| Message ID | 20250613034352.175878-1-changqing.li@windriver.com |
|---|---|
| Headers | show |
| Series | *** libsoup/libsoup-2.4: fix CVEs *** | expand |
Hi Vijay and Changqing, Seems you sent similar patch series at just about the same time! There is a good deal of overlap, but each contains some that the other lacks. Also, Changqing's has a conflict in "libsoup-2.4: fix do_compile failure" with a patch currently in kirkstone: "libsoup-2.4: Backport auth tests for CVE-2025-32910" Could you please work together to decide which I should take and submit a new series? Thanks! Steve On Thu, Jun 12, 2025 at 8:43 PM Changqing Li via lists.openembedded.org <changqing.li=windriver.com@lists.openembedded.org> wrote: > > From: Changqing Li <changqing.li@windriver.com> > > Backport several CVE fixes from branch scarthgap, cherry picked from > poky-contrib: stable/scarthgap-nut, and do some changes accordingly. > > Ashish Sharma (1): > libsoup: patch CVE-2025-4476 > > Changqing Li (17): > libsoup-2.4: fix CVE-2025-32907 > libsoup-2.4: fix CVE-2025-32053 > libsoup-2.4: fix CVE-2025-32052 > libsoup-2.4: fix CVE-2025-32050 > libsoup-2.4: fix CVE-2025-46421 > libsoup-2.4: fix CVE-2025-4948 > libsoup-2.4: fix CVE-2025-4476 > libsoup-2.4: fix CVE-2025-2784 > libsoup-2.4: fix do_compile failure > libsoup: fix CVE-2025-32907 > libsoup: fix CVE-2025-32053 > libsoup: fix CVE-2025-32052 > libsoup: fix CVE-2025-32051 > libsoup: fix CVE-2025-32050 > libsoup: fix CVE-2025-46421 > libsoup: fix CVE-2025-4948 > libsoup: fix CVE-2025-2784 > > Hitendra Prajapati (2): > libsoup-2.4: Fix CVE-2025-4969 > libsoup: Fix CVE-2025-4969 > > .../libsoup/libsoup-2.4/CVE-2025-2784.patch | 56 +++++ > .../libsoup/libsoup-2.4/CVE-2025-32050.patch | 29 +++ > .../libsoup/libsoup-2.4/CVE-2025-32052.patch | 32 +++ > .../libsoup/libsoup-2.4/CVE-2025-32053.patch | 39 ++++ > .../libsoup/libsoup-2.4/CVE-2025-32907.patch | 39 ++++ > .../libsoup-2.4/CVE-2025-32910-1.patch | 79 +------ > .../libsoup-2.4/CVE-2025-32910-2.patch | 60 +----- > .../libsoup-2.4/CVE-2025-32912-1.patch | 20 +- > .../libsoup/libsoup-2.4/CVE-2025-4476.patch | 38 ++++ > .../libsoup/libsoup-2.4/CVE-2025-46421.patch | 47 ++++ > .../libsoup/libsoup-2.4/CVE-2025-4948.patch | 38 ++++ > .../libsoup/libsoup-2.4/CVE-2025-4969.patch | 76 +++++++ > .../libsoup/libsoup-2.4_2.74.2.bb | 9 + > .../libsoup/libsoup/CVE-2025-2784.patch | 137 ++++++++++++ > .../libsoup/libsoup/CVE-2025-32050.patch | 29 +++ > .../libsoup/libsoup/CVE-2025-32051-1.patch | 29 +++ > .../libsoup/libsoup/CVE-2025-32051-2.patch | 57 +++++ > .../libsoup/libsoup/CVE-2025-32052.patch | 31 +++ > .../libsoup/libsoup/CVE-2025-32053.patch | 40 ++++ > .../libsoup/libsoup/CVE-2025-32907-1.patch | 200 ++++++++++++++++++ > .../libsoup/libsoup/CVE-2025-32907-2.patch | 68 ++++++ > .../libsoup/libsoup/CVE-2025-4476.patch | 38 ++++ > .../libsoup/libsoup/CVE-2025-46421.patch | 139 ++++++++++++ > .../libsoup/libsoup/CVE-2025-4948.patch | 97 +++++++++ > .../libsoup/libsoup/CVE-2025-4969.patch | 76 +++++++ > meta/recipes-support/libsoup/libsoup_3.0.7.bb | 12 ++ > 26 files changed, 1380 insertions(+), 135 deletions(-) > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46421.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4948.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-2784.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32051-1.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32051-2.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-1.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-46421.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4948.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4969.patch > > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#218553): https://lists.openembedded.org/g/openembedded-core/message/218553 > Mute This Topic: https://lists.openembedded.org/mt/113619132/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On 6/14/25 00:23, Steve Sakoman wrote: > CAUTION: This email comes from a non Wind River email account! > Do not click links or open attachments unless you recognize the sender and know the content is safe. > > Hi Vijay and Changqing, > > Seems you sent similar patch series at just about the same time! > > There is a good deal of overlap, but each contains some that the other lacks. > > Also, Changqing's has a conflict in "libsoup-2.4: fix do_compile > failure" with a patch currently in kirkstone: "libsoup-2.4: Backport > auth tests for CVE-2025-32910" > > Could you please work together to decide which I should take and kirkstone-nut > submit a new series? > > Thanks! > > Steve Hi, Vijay and Steve How about take Vijay's series of patches first, after is is merged in branch kirkstone-nut , I can rework my patches bases on branch kirkstone-nut, send a V2 series with other needed patches. Regards Changqing > > On Thu, Jun 12, 2025 at 8:43 PM Changqing Li via > lists.openembedded.org > <changqing.li=windriver.com@lists.openembedded.org> wrote: >> From: Changqing Li<changqing.li@windriver.com> >> >> Backport several CVE fixes from branch scarthgap, cherry picked from >> poky-contrib: stable/scarthgap-nut, and do some changes accordingly. >> >> Ashish Sharma (1): >> libsoup: patch CVE-2025-4476 >> >> Changqing Li (17): >> libsoup-2.4: fix CVE-2025-32907 >> libsoup-2.4: fix CVE-2025-32053 >> libsoup-2.4: fix CVE-2025-32052 >> libsoup-2.4: fix CVE-2025-32050 >> libsoup-2.4: fix CVE-2025-46421 >> libsoup-2.4: fix CVE-2025-4948 >> libsoup-2.4: fix CVE-2025-4476 >> libsoup-2.4: fix CVE-2025-2784 >> libsoup-2.4: fix do_compile failure >> libsoup: fix CVE-2025-32907 >> libsoup: fix CVE-2025-32053 >> libsoup: fix CVE-2025-32052 >> libsoup: fix CVE-2025-32051 >> libsoup: fix CVE-2025-32050 >> libsoup: fix CVE-2025-46421 >> libsoup: fix CVE-2025-4948 >> libsoup: fix CVE-2025-2784 >> >> Hitendra Prajapati (2): >> libsoup-2.4: Fix CVE-2025-4969 >> libsoup: Fix CVE-2025-4969 >> >> .../libsoup/libsoup-2.4/CVE-2025-2784.patch | 56 +++++ >> .../libsoup/libsoup-2.4/CVE-2025-32050.patch | 29 +++ >> .../libsoup/libsoup-2.4/CVE-2025-32052.patch | 32 +++ >> .../libsoup/libsoup-2.4/CVE-2025-32053.patch | 39 ++++ >> .../libsoup/libsoup-2.4/CVE-2025-32907.patch | 39 ++++ >> .../libsoup-2.4/CVE-2025-32910-1.patch | 79 +------ >> .../libsoup-2.4/CVE-2025-32910-2.patch | 60 +----- >> .../libsoup-2.4/CVE-2025-32912-1.patch | 20 +- >> .../libsoup/libsoup-2.4/CVE-2025-4476.patch | 38 ++++ >> .../libsoup/libsoup-2.4/CVE-2025-46421.patch | 47 ++++ >> .../libsoup/libsoup-2.4/CVE-2025-4948.patch | 38 ++++ >> .../libsoup/libsoup-2.4/CVE-2025-4969.patch | 76 +++++++ >> .../libsoup/libsoup-2.4_2.74.2.bb | 9 + >> .../libsoup/libsoup/CVE-2025-2784.patch | 137 ++++++++++++ >> .../libsoup/libsoup/CVE-2025-32050.patch | 29 +++ >> .../libsoup/libsoup/CVE-2025-32051-1.patch | 29 +++ >> .../libsoup/libsoup/CVE-2025-32051-2.patch | 57 +++++ >> .../libsoup/libsoup/CVE-2025-32052.patch | 31 +++ >> .../libsoup/libsoup/CVE-2025-32053.patch | 40 ++++ >> .../libsoup/libsoup/CVE-2025-32907-1.patch | 200 ++++++++++++++++++ >> .../libsoup/libsoup/CVE-2025-32907-2.patch | 68 ++++++ >> .../libsoup/libsoup/CVE-2025-4476.patch | 38 ++++ >> .../libsoup/libsoup/CVE-2025-46421.patch | 139 ++++++++++++ >> .../libsoup/libsoup/CVE-2025-4948.patch | 97 +++++++++ >> .../libsoup/libsoup/CVE-2025-4969.patch | 76 +++++++ >> meta/recipes-support/libsoup/libsoup_3.0.7.bb | 12 ++ >> 26 files changed, 1380 insertions(+), 135 deletions(-) >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46421.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4948.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-2784.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32051-1.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32051-2.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-1.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-46421.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4948.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4969.patch >> >> -- >> 2.34.1 >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#218553):https://lists.openembedded.org/g/openembedded-core/message/218553 >> Mute This Topic:https://lists.openembedded.org/mt/113619132/3620601 >> Group Owner:openembedded-core+owner@lists.openembedded.org >> Unsubscribe:https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] >> -=-=-=-=-=-=-=-=-=-=-=- >>
Hi Changqing, I'm ok with your idea. Steve, Can you take my series of patches? Once those patches get merged, Changqing will send another series with other required patches. Thanks & Regards, Vijay On Mon, Jun 16, 2025 at 5:49 AM Changqing Li <changqing.li@windriver.com> wrote: > > On 6/14/25 00:23, Steve Sakoman wrote: > > CAUTION: This email comes from a non Wind River email account! > Do not click links or open attachments unless you recognize the sender and know the content is safe. > > Hi Vijay and Changqing, > > Seems you sent similar patch series at just about the same time! > > There is a good deal of overlap, but each contains some that the other lacks. > > Also, Changqing's has a conflict in "libsoup-2.4: fix do_compile > failure" with a patch currently in kirkstone: "libsoup-2.4: Backport > auth tests for CVE-2025-32910" > > Could you please work together to decide which I should take and kirkstone-nut > submit a new series? > > Thanks! > > Steve > > Hi, Vijay and Steve > > How about take Vijay's series of patches first, after is is merged in > branch kirkstone-nut > > , I can rework my patches bases on branch kirkstone-nut, send a V2 series > with other needed patches. > > Regards > > Changqing > > On Thu, Jun 12, 2025 at 8:43 PM Changqing Li vialists.openembedded.org<changqing.li=windriver.com@lists.openembedded.org> <changqing.li=windriver.com@lists.openembedded.org> wrote: > > From: Changqing Li <changqing.li@windriver.com> <changqing.li@windriver.com> > > Backport several CVE fixes from branch scarthgap, cherry picked from > poky-contrib: stable/scarthgap-nut, and do some changes accordingly. > > Ashish Sharma (1): > libsoup: patch CVE-2025-4476 > > Changqing Li (17): > libsoup-2.4: fix CVE-2025-32907 > libsoup-2.4: fix CVE-2025-32053 > libsoup-2.4: fix CVE-2025-32052 > libsoup-2.4: fix CVE-2025-32050 > libsoup-2.4: fix CVE-2025-46421 > libsoup-2.4: fix CVE-2025-4948 > libsoup-2.4: fix CVE-2025-4476 > libsoup-2.4: fix CVE-2025-2784 > libsoup-2.4: fix do_compile failure > libsoup: fix CVE-2025-32907 > libsoup: fix CVE-2025-32053 > libsoup: fix CVE-2025-32052 > libsoup: fix CVE-2025-32051 > libsoup: fix CVE-2025-32050 > libsoup: fix CVE-2025-46421 > libsoup: fix CVE-2025-4948 > libsoup: fix CVE-2025-2784 > > Hitendra Prajapati (2): > libsoup-2.4: Fix CVE-2025-4969 > libsoup: Fix CVE-2025-4969 > > .../libsoup/libsoup-2.4/CVE-2025-2784.patch | 56 +++++ > .../libsoup/libsoup-2.4/CVE-2025-32050.patch | 29 +++ > .../libsoup/libsoup-2.4/CVE-2025-32052.patch | 32 +++ > .../libsoup/libsoup-2.4/CVE-2025-32053.patch | 39 ++++ > .../libsoup/libsoup-2.4/CVE-2025-32907.patch | 39 ++++ > .../libsoup-2.4/CVE-2025-32910-1.patch | 79 +------ > .../libsoup-2.4/CVE-2025-32910-2.patch | 60 +----- > .../libsoup-2.4/CVE-2025-32912-1.patch | 20 +- > .../libsoup/libsoup-2.4/CVE-2025-4476.patch | 38 ++++ > .../libsoup/libsoup-2.4/CVE-2025-46421.patch | 47 ++++ > .../libsoup/libsoup-2.4/CVE-2025-4948.patch | 38 ++++ > .../libsoup/libsoup-2.4/CVE-2025-4969.patch | 76 +++++++ > .../libsoup/libsoup-2.4_2.74.2.bb | 9 + > .../libsoup/libsoup/CVE-2025-2784.patch | 137 ++++++++++++ > .../libsoup/libsoup/CVE-2025-32050.patch | 29 +++ > .../libsoup/libsoup/CVE-2025-32051-1.patch | 29 +++ > .../libsoup/libsoup/CVE-2025-32051-2.patch | 57 +++++ > .../libsoup/libsoup/CVE-2025-32052.patch | 31 +++ > .../libsoup/libsoup/CVE-2025-32053.patch | 40 ++++ > .../libsoup/libsoup/CVE-2025-32907-1.patch | 200 ++++++++++++++++++ > .../libsoup/libsoup/CVE-2025-32907-2.patch | 68 ++++++ > .../libsoup/libsoup/CVE-2025-4476.patch | 38 ++++ > .../libsoup/libsoup/CVE-2025-46421.patch | 139 ++++++++++++ > .../libsoup/libsoup/CVE-2025-4948.patch | 97 +++++++++ > .../libsoup/libsoup/CVE-2025-4969.patch | 76 +++++++ > meta/recipes-support/libsoup/libsoup_3.0.7.bb | 12 ++ > 26 files changed, 1380 insertions(+), 135 deletions(-) > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46421.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4948.patch > create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-2784.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32051-1.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32051-2.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-1.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-46421.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4948.patch > create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4969.patch > > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#218553): https://lists.openembedded.org/g/openembedded-core/message/218553 > Mute This Topic: https://lists.openembedded.org/mt/113619132/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- > > >
On Sun, Jun 15, 2025 at 7:38 PM Vijay Anusuri <vanusuri@mvista.com> wrote: > > Hi Changqing, > > I'm ok with your idea. > > Steve, > > Can you take my series of patches? > Once those patches get merged, Changqing will send another series with other required patches. Sounds like a plan! I will do as you suggest. Steve > On Mon, Jun 16, 2025 at 5:49 AM Changqing Li <changqing.li@windriver.com> wrote: >> >> >> On 6/14/25 00:23, Steve Sakoman wrote: >> >> CAUTION: This email comes from a non Wind River email account! >> Do not click links or open attachments unless you recognize the sender and know the content is safe. >> >> Hi Vijay and Changqing, >> >> Seems you sent similar patch series at just about the same time! >> >> There is a good deal of overlap, but each contains some that the other lacks. >> >> Also, Changqing's has a conflict in "libsoup-2.4: fix do_compile >> failure" with a patch currently in kirkstone: "libsoup-2.4: Backport >> auth tests for CVE-2025-32910" >> >> Could you please work together to decide which I should take and kirkstone-nut >> submit a new series? >> >> Thanks! >> >> Steve >> >> Hi, Vijay and Steve >> >> How about take Vijay's series of patches first, after is is merged in branch kirkstone-nut >> >> , I can rework my patches bases on branch kirkstone-nut, send a V2 series with other needed patches. >> >> Regards >> >> Changqing >> >> On Thu, Jun 12, 2025 at 8:43 PM Changqing Li via >> lists.openembedded.org >> <changqing.li=windriver.com@lists.openembedded.org> wrote: >> >> From: Changqing Li <changqing.li@windriver.com> >> >> Backport several CVE fixes from branch scarthgap, cherry picked from >> poky-contrib: stable/scarthgap-nut, and do some changes accordingly. >> >> Ashish Sharma (1): >> libsoup: patch CVE-2025-4476 >> >> Changqing Li (17): >> libsoup-2.4: fix CVE-2025-32907 >> libsoup-2.4: fix CVE-2025-32053 >> libsoup-2.4: fix CVE-2025-32052 >> libsoup-2.4: fix CVE-2025-32050 >> libsoup-2.4: fix CVE-2025-46421 >> libsoup-2.4: fix CVE-2025-4948 >> libsoup-2.4: fix CVE-2025-4476 >> libsoup-2.4: fix CVE-2025-2784 >> libsoup-2.4: fix do_compile failure >> libsoup: fix CVE-2025-32907 >> libsoup: fix CVE-2025-32053 >> libsoup: fix CVE-2025-32052 >> libsoup: fix CVE-2025-32051 >> libsoup: fix CVE-2025-32050 >> libsoup: fix CVE-2025-46421 >> libsoup: fix CVE-2025-4948 >> libsoup: fix CVE-2025-2784 >> >> Hitendra Prajapati (2): >> libsoup-2.4: Fix CVE-2025-4969 >> libsoup: Fix CVE-2025-4969 >> >> .../libsoup/libsoup-2.4/CVE-2025-2784.patch | 56 +++++ >> .../libsoup/libsoup-2.4/CVE-2025-32050.patch | 29 +++ >> .../libsoup/libsoup-2.4/CVE-2025-32052.patch | 32 +++ >> .../libsoup/libsoup-2.4/CVE-2025-32053.patch | 39 ++++ >> .../libsoup/libsoup-2.4/CVE-2025-32907.patch | 39 ++++ >> .../libsoup-2.4/CVE-2025-32910-1.patch | 79 +------ >> .../libsoup-2.4/CVE-2025-32910-2.patch | 60 +----- >> .../libsoup-2.4/CVE-2025-32912-1.patch | 20 +- >> .../libsoup/libsoup-2.4/CVE-2025-4476.patch | 38 ++++ >> .../libsoup/libsoup-2.4/CVE-2025-46421.patch | 47 ++++ >> .../libsoup/libsoup-2.4/CVE-2025-4948.patch | 38 ++++ >> .../libsoup/libsoup-2.4/CVE-2025-4969.patch | 76 +++++++ >> .../libsoup/libsoup-2.4_2.74.2.bb | 9 + >> .../libsoup/libsoup/CVE-2025-2784.patch | 137 ++++++++++++ >> .../libsoup/libsoup/CVE-2025-32050.patch | 29 +++ >> .../libsoup/libsoup/CVE-2025-32051-1.patch | 29 +++ >> .../libsoup/libsoup/CVE-2025-32051-2.patch | 57 +++++ >> .../libsoup/libsoup/CVE-2025-32052.patch | 31 +++ >> .../libsoup/libsoup/CVE-2025-32053.patch | 40 ++++ >> .../libsoup/libsoup/CVE-2025-32907-1.patch | 200 ++++++++++++++++++ >> .../libsoup/libsoup/CVE-2025-32907-2.patch | 68 ++++++ >> .../libsoup/libsoup/CVE-2025-4476.patch | 38 ++++ >> .../libsoup/libsoup/CVE-2025-46421.patch | 139 ++++++++++++ >> .../libsoup/libsoup/CVE-2025-4948.patch | 97 +++++++++ >> .../libsoup/libsoup/CVE-2025-4969.patch | 76 +++++++ >> meta/recipes-support/libsoup/libsoup_3.0.7.bb | 12 ++ >> 26 files changed, 1380 insertions(+), 135 deletions(-) >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46421.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4948.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-2784.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32051-1.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32051-2.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-1.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-46421.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4948.patch >> create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4969.patch >> >> -- >> 2.34.1 >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#218553): https://lists.openembedded.org/g/openembedded-core/message/218553 >> Mute This Topic: https://lists.openembedded.org/mt/113619132/3620601 >> Group Owner: openembedded-core+owner@lists.openembedded.org >> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] >> -=-=-=-=-=-=-=-=-=-=-=- >>
From: Changqing Li <changqing.li@windriver.com> Backport several CVE fixes from branch scarthgap, cherry picked from poky-contrib: stable/scarthgap-nut, and do some changes accordingly. Ashish Sharma (1): libsoup: patch CVE-2025-4476 Changqing Li (17): libsoup-2.4: fix CVE-2025-32907 libsoup-2.4: fix CVE-2025-32053 libsoup-2.4: fix CVE-2025-32052 libsoup-2.4: fix CVE-2025-32050 libsoup-2.4: fix CVE-2025-46421 libsoup-2.4: fix CVE-2025-4948 libsoup-2.4: fix CVE-2025-4476 libsoup-2.4: fix CVE-2025-2784 libsoup-2.4: fix do_compile failure libsoup: fix CVE-2025-32907 libsoup: fix CVE-2025-32053 libsoup: fix CVE-2025-32052 libsoup: fix CVE-2025-32051 libsoup: fix CVE-2025-32050 libsoup: fix CVE-2025-46421 libsoup: fix CVE-2025-4948 libsoup: fix CVE-2025-2784 Hitendra Prajapati (2): libsoup-2.4: Fix CVE-2025-4969 libsoup: Fix CVE-2025-4969 .../libsoup/libsoup-2.4/CVE-2025-2784.patch | 56 +++++ .../libsoup/libsoup-2.4/CVE-2025-32050.patch | 29 +++ .../libsoup/libsoup-2.4/CVE-2025-32052.patch | 32 +++ .../libsoup/libsoup-2.4/CVE-2025-32053.patch | 39 ++++ .../libsoup/libsoup-2.4/CVE-2025-32907.patch | 39 ++++ .../libsoup-2.4/CVE-2025-32910-1.patch | 79 +------ .../libsoup-2.4/CVE-2025-32910-2.patch | 60 +----- .../libsoup-2.4/CVE-2025-32912-1.patch | 20 +- .../libsoup/libsoup-2.4/CVE-2025-4476.patch | 38 ++++ .../libsoup/libsoup-2.4/CVE-2025-46421.patch | 47 ++++ .../libsoup/libsoup-2.4/CVE-2025-4948.patch | 38 ++++ .../libsoup/libsoup-2.4/CVE-2025-4969.patch | 76 +++++++ .../libsoup/libsoup-2.4_2.74.2.bb | 9 + .../libsoup/libsoup/CVE-2025-2784.patch | 137 ++++++++++++ .../libsoup/libsoup/CVE-2025-32050.patch | 29 +++ .../libsoup/libsoup/CVE-2025-32051-1.patch | 29 +++ .../libsoup/libsoup/CVE-2025-32051-2.patch | 57 +++++ .../libsoup/libsoup/CVE-2025-32052.patch | 31 +++ .../libsoup/libsoup/CVE-2025-32053.patch | 40 ++++ .../libsoup/libsoup/CVE-2025-32907-1.patch | 200 ++++++++++++++++++ .../libsoup/libsoup/CVE-2025-32907-2.patch | 68 ++++++ .../libsoup/libsoup/CVE-2025-4476.patch | 38 ++++ .../libsoup/libsoup/CVE-2025-46421.patch | 139 ++++++++++++ .../libsoup/libsoup/CVE-2025-4948.patch | 97 +++++++++ .../libsoup/libsoup/CVE-2025-4969.patch | 76 +++++++ meta/recipes-support/libsoup/libsoup_3.0.7.bb | 12 ++ 26 files changed, 1380 insertions(+), 135 deletions(-) create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46421.patch create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4948.patch create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-2784.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32051-1.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32051-2.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-1.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-46421.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4948.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4969.patch