLegXo+3lur3QUHLB5a8SwzdQyeY e8Cx9d72L/IkM9AVT24zIElnqaTDfQgblY5CtBoKdWf0w15H4V/XItpUgOdnTjB70LZHK50vZTN O7k51ku3Ph8yMyAhvHexAkML3E67+8LPNLYyFOxdofVlBjasmFTAcskwpiS0vq3qxTutAxF0yjw oyqd6S22tDmHhU3k7et4vTNH7HbfzTb/dSjvz3rygbd1OBkTBndhMmCuoL2uCaPuglzlG5bWuUJ mvCiaB65eXNKp9CQdfNiUCDeRM= X-Received: by 2002:a05:600c:1d16:b0:486:fb0b:ad79 with SMTP id 5b1f17b1804b1-4888359dc45mr102577475e9.20.1775107332500; Wed, 01 Apr 2026 22:22:12 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887e829c43sm151111865e9.5.2026.04.01.22.22.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 22:22:12 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 05/15] libsoup: fix CVE-2025-32049/CVE-2026-1539 Date: Thu, 2 Apr 2026 07:21:22 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 05:22:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234478 From: Changqing Li Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/390 https://gitlab.gnome.org/GNOME/libsoup/-/issues/489 Signed-off-by: Changqing Li Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit c226dc8a4129717b433863f70fd90d66380eb571) Signed-off-by: Ankur Tyagi Signed-off-by: Yoann Congal --- .../libsoup/libsoup/CVE-2025-32049-1.patch | 229 ++++++++++++++ .../libsoup/libsoup/CVE-2025-32049-2.patch | 34 ++ .../libsoup/libsoup/CVE-2025-32049-3.patch | 133 ++++++++ .../libsoup/libsoup/CVE-2025-32049-4.patch | 291 ++++++++++++++++++ .../libsoup/libsoup/CVE-2026-1539.patch | 97 ++++++ meta/recipes-support/libsoup/libsoup_3.6.6.bb | 7 + 6 files changed, 791 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32049-1.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32049-2.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32049-3.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32049-4.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2026-1539.patch diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32049-1.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32049-1.patch new file mode 100644 index 00000000000..adec7b3cf07 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32049-1.patch @@ -0,0 +1,229 @@ +From 46338bccc2ad9c34f892af19123f64ca2d9d866f Mon Sep 17 00:00:00 2001 +From: Ignacio Casal Quinteiro +Date: Wed, 24 Jul 2024 15:20:35 +0200 +Subject: [PATCH 1/4] websocket: add a way to restrict the total message size + +Otherwise a client could send small packages smaller than +total-incoming-payload-size but still to break the server +with a big allocation + +Fixes: #390 + +Change SOUP_AVAILABLE_IN_3_8 to SOUP_AVAILABLE_IN_3_6 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/db87805ab565d67533dfed2cb409dbfd63c7fdce] +CVE: CVE-2025-32049 + +Signed-off-by: Changqing Li +--- + libsoup/websocket/soup-websocket-connection.c | 106 +++++++++++++++++- + libsoup/websocket/soup-websocket-connection.h | 7 ++ + 2 files changed, 110 insertions(+), 3 deletions(-) + +diff --git a/libsoup/websocket/soup-websocket-connection.c b/libsoup/websocket/soup-websocket-connection.c +index 36e8459..a4fc36e 100644 +--- a/libsoup/websocket/soup-websocket-connection.c ++++ b/libsoup/websocket/soup-websocket-connection.c +@@ -78,6 +78,7 @@ enum { + PROP_KEEPALIVE_INTERVAL, + PROP_KEEPALIVE_PONG_TIMEOUT, + PROP_EXTENSIONS, ++ PROP_MAX_TOTAL_MESSAGE_SIZE, + + LAST_PROPERTY + }; +@@ -120,6 +121,7 @@ typedef struct { + char *origin; + char *protocol; + guint64 max_incoming_payload_size; ++ guint64 max_total_message_size; + guint keepalive_interval; + guint keepalive_pong_timeout; + guint64 last_keepalive_seq_num; +@@ -164,6 +166,7 @@ typedef struct { + } SoupWebsocketConnectionPrivate; + + #define MAX_INCOMING_PAYLOAD_SIZE_DEFAULT 128 * 1024 ++#define MAX_TOTAL_MESSAGE_SIZE_DEFAULT 128 * 1024 + #define READ_BUFFER_SIZE 1024 + #define MASK_LENGTH 4 + +@@ -696,8 +699,8 @@ bad_data_error_and_close (SoupWebsocketConnection *self) + } + + static void +-too_big_error_and_close (SoupWebsocketConnection *self, +- guint64 payload_len) ++too_big_incoming_payload_error_and_close (SoupWebsocketConnection *self, ++ guint64 payload_len) + { + SoupWebsocketConnectionPrivate *priv = soup_websocket_connection_get_instance_private (self); + GError *error; +@@ -713,6 +716,24 @@ too_big_error_and_close (SoupWebsocketConnection *self, + emit_error_and_close (self, error, TRUE); + } + ++static void ++too_big_message_error_and_close (SoupWebsocketConnection *self, ++ guint64 len) ++{ ++ SoupWebsocketConnectionPrivate *priv = soup_websocket_connection_get_instance_private (self); ++ GError *error; ++ ++ error = g_error_new_literal (SOUP_WEBSOCKET_ERROR, ++ SOUP_WEBSOCKET_CLOSE_TOO_BIG, ++ priv->connection_type == SOUP_WEBSOCKET_CONNECTION_SERVER ? ++ "Received WebSocket payload from the client larger than configured max-total-message-size" : ++ "Received WebSocket payload from the server larger than configured max-total-message-size"); ++ g_debug ("%s received message of size %" G_GUINT64_FORMAT " or greater, but max supported size is %" G_GUINT64_FORMAT, ++ priv->connection_type == SOUP_WEBSOCKET_CONNECTION_SERVER ? "server" : "client", ++ len, priv->max_total_message_size); ++ emit_error_and_close (self, error, TRUE); ++} ++ + static void + close_connection (SoupWebsocketConnection *self, + gushort code, +@@ -973,6 +994,12 @@ process_contents (SoupWebsocketConnection *self, + switch (priv->message_opcode) { + case 0x01: + case 0x02: ++ /* Safety valve */ ++ if (priv->max_total_message_size > 0 && ++ (priv->message_data->len + payload_len) > priv->max_total_message_size) { ++ too_big_message_error_and_close (self, (priv->message_data->len + payload_len)); ++ return; ++ } + g_byte_array_append (priv->message_data, payload, payload_len); + break; + default: +@@ -1111,7 +1138,7 @@ process_frame (SoupWebsocketConnection *self) + /* Safety valve */ + if (priv->max_incoming_payload_size > 0 && + payload_len > priv->max_incoming_payload_size) { +- too_big_error_and_close (self, payload_len); ++ too_big_incoming_payload_error_and_close (self, payload_len); + return FALSE; + } + +@@ -1428,6 +1455,10 @@ soup_websocket_connection_get_property (GObject *object, + g_value_set_pointer (value, priv->extensions); + break; + ++ case PROP_MAX_TOTAL_MESSAGE_SIZE: ++ g_value_set_uint64 (value, priv->max_total_message_size); ++ break; ++ + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; +@@ -1486,6 +1517,10 @@ soup_websocket_connection_set_property (GObject *object, + priv->extensions = g_value_get_pointer (value); + break; + ++ case PROP_MAX_TOTAL_MESSAGE_SIZE: ++ priv->max_total_message_size = g_value_get_uint64 (value); ++ break; ++ + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; +@@ -1716,6 +1751,26 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass) + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_STATIC_STRINGS); + ++ /** ++ * SoupWebsocketConnection:max-total-message-size: ++ * ++ * The total message size for incoming packets. ++ * ++ * The protocol expects or 0 to not limit it. ++ * ++ * Since: 3.8 ++ */ ++ properties[PROP_MAX_TOTAL_MESSAGE_SIZE] = ++ g_param_spec_uint64 ("max-total-message-size", ++ "Max total message size", ++ "Max total message size ", ++ 0, ++ G_MAXUINT64, ++ MAX_TOTAL_MESSAGE_SIZE_DEFAULT, ++ G_PARAM_READWRITE | ++ G_PARAM_CONSTRUCT | ++ G_PARAM_STATIC_STRINGS); ++ + g_object_class_install_properties (gobject_class, LAST_PROPERTY, properties); + + /** +@@ -2186,6 +2241,51 @@ soup_websocket_connection_set_max_incoming_payload_size (SoupWebsocketConnection + } + } + ++/** ++ * soup_websocket_connection_get_max_total_message_size: ++ * @self: the WebSocket ++ * ++ * Gets the maximum total message size allowed for packets. ++ * ++ * Returns: the maximum total message size. ++ * ++ * Since: 3.8 ++ */ ++guint64 ++soup_websocket_connection_get_max_total_message_size (SoupWebsocketConnection *self) ++{ ++ SoupWebsocketConnectionPrivate *priv = soup_websocket_connection_get_instance_private (self); ++ ++ g_return_val_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self), MAX_TOTAL_MESSAGE_SIZE_DEFAULT); ++ ++ return priv->max_total_message_size; ++} ++ ++/** ++ * soup_websocket_connection_set_max_total_message_size: ++ * @self: the WebSocket ++ * @max_total_message_size: the maximum total message size ++ * ++ * Sets the maximum total message size allowed for packets. ++ * ++ * It does not limit the outgoing packet size. ++ * ++ * Since: 3.8 ++ */ ++void ++soup_websocket_connection_set_max_total_message_size (SoupWebsocketConnection *self, ++ guint64 max_total_message_size) ++{ ++ SoupWebsocketConnectionPrivate *priv = soup_websocket_connection_get_instance_private (self); ++ ++ g_return_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self)); ++ ++ if (priv->max_total_message_size != max_total_message_size) { ++ priv->max_total_message_size = max_total_message_size; ++ g_object_notify_by_pspec (G_OBJECT (self), properties[PROP_MAX_TOTAL_MESSAGE_SIZE]); ++ } ++} ++ + /** + * soup_websocket_connection_get_keepalive_interval: + * @self: the WebSocket +diff --git a/libsoup/websocket/soup-websocket-connection.h b/libsoup/websocket/soup-websocket-connection.h +index f047c0a..ea0cb58 100644 +--- a/libsoup/websocket/soup-websocket-connection.h ++++ b/libsoup/websocket/soup-websocket-connection.h +@@ -88,6 +88,13 @@ SOUP_AVAILABLE_IN_ALL + void soup_websocket_connection_set_max_incoming_payload_size (SoupWebsocketConnection *self, + guint64 max_incoming_payload_size); + ++SOUP_AVAILABLE_IN_3_6 ++guint64 soup_websocket_connection_get_max_total_message_size (SoupWebsocketConnection *self); ++ ++SOUP_AVAILABLE_IN_3_6 ++void soup_websocket_connection_set_max_total_message_size (SoupWebsocketConnection *self, ++ guint64 max_total_message_size); ++ + SOUP_AVAILABLE_IN_ALL + guint soup_websocket_connection_get_keepalive_interval (SoupWebsocketConnection *self); + +-- +2.34.1 + diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32049-2.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32049-2.patch new file mode 100644 index 00000000000..4cb9cf201b1 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32049-2.patch @@ -0,0 +1,34 @@ +From c00f1e961a17c0af1cd34881f64db2948f32bb65 Mon Sep 17 00:00:00 2001 +From: Ignacio Casal Quinteiro +Date: Fri, 20 Sep 2024 12:12:38 +0200 +Subject: [PATCH 2/4] websocket-test: set the total message size + +This is required when sending a big amount of data + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/4904a46a2d9a014efa6be01a186ac353dbf5047b] +CVE: CVE-2025-32049 + +Signed-off-by: Changqing Li +--- + tests/websocket-test.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/tests/websocket-test.c b/tests/websocket-test.c +index c924601..1678042 100644 +--- a/tests/websocket-test.c ++++ b/tests/websocket-test.c +@@ -615,6 +615,11 @@ test_send_big_packets (Test *test, + soup_websocket_connection_set_max_incoming_payload_size (test->server, 1000 * 1000 + 1); + g_assert_true (soup_websocket_connection_get_max_incoming_payload_size (test->server) == (1000 * 1000 + 1)); + ++ soup_websocket_connection_set_max_total_message_size (test->client, 1000 * 1000 + 1); ++ g_assert (soup_websocket_connection_get_max_total_message_size (test->client) == (1000 * 1000 + 1)); ++ soup_websocket_connection_set_max_total_message_size (test->server, 1000 * 1000 + 1); ++ g_assert (soup_websocket_connection_get_max_total_message_size (test->server) == (1000 * 1000 + 1)); ++ + sent = g_bytes_new_take (g_strnfill (1000 * 1000, '?'), 1000 * 1000); + soup_websocket_connection_send_text (test->server, g_bytes_get_data (sent, NULL)); + WAIT_UNTIL (received != NULL); +-- +2.34.1 + diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32049-3.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32049-3.patch new file mode 100644 index 00000000000..b5ccf374bf1 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32049-3.patch @@ -0,0 +1,133 @@ +From aa189f8bf0593427c67e0becb13f60f2da2fea26 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Thu, 8 May 2025 16:16:25 -0500 +Subject: [PATCH 3/4] Set message size limit in SoupServer rather than + SoupWebsocketConnection + +We're not sure about the compatibility implications of having a default +size limit for clients. + +Also not sure whether the server limit is actually set appropriately, +but there is probably very little server usage of +SoupWebsocketConnection in the wild, so it's not so likely to break +things. + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/2df34d9544cabdbfdedd3b36f098cf69233b1df7] +CVE: CVE-2025-32049 + +Signed-off-by: Changqing Li +--- + libsoup/server/soup-server.c | 24 +++++++++++++++---- + libsoup/websocket/soup-websocket-connection.c | 24 +++++++++++++------ + 2 files changed, 36 insertions(+), 12 deletions(-) + +diff --git a/libsoup/server/soup-server.c b/libsoup/server/soup-server.c +index 63af0cf..023abed 100644 +--- a/libsoup/server/soup-server.c ++++ b/libsoup/server/soup-server.c +@@ -188,6 +188,16 @@ static GParamSpec *properties[LAST_PROPERTY] = { NULL, }; + + G_DEFINE_TYPE_WITH_PRIVATE (SoupServer, soup_server, G_TYPE_OBJECT) + ++/* SoupWebsocketConnection by default limits only maximum packet size. But a ++ * message may consist of multiple packets, so SoupServer additionally restricts ++ * total message size to mitigate denial of service attacks on the server. ++ * SoupWebsocketConnection does not do this by default because I don't know ++ * whether that would or would not cause compatibility problems for websites. ++ * ++ * This size is in bytes and it is arbitrary. ++ */ ++#define MAX_TOTAL_MESSAGE_SIZE_DEFAULT 128 * 1024 ++ + static void request_finished (SoupServerMessage *msg, + SoupMessageIOCompletion completion, + SoupServer *server); +@@ -952,11 +962,15 @@ complete_websocket_upgrade (SoupServer *server, + + g_object_ref (msg); + stream = soup_server_message_steal_connection (msg); +- conn = soup_websocket_connection_new (stream, uri, +- SOUP_WEBSOCKET_CONNECTION_SERVER, +- soup_message_headers_get_one_common (soup_server_message_get_request_headers (msg), SOUP_HEADER_ORIGIN), +- soup_message_headers_get_one_common (soup_server_message_get_response_headers (msg), SOUP_HEADER_SEC_WEBSOCKET_PROTOCOL), +- handler->websocket_extensions); ++ conn = SOUP_WEBSOCKET_CONNECTION (g_object_new (SOUP_TYPE_WEBSOCKET_CONNECTION, ++ "io-stream", stream, ++ "uri", uri, ++ "connection-type", SOUP_WEBSOCKET_CONNECTION_SERVER, ++ "origin", soup_message_headers_get_one_common (soup_server_message_get_request_headers (msg), SOUP_HEADER_ORIGIN), ++ "protocol", soup_message_headers_get_one_common (soup_server_message_get_response_headers (msg), SOUP_HEADER_SEC_WEBSOCKET_PROTOCOL), ++ "extensions", handler->websocket_extensions, ++ "max-total-message-size", (guint64)MAX_TOTAL_MESSAGE_SIZE_DEFAULT, ++ NULL)); + handler->websocket_extensions = NULL; + g_object_unref (stream); + +diff --git a/libsoup/websocket/soup-websocket-connection.c b/libsoup/websocket/soup-websocket-connection.c +index a4fc36e..f60297c 100644 +--- a/libsoup/websocket/soup-websocket-connection.c ++++ b/libsoup/websocket/soup-websocket-connection.c +@@ -166,7 +166,6 @@ typedef struct { + } SoupWebsocketConnectionPrivate; + + #define MAX_INCOMING_PAYLOAD_SIZE_DEFAULT 128 * 1024 +-#define MAX_TOTAL_MESSAGE_SIZE_DEFAULT 128 * 1024 + #define READ_BUFFER_SIZE 1024 + #define MASK_LENGTH 4 + +@@ -1681,9 +1680,10 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass) + /** + * SoupWebsocketConnection:max-incoming-payload-size: + * +- * The maximum payload size for incoming packets. ++ * The maximum payload size for incoming packets, or 0 to not limit it. + * +- * The protocol expects or 0 to not limit it. ++ * Each message may consist of multiple packets, so also refer to ++ * [property@WebSocketConnection:max-total-message-size]. + */ + properties[PROP_MAX_INCOMING_PAYLOAD_SIZE] = + g_param_spec_uint64 ("max-incoming-payload-size", +@@ -1754,9 +1754,19 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass) + /** + * SoupWebsocketConnection:max-total-message-size: + * +- * The total message size for incoming packets. ++ * The maximum size for incoming messages. + * +- * The protocol expects or 0 to not limit it. ++ * Set to a value to limit the total message size, or 0 to not ++ * limit it. ++ * ++ * [method@Server.add_websocket_handler] will set this to a nonzero ++ * default value to mitigate denial of service attacks. Clients must ++ * choose their own default if they need to mitigate denial of service ++ * attacks. You also need to set your own default if creating your own ++ * server SoupWebsocketConnection without using SoupServer. ++ * ++ * Each message may consist of multiple packets, so also refer to ++ * [property@WebSocketConnection:max-incoming-payload-size]. + * + * Since: 3.8 + */ +@@ -1766,7 +1776,7 @@ soup_websocket_connection_class_init (SoupWebsocketConnectionClass *klass) + "Max total message size ", + 0, + G_MAXUINT64, +- MAX_TOTAL_MESSAGE_SIZE_DEFAULT, ++ 0, + G_PARAM_READWRITE | + G_PARAM_CONSTRUCT | + G_PARAM_STATIC_STRINGS); +@@ -2256,7 +2266,7 @@ soup_websocket_connection_get_max_total_message_size (SoupWebsocketConnection *s + { + SoupWebsocketConnectionPrivate *priv = soup_websocket_connection_get_instance_private (self); + +- g_return_val_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self), MAX_TOTAL_MESSAGE_SIZE_DEFAULT); ++ g_return_val_if_fail (SOUP_IS_WEBSOCKET_CONNECTION (self), 0); + + return priv->max_total_message_size; + } +-- +2.34.1 + diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32049-4.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32049-4.patch new file mode 100644 index 00000000000..c89637eae24 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32049-4.patch @@ -0,0 +1,291 @@ +From 800cbde5e42131bdea3d6f30808b7e034d45d438 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Fri, 16 May 2025 16:55:40 -0500 +Subject: [PATCH 4/4] Add tests for max-incoming-packet-size and + max-total-message-size + +An even better test would verify that it's possible to send big messages +containing small packets, but libsoup doesn't offer control over packet +size, and I don't want to take the time to learn how WebSockets work to +figure out how to do that manually. Instead, I just check that both +limits work, for both client and server. + +I didn't add deflate variants of these tests because I doubt that would +add valuable coverage. + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/4d00b45b7eebdcfa0706b58e34c40b8a0a16015b] +CVE: CVE-2025-32049 + +Signed-off-by: Changqing Li +--- + tests/websocket-test.c | 213 +++++++++++++++++++++++++++++++++++++---- + 1 file changed, 196 insertions(+), 17 deletions(-) + +diff --git a/tests/websocket-test.c b/tests/websocket-test.c +index 1678042..60da66f 100644 +--- a/tests/websocket-test.c ++++ b/tests/websocket-test.c +@@ -591,16 +591,9 @@ test_send_big_packets (Test *test, + { + GBytes *sent = NULL; + GBytes *received = NULL; ++ gulong signal_id; + +- g_signal_connect (test->client, "message", G_CALLBACK (on_text_message), &received); +- +- sent = g_bytes_new_take (g_strnfill (400, '!'), 400); +- soup_websocket_connection_send_text (test->server, g_bytes_get_data (sent, NULL)); +- WAIT_UNTIL (received != NULL); +- g_assert_true (g_bytes_equal (sent, received)); +- g_bytes_unref (sent); +- g_bytes_unref (received); +- received = NULL; ++ signal_id = g_signal_connect (test->client, "message", G_CALLBACK (on_text_message), &received); + + sent = g_bytes_new_take (g_strnfill (100 * 1000, '?'), 100 * 1000); + soup_websocket_connection_send_text (test->server, g_bytes_get_data (sent, NULL)); +@@ -611,23 +604,173 @@ test_send_big_packets (Test *test, + received = NULL; + + soup_websocket_connection_set_max_incoming_payload_size (test->client, 1000 * 1000 + 1); +- g_assert_true (soup_websocket_connection_get_max_incoming_payload_size (test->client) == (1000 * 1000 + 1)); ++ g_assert_cmpuint (soup_websocket_connection_get_max_incoming_payload_size (test->client), ==, 1000 * 1000 + 1); + soup_websocket_connection_set_max_incoming_payload_size (test->server, 1000 * 1000 + 1); +- g_assert_true (soup_websocket_connection_get_max_incoming_payload_size (test->server) == (1000 * 1000 + 1)); ++ g_assert_cmpuint (soup_websocket_connection_get_max_incoming_payload_size (test->server), ==, 1000 * 1000 + 1); + + soup_websocket_connection_set_max_total_message_size (test->client, 1000 * 1000 + 1); +- g_assert (soup_websocket_connection_get_max_total_message_size (test->client) == (1000 * 1000 + 1)); ++ g_assert_cmpuint (soup_websocket_connection_get_max_total_message_size (test->client), ==, 1000 * 1000 + 1); + soup_websocket_connection_set_max_total_message_size (test->server, 1000 * 1000 + 1); +- g_assert (soup_websocket_connection_get_max_total_message_size (test->server) == (1000 * 1000 + 1)); ++ g_assert_cmpuint (soup_websocket_connection_get_max_total_message_size (test->server), ==, 1000 * 1000 + 1); + + sent = g_bytes_new_take (g_strnfill (1000 * 1000, '?'), 1000 * 1000); + soup_websocket_connection_send_text (test->server, g_bytes_get_data (sent, NULL)); + WAIT_UNTIL (received != NULL); + g_assert_true (g_bytes_equal (sent, received)); ++ g_bytes_unref (received); ++ received = NULL; ++ ++ /* Reverse the test and send the big message to the server. */ ++ g_signal_handler_disconnect (test->client, signal_id); ++ g_signal_connect (test->server, "message", G_CALLBACK (on_text_message), &received); ++ ++ soup_websocket_connection_send_text (test->client, g_bytes_get_data (sent, NULL)); ++ WAIT_UNTIL (received != NULL); ++ g_assert_true (g_bytes_equal (sent, received)); + g_bytes_unref (sent); + g_bytes_unref (received); + } + ++static void ++test_send_big_packets_direct (Test *test, ++ gconstpointer data) ++{ ++ g_assert_cmpuint (soup_websocket_connection_get_max_incoming_payload_size (test->client), ==, 128 * 1024); ++ g_assert_cmpuint (soup_websocket_connection_get_max_total_message_size (test->client), ==, 0); ++ ++ g_assert_cmpuint (soup_websocket_connection_get_max_incoming_payload_size (test->server), ==, 128 * 1024); ++ g_assert_cmpuint (soup_websocket_connection_get_max_total_message_size (test->server), ==, 0); ++ ++ test_send_big_packets (test, data); ++} ++ ++static void ++test_send_big_packets_soup (Test *test, ++ gconstpointer data) ++{ ++ g_assert_cmpuint (soup_websocket_connection_get_max_incoming_payload_size (test->client), ==, 128 * 1024); ++ g_assert_cmpuint (soup_websocket_connection_get_max_total_message_size (test->client), ==, 0); ++ ++ /* Max total message size defaults to 0 (unlimited), but SoupServer applies its own limit by default. */ ++ g_assert_cmpuint (soup_websocket_connection_get_max_incoming_payload_size (test->server), ==, 128 * 1024); ++ g_assert_cmpuint (soup_websocket_connection_get_max_total_message_size (test->server), ==, 128 * 1024); ++ ++ test_send_big_packets (test, data); ++} ++ ++static void ++test_send_exceeding_client_max_payload_size (Test *test, ++ gconstpointer data) ++{ ++ GBytes *sent = NULL; ++ GBytes *received = NULL; ++ gboolean close_event = FALSE; ++ GError *error = NULL; ++ ++ g_signal_connect (test->server, "error", G_CALLBACK (on_error_copy), &error); ++ g_signal_connect (test->client, "closed", G_CALLBACK (on_close_set_flag), &close_event); ++ ++ g_assert_cmpuint (soup_websocket_connection_get_max_incoming_payload_size (test->client), ==, 128 * 1024); ++ ++ soup_websocket_connection_set_max_incoming_payload_size (test->server, 0); ++ g_assert_cmpuint (soup_websocket_connection_get_max_incoming_payload_size (test->server), ==, 0); ++ ++ /* The message to the client is dropped due to the client's limit. */ ++ sent = g_bytes_new_take (g_strnfill (1000 * 1000, '?'), 1000 * 1000); ++ soup_websocket_connection_send_text (test->server, g_bytes_get_data (sent, NULL)); ++ g_bytes_unref (sent); ++ WAIT_UNTIL (close_event); ++ g_assert_null (received); ++ g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CONNECTION_CLOSED); ++ g_assert_no_error (test->client_error); ++} ++ ++static void ++test_send_exceeding_server_max_payload_size (Test *test, ++ gconstpointer data) ++{ ++ GBytes *sent = NULL; ++ GBytes *received = NULL; ++ gboolean close_event = FALSE; ++ GError *error = NULL; ++ ++ g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error); ++ g_signal_connect (test->server, "closed", G_CALLBACK (on_close_set_flag), &close_event); ++ ++ soup_websocket_connection_set_max_incoming_payload_size (test->client, 0); ++ g_assert_cmpuint (soup_websocket_connection_get_max_incoming_payload_size (test->client), ==, 0); ++ ++ g_assert_cmpuint (soup_websocket_connection_get_max_incoming_payload_size (test->server), ==, 128 * 1024); ++ ++ /* The message to the server is dropped due to the server's limit. */ ++ sent = g_bytes_new_take (g_strnfill (1000 * 1000, '?'), 1000 * 1000); ++ soup_websocket_connection_send_text (test->client, g_bytes_get_data (sent, NULL)); ++ g_bytes_unref (sent); ++ WAIT_UNTIL (close_event); ++ g_assert_null (received); ++ g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CONNECTION_CLOSED); ++ g_assert_no_error (test->client_error); ++} ++ ++static void ++test_send_exceeding_client_max_message_size (Test *test, ++ gconstpointer data) ++{ ++ GBytes *sent = NULL; ++ GBytes *received = NULL; ++ gboolean close_event = FALSE; ++ GError *error = NULL; ++ ++ g_signal_connect (test->server, "error", G_CALLBACK (on_error_copy), &error); ++ g_signal_connect (test->client, "closed", G_CALLBACK (on_close_set_flag), &close_event); ++ ++ soup_websocket_connection_set_max_total_message_size (test->client, 128 * 1024); ++ g_assert_cmpuint (soup_websocket_connection_get_max_total_message_size (test->client), ==, 128 * 1024); ++ ++ soup_websocket_connection_set_max_total_message_size (test->server, 0); ++ g_assert_cmpuint (soup_websocket_connection_get_max_total_message_size (test->server), ==, 0); ++ ++ /* The message to the client is dropped due to the client's limit. */ ++ sent = g_bytes_new_take (g_strnfill (1000 * 1000, '?'), 1000 * 1000); ++ soup_websocket_connection_send_text (test->server, g_bytes_get_data (sent, NULL)); ++ g_bytes_unref (sent); ++ WAIT_UNTIL (close_event); ++ g_assert_null (received); ++ g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CONNECTION_CLOSED); ++ g_assert_no_error (test->client_error); ++} ++ ++static void ++test_send_exceeding_server_max_message_size (Test *test, ++ gconstpointer data) ++{ ++ GBytes *sent = NULL; ++ GBytes *received = NULL; ++ gboolean close_event = FALSE; ++ GError *error = NULL; ++ ++ g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error); ++ g_signal_connect (test->server, "closed", G_CALLBACK (on_close_set_flag), &close_event); ++ ++ soup_websocket_connection_set_max_total_message_size (test->client, 0); ++ g_assert_cmpuint (soup_websocket_connection_get_max_total_message_size (test->client), ==, 0); ++ ++ /* Set the server message total message size manually, because its ++ * default is different for direct connection vs. soup connection. ++ */ ++ soup_websocket_connection_set_max_total_message_size (test->server, 128 * 1024); ++ g_assert_cmpuint (soup_websocket_connection_get_max_total_message_size (test->server), ==, 128 * 1024); ++ ++ /* The message to the server is dropped due to the server's limit. */ ++ sent = g_bytes_new_take (g_strnfill (1000 * 1000, '?'), 1000 * 1000); ++ soup_websocket_connection_send_text (test->client, g_bytes_get_data (sent, NULL)); ++ g_bytes_unref (sent); ++ WAIT_UNTIL (close_event); ++ g_assert_null (received); ++ g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CONNECTION_CLOSED); ++ g_assert_no_error (test->client_error); ++} ++ + static void + test_send_empty_packets (Test *test, + gconstpointer data) +@@ -2262,11 +2405,47 @@ main (int argc, + + g_test_add ("/websocket/direct/send-big-packets", Test, NULL, + setup_direct_connection, +- test_send_big_packets, ++ test_send_big_packets_direct, + teardown_direct_connection); + g_test_add ("/websocket/soup/send-big-packets", Test, NULL, + setup_soup_connection, +- test_send_big_packets, ++ test_send_big_packets_soup, ++ teardown_soup_connection); ++ ++ g_test_add ("/websocket/direct/send-exceeding-client-max-payload-size", Test, NULL, ++ setup_direct_connection, ++ test_send_exceeding_client_max_payload_size, ++ teardown_direct_connection); ++ g_test_add ("/websocket/soup/send-exceeding-client-max-payload-size", Test, NULL, ++ setup_soup_connection, ++ test_send_exceeding_client_max_payload_size, ++ teardown_soup_connection); ++ ++ g_test_add ("/websocket/direct/send-exceeding-server-max-payload-size", Test, NULL, ++ setup_direct_connection, ++ test_send_exceeding_server_max_payload_size, ++ teardown_direct_connection); ++ g_test_add ("/websocket/soup/send-exceeding-server-max-payload-size", Test, NULL, ++ setup_soup_connection, ++ test_send_exceeding_server_max_payload_size, ++ teardown_soup_connection); ++ ++ g_test_add ("/websocket/direct/send-exceeding-client-max-message-size", Test, NULL, ++ setup_direct_connection, ++ test_send_exceeding_client_max_message_size, ++ teardown_direct_connection); ++ g_test_add ("/websocket/soup/send-exceeding-client-max-message-size", Test, NULL, ++ setup_soup_connection, ++ test_send_exceeding_client_max_message_size, ++ teardown_soup_connection); ++ ++ g_test_add ("/websocket/direct/send-exceeding-server-max-message-size", Test, NULL, ++ setup_direct_connection, ++ test_send_exceeding_server_max_message_size, ++ teardown_direct_connection); ++ g_test_add ("/websocket/soup/send-exceeding-server-max-message-size", Test, NULL, ++ setup_soup_connection, ++ test_send_exceeding_server_max_message_size, + teardown_soup_connection); + + g_test_add ("/websocket/direct/send-empty-packets", Test, NULL, +@@ -2421,11 +2600,11 @@ main (int argc, + + g_test_add ("/websocket/direct/deflate-send-big-packets", Test, NULL, + setup_direct_connection_with_extensions, +- test_send_big_packets, ++ test_send_big_packets_direct, + teardown_direct_connection); + g_test_add ("/websocket/soup/deflate-send-big-packets", Test, NULL, + setup_soup_connection_with_extensions, +- test_send_big_packets, ++ test_send_big_packets_soup, + teardown_soup_connection); + + g_test_add ("/websocket/direct/deflate-send-empty-packets", Test, NULL, +-- +2.34.1 + diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2026-1539.patch b/meta/recipes-support/libsoup/libsoup/CVE-2026-1539.patch new file mode 100644 index 00000000000..e887b441df9 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2026-1539.patch @@ -0,0 +1,97 @@ +From 7a70f089e13cc113032b1459286835b72a2986af Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos +Date: Tue, 20 Jan 2026 13:17:42 +0100 +Subject: [PATCH] Also remove Proxy-Authorization header on cross origin + redirect + +Closes #489 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/98c1285d9d78662c38bf14b4a128af01ccfdb446] +CVE: CVE-2026-1539 + +Signed-off-by: Changqing Li +--- + libsoup/soup-session.c | 1 + + tests/httpd.conf.in | 1 + + tests/proxy-test.c | 34 ++++++++++++++++++++++++++++++++++ + 3 files changed, 36 insertions(+) + +diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c +index 2d34022..386d145 100644 +--- a/libsoup/soup-session.c ++++ b/libsoup/soup-session.c +@@ -1234,6 +1234,7 @@ soup_session_redirect_message (SoupSession *session, + /* Strip all credentials on cross-origin redirect. */ + if (!soup_uri_host_equal (soup_message_get_uri (msg), new_uri)) { + soup_message_headers_remove_common (soup_message_get_request_headers (msg), SOUP_HEADER_AUTHORIZATION); ++ soup_message_headers_remove_common (soup_message_get_request_headers (msg), SOUP_HEADER_PROXY_AUTHORIZATION); + soup_message_set_auth (msg, NULL); + } + +diff --git a/tests/httpd.conf.in b/tests/httpd.conf.in +index 809dc5c..cc0a116 100644 +--- a/tests/httpd.conf.in ++++ b/tests/httpd.conf.in +@@ -34,6 +34,7 @@ LoadModule ssl_module @APACHE_SSL_MODULE_DIR@/mod_ssl.so + DirectoryIndex index.txt + TypesConfig /dev/null + Redirect permanent /redirected /index.txt ++Redirect permanent /Basic/realm1/redirected https://127.0.0.1:47525/index.txt + + # Prefer http1 for now because most of the tests expect http1 behavior. + Protocols http/1.1 h2 +diff --git a/tests/proxy-test.c b/tests/proxy-test.c +index d730c8a..68c97ac 100644 +--- a/tests/proxy-test.c ++++ b/tests/proxy-test.c +@@ -269,6 +269,39 @@ do_proxy_redirect_test (void) + soup_test_session_abort_unref (session); + } + ++static void proxy_auth_redirect_message_restarted (SoupMessage *msg) ++{ ++ if (soup_message_get_status (msg) != SOUP_STATUS_MOVED_PERMANENTLY) ++ return; ++ ++ g_assert_null (soup_message_headers_get_one (soup_message_get_request_headers (msg), "Proxy-Authorization")); ++} ++ ++static void ++do_proxy_auth_redirect_test (void) ++{ ++ SoupSession *session; ++ SoupMessage *msg; ++ char *url; ++ ++ SOUP_TEST_SKIP_IF_NO_APACHE; ++ SOUP_TEST_SKIP_IF_NO_TLS; ++ ++ session = soup_test_session_new ("proxy-resolver", proxy_resolvers[AUTH_PROXY], NULL); ++ ++ url = g_strconcat (HTTP_SERVER, "/Basic/realm1/redirected", NULL); ++ msg = soup_message_new (SOUP_METHOD_GET, url); ++ g_signal_connect (msg, "authenticate", G_CALLBACK (authenticate), NULL); ++ g_signal_connect (msg, "restarted", G_CALLBACK (proxy_auth_redirect_message_restarted), NULL); ++ ++ soup_test_session_send_message (session, msg); ++ soup_test_assert_message_status (msg, SOUP_STATUS_OK); ++ ++ g_free (url); ++ g_object_unref (msg); ++ soup_test_session_abort_unref (session); ++} ++ + static void + do_proxy_auth_request (const char *url, SoupSession *session, gboolean do_read) + { +@@ -402,6 +435,7 @@ main (int argc, char **argv) + + g_test_add_data_func ("/proxy/fragment", base_uri, do_proxy_fragment_test); + g_test_add_func ("/proxy/redirect", do_proxy_redirect_test); ++ g_test_add_func ("/proxy/auth-redirect", do_proxy_auth_redirect_test); + g_test_add_func ("/proxy/auth-cache", do_proxy_auth_cache_test); + g_test_add_data_func ("/proxy/connect-error", base_https_uri, do_proxy_connect_error_test); + +-- +2.34.1 + diff --git a/meta/recipes-support/libsoup/libsoup_3.6.6.bb b/meta/recipes-support/libsoup/libsoup_3.6.6.bb index f9dd5311a46..981e74d8160 100644 --- a/meta/recipes-support/libsoup/libsoup_3.6.6.bb +++ b/meta/recipes-support/libsoup/libsoup_3.6.6.bb @@ -11,6 +11,13 @@ DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl nghttp2" SRC_URI[archive.sha256sum] = "51ed0ae06f9d5a40f401ff459e2e5f652f9a510b7730e1359ee66d14d4872740" +SRC_URI += "file://CVE-2025-32049-1.patch \ + file://CVE-2025-32049-2.patch \ + file://CVE-2025-32049-3.patch \ + file://CVE-2025-32049-4.patch \ + file://CVE-2026-1539.patch \ +" + PROVIDES = "libsoup-3.0" inherit gettext gnomebase upstream-version-is-even gobject-introspection gi-docgen vala From patchwork Thu Apr 2 05:21:23 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85109 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97CB7CC6B00 for ; Thu, 2 Apr 2026 05:22:24 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.9314.1775107335043995386 for ; Wed, 01 Apr 2026 22:22:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=AaKtdYNd; spf=pass (domain: smile.fr, ip: 209.85.128.53, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-488895ad947so4609825e9.3 for ; Wed, 01 Apr 2026 22:22:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775107333; x=1775712133; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=GSD9l0bwEUNW33RgmPxF5gbMXi7kaa+8L2HWZgr4zbw=; b=AaKtdYNdwZp7jwUIpcTCo2HC0sHsVBAoUEJ6ttJGPbcQIOF5UHpDd5oChrnsQx1gtq JB03Z0g2lvwA1IRrMlWm12OTjuX5Y2OaOKp+iMBbvHytUuRNxftiqCHjMKUbSphmAd38 oP8kCOl7fZ9J948uRfdqP7ExA9Mh1LQUZgI4Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775107333; x=1775712133; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=GSD9l0bwEUNW33RgmPxF5gbMXi7kaa+8L2HWZgr4zbw=; b=b8HOncZSR1rSiubJ06iZtaWPaHgSCZfxQPwewu2AtvtlYLFWYPM82znJn2C7iosTde gP0zKJEMiQJ37vrd6bFjsaxLEDOBpm4GJgo2QuqDR1bhVM2s1hkuzrPUKCY8C3+Uiy4J V/HhE0rqwcU4RLcItfSyQ/tT0RwH8Pg0dOo/Ylgvh1DGWXebzH6J/z6o/YRBakmGCKAq eZtKGIOmwMQ0/6sdcopkiY/XyiTMyi+YfYHAayhIBwqaCBTR1pG6z8Fb5SjZ0fH9coQR fsIhatjeX3DNUfpvVGOl8LQGJRftX2niMw62+tY1d1TI74yzchvzkiR/fSwK7JKCvnXj iy8Q== X-Gm-Message-State: AOJu0YwZEuw4/RLERGSSh4mvwVW8b6OL9PmoiaKXlIs0wmGBcECcxM2O u+xmzQD6Aj+L7OJMqWe5i13N0nhiJP6r6NLWlW4gd12JlR59qbb4oxmMDxs6W6KCpSh9CGIrIaT xe7dhoqI= X-Gm-Gg: ATEYQzyX1fybhC4vMOAw1Z0pfuG0GuKfAhbCuTM5qtXOX4ao/gNQfysXsBdhYcZVjLl 2+zuNDS9GFP1qQTq05N8v04fisWjMOhpE92Z4J8LkjfPZ7JCY/EuQbnw8g5T3wYU7lsUTqTMR2z im11ojNfKByRy2I3BXewYZREtsV3mmy9L7ebKOyBmIWc0yEtJ9E+menguI9wOTx0MXWJzt+HTzN s+tkTp521hI/Po6zJup9OVib8POa2d1I1WimGWv9m3hGQpCRVUrDh5YTPHUXfwOOo+A6FamWYQV wuaR6HMj3O01U6MfwviyQgMB/dREXMm4oBtmg1a4PS4bLTt+02LlDsjGV44hhqHUM/QA3n/kRlK CilcAjZv1HclUbGIV4v0NCJ3iR5kOKJnRtv7zQrAnD1yJcuWbf/rypd7f1XmxPmDqNaGSS/fsO6 2wP8Rl+T5vmWxlUip0bn2Kwav5fgrNLCsncc0yPHtwS10+qJr3VtHYMmqNFZo/TQJTga44TXNb8 +DwVmM6SGTjpSZCIZAChPwvr0I= X-Received: by 2002:a05:600c:4744:b0:485:3f1c:d887 with SMTP id 5b1f17b1804b1-48883599b38mr90689425e9.26.1775107333135; Wed, 01 Apr 2026 22:22:13 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887e829c43sm151111865e9.5.2026.04.01.22.22.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 22:22:12 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 06/15] libxmlb: upgrade 0.3.24 -> 0.3.25 Date: Thu, 2 Apr 2026 07:21:23 +0200 Message-ID: <3dd54d88644d8127338944a0ad515f70a4759cd3.1775106968.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 05:22:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234477 From: Wang Mingyu Bugfixes: - Correctly decompress heavily compressed zstd streams Signed-off-by: Wang Mingyu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 0421e9b2031fcc56df192da796a4cadef6966b38) Signed-off-by: Ankur Tyagi Signed-off-by: Yoann Congal --- .../libxmlb/{libxmlb_0.3.24.bb => libxmlb_0.3.25.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-gnome/libxmlb/{libxmlb_0.3.24.bb => libxmlb_0.3.25.bb} (93%) diff --git a/meta/recipes-gnome/libxmlb/libxmlb_0.3.24.bb b/meta/recipes-gnome/libxmlb/libxmlb_0.3.25.bb similarity index 93% rename from meta/recipes-gnome/libxmlb/libxmlb_0.3.24.bb rename to meta/recipes-gnome/libxmlb/libxmlb_0.3.25.bb index 24eb62c98cc..86874360522 100644 --- a/meta/recipes-gnome/libxmlb/libxmlb_0.3.24.bb +++ b/meta/recipes-gnome/libxmlb/libxmlb_0.3.25.bb @@ -8,7 +8,7 @@ SRC_URI = " \ file://0001-xb-selftest.c-hardcode-G_TEST_SRCDIR.patch \ file://run-ptest \ " -SRCREV = "d004cca465e5c5af3ce02c02a15978ff02b510c3" +SRCREV = "b31dec072f4428123db3866c18bf32bc5db04d35" DEPENDS = "glib-2.0 xz zstd" From patchwork Thu Apr 2 05:21:24 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85113 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0E3A7CC6B07 for ; Thu, 2 Apr 2026 05:22:25 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.9315.1775107336033534554 for ; Wed, 01 Apr 2026 22:22:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=d0zW95XD; spf=pass (domain: smile.fr, ip: 209.85.128.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-486fe36cfabso10085965e9.1 for ; Wed, 01 Apr 2026 22:22:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775107334; x=1775712134; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0mwunJAmHykz+auJaEzaPIz9nFbvmPP0XgQ3ujZ5hbw=; b=d0zW95XDjEqii/gXRMZEOsaFhFxJeXYkY1taVWtnrpICDJNvvcbseqD7kWymFTfI0/ d1NYYjFreyWROgDtYZn8zNU/QlkH+VgUqgUwsP1GpFW/pxFkzfu7GX4UmpGvsI+DQYMf IS8szbtttnFTnDymd+VfTqQjBmVRJmr0IaqoY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775107334; x=1775712134; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=0mwunJAmHykz+auJaEzaPIz9nFbvmPP0XgQ3ujZ5hbw=; b=HBGKUtN46t/RtjC3bQTsSsU71z+RawmXDFQ6dKuulLiOOCDuggftnSDuZrLC9/u62L JxdeWgsDD+i3plKCrdEQIFxzE38kYNR6NGoY0AYHU1wnon/J6b/w7qRjQF70+rRytvFx S+RYt7xhw/roLTWFNijBEogyknY2fsN/G4MJZazu3vWNm/s2/T4dFjD3NX1oOwxKB4Z6 QUzwq7Mpsqa4X2RwomTwjMrMi8hBBDtvDbGzlORjmSfsaF/ZBF8/sl7Cinnwfnhqxe1q yRrAgaFUH+DiQ1YdZPQh7nLEYF2JgQGvA9nsGJd0A8c1z3p/xi7xRSofJTsyVhMHGClK DIcQ== X-Gm-Message-State: AOJu0YyzLLsSdODCKdvKrySKLfGaXkPTCExC6OnSu1YWPJATh2M0UPWZ 9jTzh9eLW0ta43uBkfG2feChzYwpAWOflFycUjr/8uV5wCdOyHgpYC1dKjExHLluQmmNyG7i779 ZaV2K6rI= X-Gm-Gg: ATEYQzyfi98xbi3mXm91dnx1pIH9thPtP28YNmaE84BIxaceAWiFjy5B6AyyujFy4qa Jy9WOm26PQWWzafwLZMMCXS4esnGGma1JTvT13QPpOc8QgTEkmFvX/VgZWHQDOZEn4zqri5GY20 GesfWXqSyCnF7ldwy5RDUBEGz0t8WXa26NvMDogfqQtEl52XsB9uu5A8WPaIuxNjD6yfJtAR43s V1KOUA4chGYkulRCudEs7URbnai9NFUvDp+mZQ11lxKW2QdErewSX3LySoU8ZfX6KjDrzdt69lp sHYQqSPJkOREixTPfnYjmJoRr1KdVjFUVtHUy3zUJFYGJx0dsZuScHh4ocrI8J5VPn8ewVSm8We BF+tqzJM8Dc4QtPTPmxeAwlWD70JVLOVBZ9dpHcRD2KZkSLRiJHFCFqevMle6hJV4dSuIa/G+CA 5peWfkQxvxGGia81YrSxIxtv8KrJtFWQQ7DlqCA7ujrHy7RIsElEpxOUrH5A8wZM3EiqV0zaEXX HyEFyGSUY/N3UccsrhPOZxIcZvNELafpO5VIA== X-Received: by 2002:a05:600c:a405:b0:47e:e59c:67c5 with SMTP id 5b1f17b1804b1-4888e078f42mr12566945e9.8.1775107334127; Wed, 01 Apr 2026 22:22:14 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887e829c43sm151111865e9.5.2026.04.01.22.22.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 22:22:13 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 07/15] ca-certificates: upgrade 20250419 -> 20260223 Date: Thu, 2 Apr 2026 07:21:24 +0200 Message-ID: <8c3981fbf6bbbbe1b54ae2a57035ab786e6b0595.1775106968.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 05:22:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234479 From: Andrej Kozemcak Changelog: * Update Mozilla certificate authority bundle to version 2.82 The following certificate authorities were added (+): + TrustAsia TLS ECC Root CA + TrustAsia TLS RSA Root CA + SwissSign RSA TLS Root CA 2022 - 1 + OISTE Server Root ECC G1 + OISTE Server Root RSA G1 The following certificate authorities were removed (-): - GlobalSign Root CA - Entrust.net Premium 2048 Secure Server CA - Baltimore CyberTrust Root (closes: #1121936) - Comodo AAA Services root - XRamp Global CA Root - Go Daddy Class 2 CA - Starfield Class 2 CA - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 * Use dh_usrlocal to create /usr/local/share/ca-certificates Signed-off-by: Andrej Kozemcak Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 738e08718e31de19c1c8db5e162a4a00e2b0c0e6) Signed-off-by: Ankur Tyagi Signed-off-by: Yoann Congal --- ...{ca-certificates_20250419.bb => ca-certificates_20260223.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-support/ca-certificates/{ca-certificates_20250419.bb => ca-certificates_20260223.bb} (97%) diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20250419.bb b/meta/recipes-support/ca-certificates/ca-certificates_20260223.bb similarity index 97% rename from meta/recipes-support/ca-certificates/ca-certificates_20250419.bb rename to meta/recipes-support/ca-certificates/ca-certificates_20260223.bb index a11433c9daf..41690d1d088 100644 --- a/meta/recipes-support/ca-certificates/ca-certificates_20250419.bb +++ b/meta/recipes-support/ca-certificates/ca-certificates_20260223.bb @@ -14,7 +14,7 @@ DEPENDS:class-nativesdk = "openssl-native" # Need rehash from openssl and run-parts from debianutils PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" -SRC_URI[sha256sum] = "33b44ef78653ecd3f0f2f13e5bba6be466be2e7da72182f737912b81798ba5d2" +SRC_URI[sha256sum] = "2fa2b00d4360f0d14ec51640ae8aea9e563956b95ea786e3c3c01c4eead42b56" SRC_URI = "${DEBIAN_MIRROR}/main/c/ca-certificates/${BPN}_${PV}.tar.xz \ file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \ file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \ From patchwork Thu Apr 2 05:21:25 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85112 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1E491CC6B06 for ; Thu, 2 Apr 2026 05:22:25 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.9230.1775107336919954019 for ; Wed, 01 Apr 2026 22:22:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=UUKVS62D; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-486fba7ce4cso3756415e9.3 for ; Wed, 01 Apr 2026 22:22:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775107335; x=1775712135; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=49Lh4v2vCV6JOirh0kZapps+5k+z4/KLAPgg2sgFjpg=; b=UUKVS62D2OpTuVGyo/0z2y4mltNlCjABuNxKKVh4gy5eZ49LtQZQn7nrsD69gDiFt9 2jAk4j8S+bKcwb3q4iN5hbWPlusmkXcY1a/JNoeyyCoAluhQuK2qQsAJlftZ20uJALA5 a4hy4/ulkKlZoSV7PaeIhrCdg7/a1hDrJE6Uo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775107335; x=1775712135; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=49Lh4v2vCV6JOirh0kZapps+5k+z4/KLAPgg2sgFjpg=; b=lBRyNiHTEdcFL0kT1Cb7xFwSRAZWtB0or73bJbbYo0D0gi6DFKo6kUjYQ6U+SvDwJF jE7v1DsnkXI47Z2rqFjjiF9zjLxkJoATlHDnBGSfXruxCVOAQBTIzOPvaiQZFqybdPnI RMTLmXK9lmUJLafIOar1QtyBkQFat9YmyLHe1I6NXMyUrR/v211RzoEHPP4PHzXOC1K3 bagbCniEo7xew3jZNhmiYqUI5peM6mYYx1rwuE0sBNKZVbG06vC+ksuniU/4hZSnvfHo iWBzm7u7yt2m8zG6sqCI6AundF+INvaF0oPtKMKB+dPZLns/Ak8fQZxUUTiPgend9Ld6 6xEQ== X-Gm-Message-State: AOJu0YwHSzC6D+RZmhAw6TTTLxDozhMQKgolr5kQlKqaJGj7WrqBZUeV Uxp/BxVWNmvPybMlm3Fuj4U6dfxP3C2h9bCPGe7VdIAR05LcxD/plhoM6xwQs4aKpXbzGH9D7WH OPTkAEnk= X-Gm-Gg: ATEYQzwZW+tocHcyRiM4kG5uPgFzNQn7hR5NORoUa8SEKHubyr74S7fe3Mdxc44KLZ6 QsOvAv9HcJPDlWNurPpoT6c3N2kn5Q3zBwScXFvxTrVZjqXb68gh4pK+uDKxzPdNveKinmh6xQu w7n3C+mmM1KwwDIgpak83LDbKwAgaTDq9CJdSFFV9mGhq2TOVwXZNFIPxFx6H7mT6Kozqj/TeuS /o7GpZRuV1hBKXBEtj24rUtVhIvJ6kjSJt+DIV+Cypc+tDzuPfn/nVcs9q6x3CaytfoQLK/f3wA 3a/aLNAs4y9fsdvloc3eWp+BZg2o1Jgv4biblZWYFAPC07PhcYfAc+n5uJ6O+VrFUTiIvM3fwOO HOzZkUVRx9763NyLvD7ZfF64sby37QrD+MKxvnLcTqVKotYy3CI02zhnTXS/7Zt/C4llWMT/VCt kuLRqPvloFtWEazDEaX6N77Npbn6v3lcoxXaBgTZ+jyfDyJecgh03y+q/MjbDG4YY3xy/F83pvP 8LASz7f+h8wbk1inoIvMNAQLQE= X-Received: by 2002:a05:600c:a4c:b0:487:1c2:6a56 with SMTP id 5b1f17b1804b1-4888356844bmr112987195e9.3.1775107335017; Wed, 01 Apr 2026 22:22:15 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887e829c43sm151111865e9.5.2026.04.01.22.22.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 22:22:14 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 08/15] tzdata,tzcode-native: Upgrade 2025b -> 2025c Date: Thu, 2 Apr 2026 07:21:25 +0200 Message-ID: <769923b619fca84c4dce0bc18116d5e0970ba429.1775106968.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 05:22:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234480 From: Paul Barker This release mostly changes code and commentary. The only changed data are leap second table expiration and pre-1976 time in Baja California. Full release notes: https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/TAGXKYLMAQRZRFTERQ33CEKOW7KRJVAK/ Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 452334219309793ad74abd6ff390dcb06cab929b) Signed-off-by: Ankur Tyagi Signed-off-by: Yoann Congal --- meta/recipes-extended/timezone/timezone.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index 9a5105ffd74..b9323432b8d 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2025b" +PV = "2025c" SRC_URI = "http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${UNPACKDIR}/tz" UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "05f8fedb3525ee70d49c87d3fae78a8a0dbae4fe87aa565c65cda9948ae135ec" -SRC_URI[tzdata.sha256sum] = "11810413345fc7805017e27ea9fa4885fd74cd61b2911711ad038f5d28d71474" +SRC_URI[tzcode.sha256sum] = "697ebe6625444aef5080f58e49d03424bbb52e08bf483d3ddb5acf10cbd15740" +SRC_URI[tzdata.sha256sum] = "4aa79e4effee53fc4029ffe5f6ebe97937282ebcdf386d5d2da91ce84142f957" From patchwork Thu Apr 2 05:21:26 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85115 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E98ACC6B08 for ; Thu, 2 Apr 2026 05:22:25 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.9316.1775107337385532251 for ; Wed, 01 Apr 2026 22:22:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=nM/awpwO; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-486fb14227cso5606635e9.3 for ; Wed, 01 Apr 2026 22:22:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775107335; x=1775712135; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Yf0XsnomTWi9rqR3Oa+H9KLfMee9jJl+5wyST/aPf1I=; b=nM/awpwOhVJuBpaW5el+QEwagGIRJncZhsZuQs37llac9WjbWjm4+69FE2iRC9S+J9 PPI0YYQWvJg87pc4sDxz65AKbrBDHNTePTZH7uAWadQMCjdoR/MJy18K3aYZemAxXz2G vo0sx8UbXDwSzdjhwClhNwdLtk34gVvzog9xg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775107335; x=1775712135; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Yf0XsnomTWi9rqR3Oa+H9KLfMee9jJl+5wyST/aPf1I=; b=R8UR5R9bBSzx4J67aGH/i4SsjmJ2ttkJ8IN135aWJ2nUOong3PXlTXGyNYlEK1Y9Hd LRWtWdhnx1joYFF4fY99+yHKirI/Hz8Z+ncF2urfMvyMb5zmb7WxSjp6zKAg1HErcAmQ 39XEMJWDZSxO46fy96g6i+Kflf1tCG+XB+vyxPgYNpBGfqquJbrTpVuVSRZIMky6HGF3 Sn18LbpWPkea7Z6AuOgG1BjGIHUtIzTnzBmRu/g0RL0/8vw7ohdFUyObVRJB4VNayL9N XpoyqDvkUxOxpcRaaURAqHZnVQL0gZGPp3QEwB8l2SOUK/RcRtiyIt6PmaWcz3X+mjR5 V8Wg== X-Gm-Message-State: AOJu0YwIDwcWdELRmClTrPpBXHHvlChORGWsqZXEWLrSmJ377sjeOzWs pPtt4p50cNTEFEC3AOcdcy5xsbPieQpFr5fK3uz4ryoVcrpUxOVs3Qg1O/3btJPJjFxEPp9oZfK rl325s3w= X-Gm-Gg: ATEYQzywLyP87/zv0wqxUcymeiT0rtMMI6Qfm4pjER7lWUfX9iPvFb5/Pp0Jn2Y5VIb XrPcF50y17UnlyTuHbrWV30Sq5yztHA1v7gIyUAcwv+lBHgbZat0kQc8M5ugGxd5zM+9oi3ilIq bkDFkvebzTdbvYsE8qCXyZquohwRTURzFuQhg1jE/QABAZ624xYG1YDwXhrFqL9YE8/BMxfScPw 1JgDdmY/WgzazAW/GjsbUeCggmpUV341vSq/ZQLVBM26g9Ovuy3DbjXxVRjy/UvGRd5N8SVdbyp SOdlSnZH5rCQZJ/Y4ZxDfte5NJR/1fooDMTUuM149AwcT71xcoejMO3SALOOBmIHnr7hnUzMkR0 nSTEXhzUbXfBGfzygyXizx6/jsCUC6zTM4C1Af319DiB6uHs/ISbSzg0j7AHVzTYUPpvH5OcfGJ z/TVELWMkOfSkvdzL1g9ypueY1fYMIqKPbvu6z3145hXiEPDmjbqkx2jDkfXBDWw4eg0wgJ6GXu A3bocuTCZfHS5H8TmhIeS+y4rY= X-Received: by 2002:a05:600c:8184:b0:485:3aa1:a7f1 with SMTP id 5b1f17b1804b1-48883575d52mr105571265e9.7.1775107335539; Wed, 01 Apr 2026 22:22:15 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887e829c43sm151111865e9.5.2026.04.01.22.22.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 22:22:15 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 09/15] expat: Fix CVE-2026-32776 Date: Thu, 2 Apr 2026 07:21:26 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 05:22:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234481 From: Deepak Rathore Pick the patch [1] as mentioned in [2]. [1] https://github.com/libexpat/libexpat/commit/5be25657583ea91b09025c858b4785834c20f59c [2] https://security-tracker.debian.org/tracker/CVE-2026-32776 Signed-off-by: Deepak Rathore Signed-off-by: Yoann Congal --- .../expat/expat/CVE-2026-32776.patch | 90 +++++++++++++++++++ meta/recipes-core/expat/expat_2.7.4.bb | 1 + 2 files changed, 91 insertions(+) create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32776.patch diff --git a/meta/recipes-core/expat/expat/CVE-2026-32776.patch b/meta/recipes-core/expat/expat/CVE-2026-32776.patch new file mode 100644 index 00000000000..357c41a763b --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2026-32776.patch @@ -0,0 +1,90 @@ +From dfc050e8c22c40a709a824573efd8691194c1469 Mon Sep 17 00:00:00 2001 +From: Francesco Bertolaccini +Date: Tue, 3 Mar 2026 16:41:43 +0100 +Subject: [PATCH] Fix NULL function-pointer dereference for empty external + parameter entities + +When an external parameter entity with empty text is referenced inside +an entity declaration value, the sub-parser created to handle it receives +0 bytes of input. Processing enters entityValueInitProcessor which calls +storeEntityValue() with the parser's encoding; since no bytes were ever +processed, encoding detection has not yet occurred and the encoding is +still the initial probing encoding set up by XmlInitEncoding(). That +encoding only populates scanners[] (for prolog and content), not +literalScanners[]. XmlEntityValueTok() calls through +literalScanners[XML_ENTITY_VALUE_LITERAL] which is NULL, causing a +SEGV. + +Skip the tokenization loop entirely when entityTextPtr >= entityTextEnd, +and initialize the `next` pointer before the early exit so that callers +(callStoreEntityValue) receive a valid value through nextPtr. + +CVE: CVE-2026-32776 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/5be25657583ea91b09025c858b4785834c20f59c] + +(cherry picked from commit 5be25657583ea91b09025c858b4785834c20f59c) +Signed-off-by: Deepak Rathore +--- + lib/xmlparse.c | 9 ++++++++- + tests/basic_tests.c | 19 +++++++++++++++++++ + 2 files changed, 27 insertions(+), 1 deletion(-) + +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index a187a3a1..10297c9a 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -6780,7 +6780,14 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc, + return XML_ERROR_NO_MEMORY; + } + +- const char *next; ++ const char *next = entityTextPtr; ++ ++ /* Nothing to tokenize. */ ++ if (entityTextPtr >= entityTextEnd) { ++ result = XML_ERROR_NONE; ++ goto endEntityValue; ++ } ++ + for (;;) { + next + = entityTextPtr; /* XmlEntityValueTok doesn't always set the last arg */ +diff --git a/tests/basic_tests.c b/tests/basic_tests.c +index 0231e094..8be3492d 100644 +--- a/tests/basic_tests.c ++++ b/tests/basic_tests.c +@@ -6213,6 +6213,24 @@ START_TEST(test_varying_buffer_fills) { + } + END_TEST + ++START_TEST(test_empty_ext_param_entity_in_value) { ++ const char *text = ""; ++ ExtOption options[] = { ++ {XCS("ext.dtd"), "" ++ ""}, ++ {XCS("empty"), ""}, ++ {NULL, NULL}, ++ }; ++ ++ XML_SetParamEntityParsing(g_parser, XML_PARAM_ENTITY_PARSING_ALWAYS); ++ XML_SetExternalEntityRefHandler(g_parser, external_entity_optioner); ++ XML_SetUserData(g_parser, options); ++ if (_XML_Parse_SINGLE_BYTES(g_parser, text, (int)strlen(text), XML_TRUE) ++ == XML_STATUS_ERROR) ++ xml_failure(g_parser); ++} ++END_TEST ++ + void + make_basic_test_case(Suite *s) { + TCase *tc_basic = tcase_create("basic tests"); +@@ -6458,6 +6476,7 @@ make_basic_test_case(Suite *s) { + tcase_add_test(tc_basic, test_empty_element_abort); + tcase_add_test__ifdef_xml_dtd(tc_basic, + test_pool_integrity_with_unfinished_attr); ++ tcase_add_test__ifdef_xml_dtd(tc_basic, test_empty_ext_param_entity_in_value); + tcase_add_test__if_xml_ge(tc_basic, test_entity_ref_no_elements); + tcase_add_test__if_xml_ge(tc_basic, test_deep_nested_entity); + tcase_add_test__if_xml_ge(tc_basic, test_deep_nested_attribute_entity); +-- +2.51.0 diff --git a/meta/recipes-core/expat/expat_2.7.4.bb b/meta/recipes-core/expat/expat_2.7.4.bb index 95a1ed52c41..a1cbf77ae10 100644 --- a/meta/recipes-core/expat/expat_2.7.4.bb +++ b/meta/recipes-core/expat/expat_2.7.4.bb @@ -10,6 +10,7 @@ VERSION_TAG = "${@d.getVar('PV').replace('.', '_')}" SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \ file://run-ptest \ + file://CVE-2026-32776.patch \ " GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/" From patchwork Thu Apr 2 05:21:27 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85117 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 44FB3CC6B09 for ; Thu, 2 Apr 2026 05:22:25 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.9231.1775107337976824462 for ; Wed, 01 Apr 2026 22:22:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=IUxNlwlP; spf=pass (domain: smile.fr, ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-4853c1ca73aso3685205e9.2 for ; Wed, 01 Apr 2026 22:22:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775107336; x=1775712136; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NT98RqoNBg1Js1ko9uJ0xWVbf5uUW+ZKrs3JDdESzUk=; b=IUxNlwlPVzBKELFp4yiVRW13mem7qRGwIsknb1INhN6M5Bh5VU+jh6D36+dsl7FiJg A45BiZunstqi3qc9+m0rHAAypZVdd+QUgHO2RmSVpk8IvpHoL5VklGxHeh/VN7natra9 Ha9YzwUuX5zFKGrbudWN5ImsBzKNork7v0yEU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775107336; x=1775712136; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=NT98RqoNBg1Js1ko9uJ0xWVbf5uUW+ZKrs3JDdESzUk=; b=BV+dkb66RPk+yNmi5+ELh+0tIHohYEZJgB9TfRmysBZCSNvBjR7pfSfCZ9LJDDbJXD A8a0YjOcdGpJ5bejZH6s2KMTpY2Lz56O4ZP6yIyoUbHpmfAnrx2t63HN/9lAVRAsc8gW 1VkpBGT74Spl1BOksfzomIzy/GbPH6+pq7DtGF3NvW4Uv1c9pE9xMxWuo5UnAUed+RJB QqJUoFtQxKG7uftiAq5/CbqDD6qYYMBcbebTpl1D/jfQQB5QE3N+e98//8tkoyHMOURw 6pCPlgLPlcC83g1gWJ9swcnWnkA7BMwuTUvWNzEmDKJIx1ZgEynKc7kTbmAFSyVSkhSw a9qQ== X-Gm-Message-State: AOJu0YwuiszRGZLUXySRypY7/QRv+X3eNVj5X6OK/7w83+gW+lluIycM h4JoHoGvF65X2JQ6+uziKgacIzB/5zPt2ggtwNHmbaWtUvu4QxJSGzLiJv3kmJOiZX8Wvcp34fD pLxR4//A= X-Gm-Gg: ATEYQzx10TKyXHXdmjipObiqqhK5MFhvKxPcbg26AdYtzfiW6y3TptMqQ/YUznr6ku+ s3qBjFXqDtch7Dc5ln7F04v0C73+qZIzg4xopAlCKcrgC73IUZ0tLU/oQIdxW/g7eG5Xlw/7O6h YuuFOYvboN8egeYHoRdwRoMkLVXphQLTQtvYzEJK9EvN3BGn8gyFAYvi53LHidKr1c7XB8z1bcx JgL2xEUWBW9tmZ/X3lraiSYUQHCtlRXJOHbe0bUN2XQvgXEp3cYQospV+MqeuFNLqBfWh7x54Wu XnltEv3+MxPFoBTwskqIuSiwUqH+nOy8+FoM5JtZw+FbT3Io8Sk5TjTffaZkZBkY2rkUl8Vj7QW 8Vle2O3FglcPYt616P6UrAGv7iYrM4VWydXzgemSt5VA04puKOyyIpypnIR/uygqNTuJfY5oyy8 9G8NdY8y+Es19vvnsfSzHzeRxyuc7Lp+Qqaszoue+tRXsG/GajXXKK2S54Rjvc72UYD18R1qcRL QMumaSzlsYs1Tqacx3RMikkkv8= X-Received: by 2002:a05:600c:19d0:b0:486:fe39:28b7 with SMTP id 5b1f17b1804b1-4888356d90cmr98695275e9.9.1775107336053; Wed, 01 Apr 2026 22:22:16 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887e829c43sm151111865e9.5.2026.04.01.22.22.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 22:22:15 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 10/15] expat: Fix CVE-2026-32777 Date: Thu, 2 Apr 2026 07:21:27 +0200 Message-ID: <4e8ac83e9988871adec21f8f35f18272d3b576ae.1775106968.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 05:22:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234482 From: Deepak Rathore Pick the patch [1] and [2] as mentioned in [3]. [1] https://github.com/libexpat/libexpat/commit/55cda8c7125986e17d7e1825cba413bd94a35d02 [2] https://github.com/libexpat/libexpat/commit/a7805c1a8a48d2ce83ef289cf55bdc8b45de76a8 [3] https://security-tracker.debian.org/tracker/CVE-2026-32777 Signed-off-by: Deepak Rathore Signed-off-by: Yoann Congal --- .../expat/expat/CVE-2026-32777_p1.patch | 48 ++++++++++++++ .../expat/expat/CVE-2026-32777_p2.patch | 65 +++++++++++++++++++ meta/recipes-core/expat/expat_2.7.4.bb | 2 + 3 files changed, 115 insertions(+) create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32777_p1.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32777_p2.patch diff --git a/meta/recipes-core/expat/expat/CVE-2026-32777_p1.patch b/meta/recipes-core/expat/expat/CVE-2026-32777_p1.patch new file mode 100644 index 00000000000..4b30b406ede --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2026-32777_p1.patch @@ -0,0 +1,48 @@ +From db449df6a700b677cedf723d7be578457e0bc9c7 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping +Date: Sun, 1 Mar 2026 20:16:13 +0100 +Subject: [PATCH] lib: Reject XML_TOK_INSTANCE_START infinite loop in + entityValueProcessor + +.. that OSS-Fuzz/ClusterFuzz uncovered + +CVE: CVE-2026-32777 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/55cda8c7125986e17d7e1825cba413bd94a35d02] + +(cherry picked from commit 55cda8c7125986e17d7e1825cba413bd94a35d02) +Signed-off-by: Deepak Rathore +--- + lib/xmlparse.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index 10297c9a..c5bd7059 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -5080,7 +5080,7 @@ entityValueInitProcessor(XML_Parser parser, const char *s, const char *end, + } + /* If we get this token, we have the start of what might be a + normal tag, but not a declaration (i.e. it doesn't begin with +- " +Date: Fri, 6 Mar 2026 18:31:34 +0100 +Subject: [PATCH] misc_tests.c: Cover XML_TOK_INSTANCE_START infinite loop + case + +.. that OSS-Fuzz/ClusterFuzz uncovered + +CVE: CVE-2026-32777 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/a7805c1a8a48d2ce83ef289cf55bdc8b45de76a8] + +(cherry picked from commit a7805c1a8a48d2ce83ef289cf55bdc8b45de76a8) +Signed-off-by: Deepak Rathore +--- + tests/misc_tests.c | 30 ++++++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) + +diff --git a/tests/misc_tests.c b/tests/misc_tests.c +index 2a805454..bdec886d 100644 +--- a/tests/misc_tests.c ++++ b/tests/misc_tests.c +@@ -771,6 +771,35 @@ START_TEST(test_misc_async_entity_rejected) { + } + END_TEST + ++START_TEST(test_misc_no_infinite_loop_issue_1161) { ++ XML_Parser parser = XML_ParserCreate(NULL); ++ ++ const char *text = ""; ++ ++ struct ExtOption options[] = { ++ {XCS("secondary.txt"), ++ ""}, ++ {XCS("tertiary.txt"), " X-Patchwork-Id: 85110 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02A60CC6B05 for ; Thu, 2 Apr 2026 05:22:25 +0000 (UTC) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.9232.1775107338576553958 for ; Wed, 01 Apr 2026 22:22:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Ush3AMKC; spf=pass (domain: smile.fr, ip: 209.85.128.50, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-4852c9b4158so3484555e9.0 for ; Wed, 01 Apr 2026 22:22:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775107337; x=1775712137; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=L5KSQC9EOOcOX5Zcwlo9YCFnkiwV+APWGbCx0iIoPwU=; b=Ush3AMKCSq7ggZ0FPAq9ZYtZgsesMSIKkgHlIzltjKeDaiMf95G/mXIGaIY/t1kBeI KXww6r53SShB3m4uHc6wkdjMh7u6vjtZa9LjiwwWmecHen1JTwXalW9JYMeWds9/9jmM cVQxDTpr1qcojg0zJ0lE3CizxBoSdMOW8Aq2U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775107337; x=1775712137; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=L5KSQC9EOOcOX5Zcwlo9YCFnkiwV+APWGbCx0iIoPwU=; b=ktpcWN8mclGmPPEMTPq1zXmGiwubedpuVB9eyDFiqVz1DgoiL0IiGDPfUYcWs6SSPH etgUgUYwpNCap62ahJ0l38CTzPa1Va8vt675DUL5DUQb0rRMfuN7aSg12vMnmf0Nde70 IdAJYTDnHhQC6/iHZS3UgJVJ5Klq+XeNQ6qRlIGXIBuM+KUZ/DaI9HeNNxlxDaHctHDr Hfso+kyDduFuBNYsDwml0G0RN1QtgkTu+BlQDL67f7edi00ePWO5j+eCvSybpI1BNYfc 3WjRhjx53UozyYRiUra4mfwt6lPlSzzazQ8sC9LGr5qt6O+KouDGWy4rPHPIOxzCNIvY im9w== X-Gm-Message-State: AOJu0YzMDksqB79Lsa+p3LjqFQFwUGDlv5+Cn8HAPrECYH8nGTxCOShn RevjGHHTdvVdepVo+eImJpaiHZyJRO1I9ZSIPRFW88HnI0KNNpvEWgFdN3URQX/BnFxg7Vg0DKW KGKEvz4Q= X-Gm-Gg: ATEYQzzJjWAbV2NbMf/4C0/3LwdGe91YwSsF4ppZitoSrqoqUfZ2/t/V6NnruheF216 1f5wYjFOSnocPhsxJ8mrhznu29lGtWXfxloz65zZsBu3bJFZB99fR8EPXiPhJektOtH/TnkKCkk 6R/5wjUaCZxP570/sOAvPMJt1XpkI5L1QqOScGylnmdTaA8bdBZfNwwUG7CAIa81a4SmxCOeCZ6 In+M26F3DIv6d+O429N8AZo10tplJLFoLr1KnwQxqyS/K8Q7iMGaCqNwsC/vo0zzTRAmMwVqMyR 424d96EtZOOk+iXhtnBBYYrAiSCvQWqPkKWZ4nwIlgyG/6OWTvIPzwubfdt1ExywpGBTjCRQKhO hxwUtKan0gaMyNIUmll1uTCYzuLg4YBNjMeyyAfXOTUkNuwMggiViQpSmNHMH12EHYLQ3RJ+crt eNQTebrltvvxGriwfXQvKEIhf8Ah5lZ7eoYpVqgnQ1InWG6iZRF+BCVzTZzbVd89QoUqzP0uN63 TaOnq8woTy/+ubG8dRbAlrJIi3skT78Y6ZfHg== X-Received: by 2002:a05:600c:b99:b0:485:3f1c:d8a4 with SMTP id 5b1f17b1804b1-4888b70fbdemr30414815e9.9.1775107336603; Wed, 01 Apr 2026 22:22:16 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887e829c43sm151111865e9.5.2026.04.01.22.22.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 22:22:16 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 11/15] expat: Fix CVE-2026-32778 Date: Thu, 2 Apr 2026 07:21:28 +0200 Message-ID: <99a802ea686b2eb05a78dfc31c99dc3ffdaab26e.1775106968.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 05:22:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234483 From: Deepak Rathore Pick the patch [1] and [2] as mentioned in [3]. [1] https://github.com/libexpat/libexpat/commit/576b61e42feeea704253cb7c7bedb2eeb3754387 [2] https://github.com/libexpat/libexpat/commit/d5fa769b7a7290a7e2c4a0b2287106dec9b3c030 [3] https://security-tracker.debian.org/tracker/CVE-2026-32778 Signed-off-by: Deepak Rathore Signed-off-by: Yoann Congal --- .../expat/expat/CVE-2026-32778_p1.patch | 90 +++++++++++++++++++ .../expat/expat/CVE-2026-32778_p2.patch | 59 ++++++++++++ meta/recipes-core/expat/expat_2.7.4.bb | 2 + 3 files changed, 151 insertions(+) create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32778_p1.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32778_p2.patch diff --git a/meta/recipes-core/expat/expat/CVE-2026-32778_p1.patch b/meta/recipes-core/expat/expat/CVE-2026-32778_p1.patch new file mode 100644 index 00000000000..35a7c628651 --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2026-32778_p1.patch @@ -0,0 +1,90 @@ +From fa84dfe9d7c817315e3d77ae632aeecf6fe2cd84 Mon Sep 17 00:00:00 2001 +From: laserbear <10689391+Laserbear@users.noreply.github.com> +Date: Sun, 8 Mar 2026 17:28:06 -0700 +Subject: [PATCH] copy prefix name to pool before lookup + +.. so that we cannot end up with a zombie PREFIX in the pool +that has NULL for a name. + +CVE: CVE-2026-32778 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/576b61e42feeea704253cb7c7bedb2eeb3754387] + +Co-authored-by: Sebastian Pipping +(cherry picked from commit 576b61e42feeea704253cb7c7bedb2eeb3754387) +Signed-off-by: Deepak Rathore +--- + lib/xmlparse.c | 43 +++++++++++++++++++++++++++++++++++-------- + 1 file changed, 35 insertions(+), 8 deletions(-) + +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index c5bd7059..eee283a4 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -591,6 +591,8 @@ static XML_Char *poolStoreString(STRING_POOL *pool, const ENCODING *enc, + static XML_Bool FASTCALL poolGrow(STRING_POOL *pool); + static const XML_Char *FASTCALL poolCopyString(STRING_POOL *pool, + const XML_Char *s); ++static const XML_Char *FASTCALL poolCopyStringNoFinish(STRING_POOL *pool, ++ const XML_Char *s); + static const XML_Char *poolCopyStringN(STRING_POOL *pool, const XML_Char *s, + int n); + static const XML_Char *FASTCALL poolAppendString(STRING_POOL *pool, +@@ -7446,16 +7448,24 @@ setContext(XML_Parser parser, const XML_Char *context) { + else { + if (! poolAppendChar(&parser->m_tempPool, XML_T('\0'))) + return XML_FALSE; +- prefix +- = (PREFIX *)lookup(parser, &dtd->prefixes, +- poolStart(&parser->m_tempPool), sizeof(PREFIX)); +- if (! prefix) ++ const XML_Char *const prefixName = poolCopyStringNoFinish( ++ &dtd->pool, poolStart(&parser->m_tempPool)); ++ if (! prefixName) { + return XML_FALSE; +- if (prefix->name == poolStart(&parser->m_tempPool)) { +- prefix->name = poolCopyString(&dtd->pool, prefix->name); +- if (! prefix->name) +- return XML_FALSE; + } ++ ++ prefix = (PREFIX *)lookup(parser, &dtd->prefixes, prefixName, ++ sizeof(PREFIX)); ++ ++ const bool prefixNameUsed = prefix && prefix->name == prefixName; ++ if (prefixNameUsed) ++ poolFinish(&dtd->pool); ++ else ++ poolDiscard(&dtd->pool); ++ ++ if (! prefix) ++ return XML_FALSE; ++ + poolDiscard(&parser->m_tempPool); + } + for (context = s + 1; *context != CONTEXT_SEP && *context != XML_T('\0'); +@@ -8044,6 +8054,23 @@ poolCopyString(STRING_POOL *pool, const XML_Char *s) { + return s; + } + ++// A version of `poolCopyString` that does not call `poolFinish` ++// and reverts any partial advancement upon failure. ++static const XML_Char *FASTCALL ++poolCopyStringNoFinish(STRING_POOL *pool, const XML_Char *s) { ++ const XML_Char *const original = s; ++ do { ++ if (! poolAppendChar(pool, *s)) { ++ // Revert any previously successful advancement ++ const ptrdiff_t advancedBy = s - original; ++ if (advancedBy > 0) ++ pool->ptr -= advancedBy; ++ return NULL; ++ } ++ } while (*s++); ++ return pool->start; ++} ++ + static const XML_Char * + poolCopyStringN(STRING_POOL *pool, const XML_Char *s, int n) { + if (! pool->ptr && ! poolGrow(pool)) { +-- +2.51.0 diff --git a/meta/recipes-core/expat/expat/CVE-2026-32778_p2.patch b/meta/recipes-core/expat/expat/CVE-2026-32778_p2.patch new file mode 100644 index 00000000000..0cbf2dd347c --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2026-32778_p2.patch @@ -0,0 +1,59 @@ +From 0b3d3b977ccaf18684ce951b818c56a7e704fb29 Mon Sep 17 00:00:00 2001 +From: laserbear <10689391+Laserbear@users.noreply.github.com> +Date: Sun, 8 Mar 2026 17:28:06 -0700 +Subject: [PATCH] test that we do not end up with a zombie PREFIX in the pool + +CVE: CVE-2026-32778 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/d5fa769b7a7290a7e2c4a0b2287106dec9b3c030] + +(cherry picked from commit d5fa769b7a7290a7e2c4a0b2287106dec9b3c030) +Signed-off-by: Deepak Rathore +--- + tests/nsalloc_tests.c | 27 +++++++++++++++++++++++++++ + 1 file changed, 27 insertions(+) + +diff --git a/tests/nsalloc_tests.c b/tests/nsalloc_tests.c +index 60fa87f8..9e26d4ee 100644 +--- a/tests/nsalloc_tests.c ++++ b/tests/nsalloc_tests.c +@@ -1505,6 +1505,32 @@ START_TEST(test_nsalloc_prefixed_element) { + } + END_TEST + ++/* Verify that retry after OOM in setContext() does not crash. ++ */ ++START_TEST(test_nsalloc_setContext_zombie) { ++ const char *text = "Hello"; ++ unsigned int i; ++ const unsigned int max_alloc_count = 30; ++ ++ for (i = 0; i < max_alloc_count; i++) { ++ g_allocation_count = (int)i; ++ if (XML_Parse(g_parser, text, (int)strlen(text), XML_TRUE) ++ != XML_STATUS_ERROR) ++ break; ++ /* Retry on the same parser — must not crash */ ++ g_allocation_count = ALLOC_ALWAYS_SUCCEED; ++ XML_Parse(g_parser, text, (int)strlen(text), XML_TRUE); ++ ++ nsalloc_teardown(); ++ nsalloc_setup(); ++ } ++ if (i == 0) ++ fail("Parsing worked despite failing allocations"); ++ else if (i == max_alloc_count) ++ fail("Parsing failed even at maximum allocation count"); ++} ++END_TEST ++ + void + make_nsalloc_test_case(Suite *s) { + TCase *tc_nsalloc = tcase_create("namespace allocation tests"); +@@ -1539,4 +1565,5 @@ make_nsalloc_test_case(Suite *s) { + tcase_add_test__if_xml_ge(tc_nsalloc, test_nsalloc_long_default_in_ext); + tcase_add_test(tc_nsalloc, test_nsalloc_long_systemid_in_ext); + tcase_add_test(tc_nsalloc, test_nsalloc_prefixed_element); ++ tcase_add_test(tc_nsalloc, test_nsalloc_setContext_zombie); + } +-- +2.51.0 diff --git a/meta/recipes-core/expat/expat_2.7.4.bb b/meta/recipes-core/expat/expat_2.7.4.bb index da6e4bb657c..f1eff496881 100644 --- a/meta/recipes-core/expat/expat_2.7.4.bb +++ b/meta/recipes-core/expat/expat_2.7.4.bb @@ -13,6 +13,8 @@ SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \ file://CVE-2026-32776.patch \ file://CVE-2026-32777_p1.patch \ file://CVE-2026-32777_p2.patch \ + file://CVE-2026-32778_p1.patch \ + file://CVE-2026-32778_p2.patch \ " GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/" From patchwork Thu Apr 2 05:21:29 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85118 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65B86CC6B0B for ; Thu, 2 Apr 2026 05:22:25 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.9233.1775107338913800255 for ; Wed, 01 Apr 2026 22:22:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=GCxsUmYM; spf=pass (domain: smile.fr, ip: 209.85.128.54, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-48702d51cd0so5233045e9.2 for ; Wed, 01 Apr 2026 22:22:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775107337; x=1775712137; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BdC10byt721TSx6b3cWr6pgEyRusBHwDSoDpwh+GSJM=; b=GCxsUmYMtMtcAnlsQpta3k+eSuq2lGHG84Id6nOk1V23qTLf+uBjqgahiB1uzufr2n AhzO5xjIDuR0CuDhwYmZze9pyv/BAaoi8YsRe0hsJB4XFv5f8lliVESIPqKPB4FckuBz vO3HpqjqYiOdiPM/RFcH4ndVowk0AWafN+QTE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775107337; x=1775712137; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=BdC10byt721TSx6b3cWr6pgEyRusBHwDSoDpwh+GSJM=; b=YpZ5fg+hF+9gy/QJYy1Oh+TrqVOFPkIhHrckiqXl4qAsOCd+11xd7v8JZ3oFtBAj9r qfjW7v/lIVtqLtBJga4RFIYwP/tgkWIfX4HKmI57ZTweGvpxTorzYI5Wo6mInq+6abRa UaolwCADcA8az6uy+DoYeoPtoQ0Bf6hGh/bcGWDjQPwZwDKZVDSJlTfinSS2v9YIfU4R 0NCGriQ8ZK7ztFG4HgCFh7IRyMRMcircfHSpA085MFeZjM5H/0hzdZPzZiU5k5PKS3di 83/hEkRGNZ0MilwmQ1QJMvL411spnocXvE8T3UmjulM7/KMOb8nl/iuMUzqTEkJ/0UEf L7dA== X-Gm-Message-State: AOJu0YyXNyjcaDhzQ7pQeoH1/lt+0xHm/eGQKKnu/wJTQXtH8Isjrfag /X4d0y0tJKlsUxuAg25+PFJ8qc4q7LX98vd2VirT8ah4U2ZkTAVVp1dAknStIekD8WNTdQ3Zh6X MHYtGFw4= X-Gm-Gg: ATEYQzxNjx6D+ilKixshuzbLtsqPaDVS3t/OGBn9ODbovfTk+lsxzfqU6C73b0dt/FN dQctXI99tlLkjAqgD5zCubVH/T7SrRXmA81uiF4zdxvaNgDUNgN7pVVnLdioZER//aqgpikBvQn 1LdFvr6ceVxWKdPcyHEw4Scnm03FHDj5X01N0gDMROc06iRwd/o9ok9URy15ZdS2blIwNSxWqsN banQCek+VMYZKo3os2hGp8gjkwofUG91rCI48bkYCmBz2SBnQ7yrU8o+aDSf05tfhUjQu5wZbWm cuooSv0I4OM2FTzmRq6Su+P0nZx/DF5Mmro3hLCNVEQHWA9xx3KZHdGXNYLm3C4sCDn/aRpn7WX M9SeHC6hvVRT7D9LezjIB8alAR7mGhfEb34LAmopN3DTkb4kGCAaE2RcGMVKtdpBdwG+pDZanAU mEqyJ7oRjrO5Y4u1VBZAn11iKlJ+xD6b5gavvCmCTs5rVZqmAoKJlXq5E/5x4cUNsXlgtrfp+2M 9Vb9HqihaiJuOZ1pbVSbO7zSfg= X-Received: by 2002:a05:600c:34d0:b0:487:2651:dd6b with SMTP id 5b1f17b1804b1-4888359ac5bmr109853255e9.29.1775107337050; Wed, 01 Apr 2026 22:22:17 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887e829c43sm151111865e9.5.2026.04.01.22.22.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 22:22:16 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 12/15] tzdata/tzcode-native: upgrade 2025c -> 2026a Date: Thu, 2 Apr 2026 07:21:29 +0200 Message-ID: <5f499b815ff4ad073a576ddc5183a53da8b0e72d.1775106968.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 05:22:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234484 From: Jinfeng Wang Signed-off-by: Jinfeng Wang Signed-off-by: Richard Purdie (cherry picked from commit 217ede26d64901d9a38fc119efa684487714c08a) Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- meta/recipes-extended/timezone/timezone.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index b9323432b8d..00bb704e360 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2025c" +PV = "2026a" SRC_URI = "http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${UNPACKDIR}/tz" UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "697ebe6625444aef5080f58e49d03424bbb52e08bf483d3ddb5acf10cbd15740" -SRC_URI[tzdata.sha256sum] = "4aa79e4effee53fc4029ffe5f6ebe97937282ebcdf386d5d2da91ce84142f957" +SRC_URI[tzcode.sha256sum] = "f80a17a2eddd2b54041f9c98d75b0aa8038b016d7c5de72892a146d9938740e1" +SRC_URI[tzdata.sha256sum] = "77b541725937bb53bd92bd484c0b43bec8545e2d3431ee01f04ef8f2203ba2b7" From patchwork Thu Apr 2 05:21:30 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85116 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7D914CC6B0A for ; Thu, 2 Apr 2026 05:22:25 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.9317.1775107339417325062 for ; Wed, 01 Apr 2026 22:22:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=30scb44T; spf=pass (domain: smile.fr, ip: 209.85.128.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-488879b2e6aso3196575e9.1 for ; Wed, 01 Apr 2026 22:22:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775107337; x=1775712137; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6ukHtWWifh5+BjigOsyyl4zDIGGRJbOUMrE6QCSUo8U=; b=30scb44TL4DhtqnjdUpBxY9o6PG2K7mws4oLcSYZYXI7NGANbeCVh56wniUxSqSlvK 8DWyCQLdDa0grO5aaYlMt+4e7x9zxENsUuao0O+74MzeTozA3eW35/gpl7eNA5axZ5dV /b2XoR0RovVzMmvVF+a9vVkKcGHZ4zh4fI6/U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775107337; x=1775712137; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=6ukHtWWifh5+BjigOsyyl4zDIGGRJbOUMrE6QCSUo8U=; b=LfO+HGa8lq1ZfEyqzT4wAgWuShMuk/DzZu5NDw69slCUcX1OBWhySQPe4oKiTq3ML5 DG9wFAjKtqV7mVk+P4gMQ6P060U+2jSvNp0FPHUUyl2U3V/vdEokF6KKXhugmYX1Fj8E uZZZG21jnUbGhyR7YUggHLi49GswyzPhPMDXhWCmYY9J3qmmoUGvajTCxUCfj84atJD6 BCwovo/ZPz7cbJ+eg1po3AkXaDbqS5N0rNVhvVQRzkE6nlqMaWHWsy3ZUe8IQbSxM1cd LBMQzJlHj26PbJFOLf206pi39ENbWCGauJFNbSOln0QZZNLbpCcf6A/4uOszQfxFuxGx 9cHQ== X-Gm-Message-State: AOJu0YwT/KkqkyF9Kg/hXl/u1DOa1WgtJnBDsATvkWTAtvqLn6pqwSy3 5ZG2ap+47FBM/Q71HntlUqOzMNKhliQQFRWUxDZDNkEQGWW6aretMT+CzR1Y9VrwIuJXifJE6QV sIrUe7H4= X-Gm-Gg: ATEYQzy0Qk4k8cG4KVjcfb6gN+vA8KrHiNJybjhJ395MuF0mPGE2o9Kb9DfZLNT7eLg eRllrgWPTiFxdpDVDklJoW3Ni6TNPHbo8mzRcLmC08QIQdvZAaUuXptWsuwIJk9gShnpD5PtAmF 4YcEE8/pH9nZZpNw57/6esih6keFBInFC6XQAuiITCjFjhiBM9qzNL4t4cx8Tvm/4Qve6Lh7VEU jDkvgmc2772sR/7EskXxSFewb02HVUjBPV441NArGxJXK+RRf7biyEzHNpYSQbwt0eYt4XXoa6d G3TnEpjJmvJ3gzSOhfgNjB8r9dPxbU0b4RORRvzu8spB0Q+voHvmWD6fSxkuGv7K4C22uG5DNJV /1lm+huyF40vcchC4mVzj/EX8sRPlGA/253mch8BSdENLKva59VwQar6ZqKypIre397qG73MZkK hQkC/XsJBbin6RMQQ7/7X2SHwuccsDajcrQVkpd5DEmYK3kX9DlPL8gVqydqaw9OKdt999GrkH5 mJRz+dFRs/pjPMAW/pVmjaKmcY= X-Received: by 2002:a05:600c:8903:b0:485:3dfc:57c with SMTP id 5b1f17b1804b1-48883595db7mr80137555e9.21.1775107337571; Wed, 01 Apr 2026 22:22:17 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887e829c43sm151111865e9.5.2026.04.01.22.22.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 22:22:17 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 13/15] oe-setup-build: TEMPLATECONF were not applied correctly Date: Thu, 2 Apr 2026 07:21:30 +0200 Message-ID: <445b8820876c227cef49acdc54445eeb55399d67.1775106968.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 05:22:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234485 From: Logan Gallois Since a recent change to support dash, cmd_base is a set of several commands, separated by newlines. TEMPLATECONF was only effective for the first command in that set, which is not where it's needed. Putting it on its own line will ensure that it's present for everything in cmd_base. Signed-off-by: Logan Gallois Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit b0bec96403f94312a4ab87d4d489132f2eb853ea) [YC: The "recent change" is commit 35c900118248 ("oe-setup-build: fix dash support")] Signed-off-by: Yoann Congal --- scripts/oe-setup-build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/oe-setup-build b/scripts/oe-setup-build index edbcd48355a..7bcdeee4c32 100755 --- a/scripts/oe-setup-build +++ b/scripts/oe-setup-build @@ -98,7 +98,7 @@ def setup_build_env(args): f.write(cmd_base) print("\nRun '. {}' to initialize the build in a current shell session.\n".format(initbuild)) - cmd = "TEMPLATECONF={} {}".format(template["templatepath"], cmd_base) + cmd = "TEMPLATECONF={}\n{}".format(template["templatepath"], cmd_base) if not no_shell: cmd = cmd + " && {}".format(os.environ.get('SHELL','bash')) print("Running:", cmd) From patchwork Thu Apr 2 05:21:31 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85108 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9CE21CC6B03 for ; Thu, 2 Apr 2026 05:22:24 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.9234.1775107340539097548 for ; Wed, 01 Apr 2026 22:22:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Ec1bqIbb; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-48541edecf9so5069555e9.1 for ; Wed, 01 Apr 2026 22:22:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775107339; x=1775712139; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WOM8DlljZorlmNPL4S2F9nuXnHBtl1wOWkPWzkQ1KaQ=; b=Ec1bqIbbYiFP1UoUj/WT8yU9AZpc4lXBInlEW1WfLwAEyhvuMy53iMb0mNgpImfrxB gti2HBKPLzI0QGG+2hvdBV/fZbT2zgErZETylSoAONRFClMM1WQPeBcc3gRItLywMH5O DIfSJxOmGnYGumvKzmXMhHO0glPDAW9beTF14= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775107339; x=1775712139; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=WOM8DlljZorlmNPL4S2F9nuXnHBtl1wOWkPWzkQ1KaQ=; b=IioiMAa9XFG6VmpaZ9syG/8bFK4AqC9H92qRjDxp7TDoPGKCUOuZ5P+DRTXzbpwmRL ESsoY/7ShvCsKhXcntuFAGFFTMYvs22stCoK/Ta5oUZSoJsxhfWaPIzOgIDgVY+yfZtM cV8H06vEyXFVE/uzUboGnBCH4k17sCQAtjEjiVmMsUpWC6GZ7GcsPdwZbKBmWnHkCbDq oM+q8xFCRZzdN1zkJnb2ZZLJogcWrw5J3i1c+jeJ8UK24XByTxOGPF/6KeCGO717MdnR XtgNL39m4rhzjWCpGNsOdyXHlxglDly6AL1ITmj8dVSw3DVXPJ45xg5h1NOIR/hR/Kgw B1sQ== X-Gm-Message-State: AOJu0YwLHKcPb2A89VGGrVs6ZX3Vxxecc47SrzZPmVQuejvBnaFsICWo bCrZQiBKHbEEhUwY3+uhDtc4lHRmTXw72u565WlKi97z+cF1q/GinkOOkoL8llam86q7zUn3PnK FjelLx0U= X-Gm-Gg: ATEYQzwDitt5a+T2FT5j/rD21XojqLxa7qDREnyqxZk6Q4ubMDxkFpjYPDB5DJBqYPp Jsrqv6aS5KF0AqKaS/GuLoBgM4ELuEBn92dwJ48JxKZnCcDw8OJsAEXL2ha1KA1zwQak2jWdac1 iR3gik978AymkxDf7SoktfvOh1rwwV9LGjALIpVmo66U5VHTVc/INVF1HLWIDvd+PqJue5Dv4Jl IhZLOg8hzAycTV8iH8sTnGHKhTQUFautVV5530tgIJQl0B8LB7M2/fTb/T43EJkcgB/41hWQLty 2FnxYZfEU6FkI76V4WkI6TePc8ARYbXD+ZB+77S5FLXk7fyBRRg4jqV8WbcP2uSGBnatqLzfWd3 gT8lyfylULawF2idualw3dQ8K37LDpwlyJF6KSSTYHRVH05u1qzeDnxDBWGCVQTUL33wzZWXvyi 8BWLrztVbHG4ZX7Tfp0U0nUAsGRLAD5n2IKyGk9jwyrDS+4za8zhMGd6igbZks+u3pcbQNeP5iz 3Ar2xAbyPSiRudfEEMpzFcJhiQ= X-Received: by 2002:a05:600c:c04a:b0:483:7903:c3b1 with SMTP id 5b1f17b1804b1-488835b2f54mr75249935e9.20.1775107338521; Wed, 01 Apr 2026 22:22:18 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887e829c43sm151111865e9.5.2026.04.01.22.22.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 22:22:17 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 14/15] vim: Fix CVE-2026-25749 Date: Thu, 2 Apr 2026 07:21:31 +0200 Message-ID: <0542f6fa58e7627137d61416eccfa4f5bed950a7.1775106968.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 05:22:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234486 From: Anil Dongare Pick patch from [1] also mentioned in [2] [1] https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-25749 Signed-off-by: Anil Dongare Signed-off-by: Yoann Congal --- .../vim/files/CVE-2026-25749.patch | 64 +++++++++++++++++++ meta/recipes-support/vim/vim.inc | 1 + 2 files changed, 65 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2026-25749.patch diff --git a/meta/recipes-support/vim/files/CVE-2026-25749.patch b/meta/recipes-support/vim/files/CVE-2026-25749.patch new file mode 100644 index 00000000000..8b04379b9b7 --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-25749.patch @@ -0,0 +1,64 @@ +From e0065a61a42bdff9c75aa18104f8ff546938395f Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Thu, 5 Feb 2026 18:51:54 +0000 +Subject: [PATCH] patch 9.1.2132: [security]: buffer-overflow in 'helpfile' + option handling + +Problem: [security]: buffer-overflow in 'helpfile' option handling by + using strcpy without bound checks (Rahul Hoysala) +Solution: Limit strncpy to the length of the buffer (MAXPATHL) + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43 + +CVE: CVE-2026-25749 +Upstream-Status: Backport [https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9] + +Backport Changes: +- Excluded changes to src/version.c and runtime/doc/version9.txt + from this backport. This file only tracks upstream version increments. + We are applying a security fix, not a version upgrade. These changes + were skipped to maintain current package versioning and avoid merge conflicts. + +Signed-off-by: Christian Brabandt +(cherry picked from commit 0714b15940b245108e6e9d7aa2260dd849a26fa9) +Signed-off-by: Anil Dongare +--- + src/tag.c | 2 +- + src/testdir/test_help.vim | 9 +++++++++ + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/tag.c b/src/tag.c +index 6912e8743..a32bbb245 100644 +--- a/src/tag.c ++++ b/src/tag.c +@@ -3348,7 +3348,7 @@ get_tagfname( + if (tnp->tn_hf_idx > tag_fnames.ga_len || *p_hf == NUL) + return FAIL; + ++tnp->tn_hf_idx; +- STRCPY(buf, p_hf); ++ vim_strncpy(buf, p_hf, MAXPATHL - 1); + STRCPY(gettail(buf), "tags"); + #ifdef BACKSLASH_IN_FILENAME + slash_adjust(buf); +diff --git a/src/testdir/test_help.vim b/src/testdir/test_help.vim +index dac153d86..f9e4686bb 100644 +--- a/src/testdir/test_help.vim ++++ b/src/testdir/test_help.vim +@@ -222,4 +222,13 @@ func Test_helptag_navigation() + endfunc + + ++" This caused a buffer overflow ++func Test_helpfile_overflow() ++ let _helpfile = &helpfile ++ let &helpfile = repeat('A', 5000) ++ help ++ helpclose ++ let &helpfile = _helpfile ++endfunc ++ + " vim: shiftwidth=2 sts=2 expandtab +-- +2.43.7 + diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index c730f1d0cf9..044117a57ff 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https;tag=v${PV} file://disable_acl_header_check.patch \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ + file://CVE-2026-25749.patch \ " PV .= ".1683" From patchwork Thu Apr 2 05:21:32 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 85111 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD499CC6B01 for ; Thu, 2 Apr 2026 05:22:24 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.9318.1775107341096879836 for ; Wed, 01 Apr 2026 22:22:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=WvwYEN5d; spf=pass (domain: smile.fr, ip: 209.85.128.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-48541edecf9so5069675e9.1 for ; Wed, 01 Apr 2026 22:22:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1775107339; x=1775712139; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=k9+xSDTsPPkh4PsC4W+9yV3fnfR4zcYA21rucfGO9BQ=; b=WvwYEN5dRP4EGzLsJ+b7RCVudaewtZy9xK3dZLWZurN+7/QHCwyiJnxBx4+muZwFza QY4pyesYOH4kWt3LTCe3Todca05Lc9DDkftWgZ0lCbEXRIkUfyoddsRRLiw2xe1gJlja Mcr+I/om3XG+DjluvQVRXijgqYtbw5Vu5VbAg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775107339; x=1775712139; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=k9+xSDTsPPkh4PsC4W+9yV3fnfR4zcYA21rucfGO9BQ=; b=QeRBOk2udvgma9ZA5za0gMsWwGtMRig2ocGF/J1dh8fwfS5PZB29esHQj7GTgf3c7c 7wNcSG9pZvMbgRQnos8rv94bH3YlPPnByZ+D95wwecjmtMy9QyRRaLe0NrOQKpYOTUsJ cwUkC6rPJ2fwlH0TEhnqym3eCyexHWVTRbzOscD2/aKCOpHBJaZ1cFtDWuDlsYuqHDzN zxnYNzsO4Q7Kaggq8vLSKLknB9/N2ZJ+h9VG1/JLavwXUZXa31cRJrTAgejSuSvO9HPf k8kC+sarSu0bqCteAtNMM/7SpM8fWdWJqjbRABPBQr5mXs32H1tMDTW0NlC9Jp6zdXMH 1d4Q== X-Gm-Message-State: AOJu0YxSvl9+CE8+6Spb51I2/GJL2mKje3Pb3vKEnah+FQ3OR4OnFGLS uY8pp06aifIZgC5Zw/4pE8UOMwXDXnlnn5zQwW6H5y4zMz2kqnerDVqyXs3DyXajVYXuCIY0WzH 2i7ICG/c= X-Gm-Gg: ATEYQzxwpjK9i3N7S22oKbXNl/MeerfMn7wk1rpxOeVvYdpCgoQTD2JkF4D6+aGSlfo dd06iwTdhWwtTg7W5f9kmkPg/xk/Ofu1FOF4BRnQ9yenAx5NbqLJHRcX363d79ke+KENbjq+g6+ ertRszRsRX4Z3nzkdlnnrRzEWfO0wn8ex9VN63EezdfUY2mYKrwGNSpm3Pa4RY7Bue0wY8vV9bH +BW3/aOe0uYcG51id5JfgoZaz8g2A8s2Ve7WsM7xNHjYv1iOKue43On+/hhSYZWD5aqik4hMWHK FnHasPQ4cxEtp5YxQEb6FkQyVUUMvk1XTkZGFowcwKQZ5cCZ/sNos5uUet9lbrbwAaFqIYmNJkd 49TLVN4qsXXFUnxScFIdgty/Y7h4qyJfnLEWBuMahtp0mD6EPspXH0eWBT8nbGHozGGqE11I6Ys Wyfpfl9z95Y/pJrI/Sk22nJsP0BfQUevt77J2FhsBMt9iPlD2jkw9e0ipEvx4Bosgy9ruvCBufD w8XBpBnQOUPKpVT+3bEG0KUXi8= X-Received: by 2002:a05:600c:3515:b0:477:76bf:e1fb with SMTP id 5b1f17b1804b1-4888359cee3mr110508335e9.16.1775107339153; Wed, 01 Apr 2026 22:22:19 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887e829c43sm151111865e9.5.2026.04.01.22.22.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 22:22:18 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 15/15] vim: Fix CVE-2026-26269 Date: Thu, 2 Apr 2026 07:21:32 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 02 Apr 2026 05:22:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234487 From: Anil Dongare Pick patch from [1] also mentioned in [2] [1] https://github.com/vim/vim/commit/c5f312aad8e4179e437f81ad39a860cd0ef11970 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-26269 Signed-off-by: Anil Dongare Signed-off-by: Yoann Congal --- .../vim/files/CVE-2026-26269.patch | 150 ++++++++++++++++++ meta/recipes-support/vim/vim.inc | 1 + 2 files changed, 151 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2026-26269.patch diff --git a/meta/recipes-support/vim/files/CVE-2026-26269.patch b/meta/recipes-support/vim/files/CVE-2026-26269.patch new file mode 100644 index 00000000000..1f9a72bca1d --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-26269.patch @@ -0,0 +1,150 @@ +From 3cc246980b800454dda0603af410c77a8c1926e0 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Fri, 13 Feb 2026 10:27:12 +0100 +Subject: [PATCH] patch 9.1.2148: [security]: Buffer overflow in netbeans + interface + +Problem: [security]: Buffer overflow in netbeans special_keys() handling +Solution: Limit writing to max KEYBUFLEN bytes to prevent writing out of + bounds. + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-9w5c-hwr9-hc68 + +CVE: CVE-2026-26269 +Upstream-Status: Backport [https://github.com/vim/vim/commit/c5f312aad8e4179e437f81ad39a860cd0ef11970] + +Backport Changes: +- Excluded changes to src/version.c from this backport. This file only tracks + upstream version increments. We are applying a security fix, not a version + upgrade. These changes were skipped to maintain current package versioning + and avoid merge conflicts. + +Signed-off-by: Christian Brabandt +(cherry picked from commit c5f312aad8e4179e437f81ad39a860cd0ef11970) +Signed-off-by: Anil Dongare +--- + runtime/doc/version9.txt | 5 +++ + src/netbeans.c | 2 +- + src/testdir/test_netbeans.py | 4 ++- + src/testdir/test_netbeans.vim | 57 +++++++++++++++++++++++++++++++++++ + 4 files changed, 66 insertions(+), 2 deletions(-) + +diff --git a/runtime/doc/version9.txt b/runtime/doc/version9.txt +index b82071757..b32400f17 100644 +--- a/runtime/doc/version9.txt ++++ b/runtime/doc/version9.txt +@@ -41899,4 +41899,9 @@ features, but does not include runtime file changes (syntax, indent, ftplugin, + documentation, etc.) + + ++Patch 9.1.2148 ++Problem: [security]: Buffer overflow in netbeans special_keys() handling ++Solution: Limit writing to max KEYBUFLEN bytes to prevent writing out of ++ bounds. ++ + vim:tw=78:ts=8:noet:ft=help:norl:fdm=manual:nofoldenable +diff --git a/src/netbeans.c b/src/netbeans.c +index 4f5378512..8a341a20b 100644 +--- a/src/netbeans.c ++++ b/src/netbeans.c +@@ -2302,7 +2302,7 @@ special_keys(char_u *args) + if ((sep = strchr(tok, '-')) != NULL) + { + *sep = NUL; +- while (*tok) ++ while (*tok && i + 2 < KEYBUFLEN) + { + switch (*tok) + { +diff --git a/src/testdir/test_netbeans.py b/src/testdir/test_netbeans.py +index 0d6b09680..585886fb4 100644 +--- a/src/testdir/test_netbeans.py ++++ b/src/testdir/test_netbeans.py +@@ -112,7 +112,9 @@ class ThreadedTCPRequestHandler(socketserver.BaseRequestHandler): + 'startAtomic_Test' : '0:startAtomic!94\n', + 'endAtomic_Test' : '0:endAtomic!95\n', + 'AnnoScale_Test' : "".join(['2:defineAnnoType!60 ' + str(i) + ' "s' + str(i) + '" "x" "=>" blue none\n' for i in range(2, 26)]), +- 'detach_Test' : '2:close!96\n1:close!97\nDETACH\n' ++ 'detach_Test' : '2:close!96\n1:close!97\nDETACH\n', ++ 'specialKeys_overflow_Test' : '0:specialKeys!200 "' + 'A'*80 + '-X"\n' ++ + } + # execute the specified test + if cmd not in testmap: +diff --git a/src/testdir/test_netbeans.vim b/src/testdir/test_netbeans.vim +index d3d5e8baf..d1be5066e 100644 +--- a/src/testdir/test_netbeans.vim ++++ b/src/testdir/test_netbeans.vim +@@ -958,6 +958,58 @@ func Nb_bwipe_buffer(port) + sleep 10m + endfunc + ++func Nb_specialKeys_overflow(port) ++ call delete("Xnetbeans") ++ call writefile([], "Xnetbeans") ++ ++ " Last line number in the Xnetbeans file. Used to verify the result of the ++ " communication with the netbeans server ++ let g:last = 0 ++ ++ " Establish the connection with the netbeans server ++ exe 'nbstart :localhost:' .. a:port .. ':bunny' ++ call WaitFor('len(ReadXnetbeans()) > (g:last + 2)') ++ let l = ReadXnetbeans() ++ call assert_equal(['AUTH bunny', ++ \ '0:version=0 "2.5"', ++ \ '0:startupDone=0'], l[-3:]) ++ let g:last += 3 ++ ++ " Open the command buffer to communicate with the server ++ split Xcmdbuf ++ let cmdbufnr = bufnr() ++ call WaitFor('len(ReadXnetbeans()) > (g:last + 2)') ++ let l = ReadXnetbeans() ++ call assert_equal('0:fileOpened=0 "Xcmdbuf" T F', ++ \ substitute(l[-3], '".*/', '"', '')) ++ call assert_equal('send: 1:putBufferNumber!15 "Xcmdbuf"', ++ \ substitute(l[-2], '".*/', '"', '')) ++ call assert_equal('1:startDocumentListen!16', l[-1]) ++ let g:last += 3 ++ ++ " Keep the command buffer loaded for communication ++ hide ++ ++ sleep 1m ++ ++ " Open the command buffer to communicate with the server ++ split Xcmdbuf ++ let cmdbufnr = bufnr() ++ call appendbufline(cmdbufnr, '$', 'specialKeys_overflow_Test') ++ call WaitFor('len(ReadXnetbeans()) >= (g:last + 6)') ++ call WaitForAssert({-> assert_match('send: 0:specialKeys!200 "A\{80}-X"', ++ \ ReadXnetbeans()[-1])}) ++ ++ " Verify that specialKeys test, still works after the previous junk ++ call appendbufline(cmdbufnr, '$', 'specialKeys_Test') ++ call WaitFor('len(ReadXnetbeans()) >= (g:last + 1)') ++ call WaitForAssert({-> assert_match('^send: 0:specialKeys!91 "F12 F13 C-F13"$', ++ \ ReadXnetbeans()[-1])}) ++ let g:last += 1 ++ ++ sleep 10m ++endfunc ++ + " This test used to reference a buffer after it was freed leading to an ASAN + " error. + func Test_nb_bwipe_buffer() +@@ -967,4 +1019,9 @@ func Test_nb_bwipe_buffer() + nbclose + endfunc + ++" Verify that the specialKeys argument does not overflow ++func Test_nb_specialKeys_overflow() ++ call s:run_server('Nb_specialKeys_overflow') ++endfunc ++ + " vim: shiftwidth=2 sts=2 expandtab +-- +2.43.7 + diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 044117a57ff..792a46faf75 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -17,6 +17,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https;tag=v${PV} file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ file://CVE-2026-25749.patch \ + file://CVE-2026-26269.patch \ " PV .= ".1683"