[kirkstone,00/20] *** libsoup/libsoup-2.4: fix CVEs ***

Message ID	20250613034352.175878-1-changqing.li@windriver.com
Headers	show Return-Path: <changqing.li@windriver.com> ip: 205.220.166.238, mailfrom: prvs=8259073970=changqing.li@windriver.com) From: <changqing.li@windriver.com> To: <openembedded-core@lists.openembedded.org> Subject: [kirkstone][PATCH 00/20] * libsoup/libsoup-2.4: fix CVEs * Date: Fri, 13 Jun 2025 11:43:32 +0800 Message-ID: <20250613034352.175878-1-changqing.li@windriver.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	* libsoup/libsoup-2.4: fix CVEs * \| expand [kirkstone,00/20] * libsoup/libsoup-2.4: fix CVEs * [kirkstone,01/20] libsoup-2.4: Fix CVE-2025-4969 [kirkstone,02/20] libsoup-2.4: fix CVE-2025-32907 [kirkstone,03/20] libsoup-2.4: fix CVE-2025-32053 [kirkstone,04/20] libsoup-2.4: fix CVE-2025-32052 [kirkstone,05/20] libsoup-2.4: fix CVE-2025-32050 [kirkstone,06/20] libsoup-2.4: fix CVE-2025-46421 [kirkstone,07/20] libsoup-2.4: fix CVE-2025-4948 [kirkstone,08/20] libsoup-2.4: fix CVE-2025-4476 [kirkstone,09/20] libsoup-2.4: fix CVE-2025-2784 [kirkstone,10/20] libsoup-2.4: fix do_compile failure [kirkstone,11/20] libsoup: patch CVE-2025-4476 [kirkstone,12/20] libsoup: Fix CVE-2025-4969 [kirkstone,13/20] libsoup: fix CVE-2025-32907 [kirkstone,14/20] libsoup: fix CVE-2025-32053 [kirkstone,15/20] libsoup: fix CVE-2025-32052 [kirkstone,16/20] libsoup: fix CVE-2025-32051 [kirkstone,17/20] libsoup: fix CVE-2025-32050 [kirkstone,18/20] libsoup: fix CVE-2025-46421 [kirkstone,19/20] libsoup: fix CVE-2025-4948 [kirkstone,20/20] libsoup: fix CVE-2025-2784

Message ID

20250613034352.175878-1-changqing.li@windriver.com

Headers

From: <changqing.li@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Subject: [kirkstone][PATCH 00/20] *** libsoup/libsoup-2.4: fix CVEs ***
Date: Fri, 13 Jun 2025 11:43:32 +0800
Message-ID: <20250613034352.175878-1-changqing.li@windriver.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Series

*** libsoup/libsoup-2.4: fix CVEs *** | expand

Message

Changqing Li June 13, 2025, 3:43 a.m. UTC

From: Changqing Li <changqing.li@windriver.com>

Backport several CVE fixes from branch scarthgap, cherry picked from
poky-contrib: stable/scarthgap-nut,  and do some changes accordingly.

Ashish Sharma (1):
  libsoup: patch CVE-2025-4476

Changqing Li (17):
  libsoup-2.4: fix CVE-2025-32907
  libsoup-2.4: fix CVE-2025-32053
  libsoup-2.4: fix CVE-2025-32052
  libsoup-2.4: fix CVE-2025-32050
  libsoup-2.4: fix CVE-2025-46421
  libsoup-2.4: fix CVE-2025-4948
  libsoup-2.4: fix CVE-2025-4476
  libsoup-2.4: fix CVE-2025-2784
  libsoup-2.4: fix do_compile failure
  libsoup: fix CVE-2025-32907
  libsoup: fix CVE-2025-32053
  libsoup: fix CVE-2025-32052
  libsoup: fix CVE-2025-32051
  libsoup: fix CVE-2025-32050
  libsoup: fix CVE-2025-46421
  libsoup: fix CVE-2025-4948
  libsoup: fix CVE-2025-2784

Hitendra Prajapati (2):
  libsoup-2.4: Fix CVE-2025-4969
  libsoup: Fix CVE-2025-4969

 .../libsoup/libsoup-2.4/CVE-2025-2784.patch   |  56 +++++
 .../libsoup/libsoup-2.4/CVE-2025-32050.patch  |  29 +++
 .../libsoup/libsoup-2.4/CVE-2025-32052.patch  |  32 +++
 .../libsoup/libsoup-2.4/CVE-2025-32053.patch  |  39 ++++
 .../libsoup/libsoup-2.4/CVE-2025-32907.patch  |  39 ++++
 .../libsoup-2.4/CVE-2025-32910-1.patch        |  79 +------
 .../libsoup-2.4/CVE-2025-32910-2.patch        |  60 +-----
 .../libsoup-2.4/CVE-2025-32912-1.patch        |  20 +-
 .../libsoup/libsoup-2.4/CVE-2025-4476.patch   |  38 ++++
 .../libsoup/libsoup-2.4/CVE-2025-46421.patch  |  47 ++++
 .../libsoup/libsoup-2.4/CVE-2025-4948.patch   |  38 ++++
 .../libsoup/libsoup-2.4/CVE-2025-4969.patch   |  76 +++++++
 .../libsoup/libsoup-2.4_2.74.2.bb             |   9 +
 .../libsoup/libsoup/CVE-2025-2784.patch       | 137 ++++++++++++
 .../libsoup/libsoup/CVE-2025-32050.patch      |  29 +++
 .../libsoup/libsoup/CVE-2025-32051-1.patch    |  29 +++
 .../libsoup/libsoup/CVE-2025-32051-2.patch    |  57 +++++
 .../libsoup/libsoup/CVE-2025-32052.patch      |  31 +++
 .../libsoup/libsoup/CVE-2025-32053.patch      |  40 ++++
 .../libsoup/libsoup/CVE-2025-32907-1.patch    | 200 ++++++++++++++++++
 .../libsoup/libsoup/CVE-2025-32907-2.patch    |  68 ++++++
 .../libsoup/libsoup/CVE-2025-4476.patch       |  38 ++++
 .../libsoup/libsoup/CVE-2025-46421.patch      | 139 ++++++++++++
 .../libsoup/libsoup/CVE-2025-4948.patch       |  97 +++++++++
 .../libsoup/libsoup/CVE-2025-4969.patch       |  76 +++++++
 meta/recipes-support/libsoup/libsoup_3.0.7.bb |  12 ++
 26 files changed, 1380 insertions(+), 135 deletions(-)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46421.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4948.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-2784.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32051-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32051-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-46421.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4948.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4969.patch

Comments

Steve Sakoman June 13, 2025, 4:23 p.m. UTC | #1

Hi Vijay and Changqing,

Seems you sent similar patch series at just about the same time!

There is a good deal of overlap, but each contains some that the other lacks.

Also, Changqing's has a conflict in "libsoup-2.4: fix do_compile
failure" with a patch currently in kirkstone: "libsoup-2.4: Backport
auth tests for CVE-2025-32910"

Could you please work together to decide which I should take and
submit a new series?

Thanks!

Steve

On Thu, Jun 12, 2025 at 8:43 PM Changqing Li via
lists.openembedded.org
<changqing.li=windriver.com@lists.openembedded.org> wrote:
>
> From: Changqing Li <changqing.li@windriver.com>
>
> Backport several CVE fixes from branch scarthgap, cherry picked from
> poky-contrib: stable/scarthgap-nut,  and do some changes accordingly.
>
> Ashish Sharma (1):
>   libsoup: patch CVE-2025-4476
>
> Changqing Li (17):
>   libsoup-2.4: fix CVE-2025-32907
>   libsoup-2.4: fix CVE-2025-32053
>   libsoup-2.4: fix CVE-2025-32052
>   libsoup-2.4: fix CVE-2025-32050
>   libsoup-2.4: fix CVE-2025-46421
>   libsoup-2.4: fix CVE-2025-4948
>   libsoup-2.4: fix CVE-2025-4476
>   libsoup-2.4: fix CVE-2025-2784
>   libsoup-2.4: fix do_compile failure
>   libsoup: fix CVE-2025-32907
>   libsoup: fix CVE-2025-32053
>   libsoup: fix CVE-2025-32052
>   libsoup: fix CVE-2025-32051
>   libsoup: fix CVE-2025-32050
>   libsoup: fix CVE-2025-46421
>   libsoup: fix CVE-2025-4948
>   libsoup: fix CVE-2025-2784
>
> Hitendra Prajapati (2):
>   libsoup-2.4: Fix CVE-2025-4969
>   libsoup: Fix CVE-2025-4969
>
>  .../libsoup/libsoup-2.4/CVE-2025-2784.patch   |  56 +++++
>  .../libsoup/libsoup-2.4/CVE-2025-32050.patch  |  29 +++
>  .../libsoup/libsoup-2.4/CVE-2025-32052.patch  |  32 +++
>  .../libsoup/libsoup-2.4/CVE-2025-32053.patch  |  39 ++++
>  .../libsoup/libsoup-2.4/CVE-2025-32907.patch  |  39 ++++
>  .../libsoup-2.4/CVE-2025-32910-1.patch        |  79 +------
>  .../libsoup-2.4/CVE-2025-32910-2.patch        |  60 +-----
>  .../libsoup-2.4/CVE-2025-32912-1.patch        |  20 +-
>  .../libsoup/libsoup-2.4/CVE-2025-4476.patch   |  38 ++++
>  .../libsoup/libsoup-2.4/CVE-2025-46421.patch  |  47 ++++
>  .../libsoup/libsoup-2.4/CVE-2025-4948.patch   |  38 ++++
>  .../libsoup/libsoup-2.4/CVE-2025-4969.patch   |  76 +++++++
>  .../libsoup/libsoup-2.4_2.74.2.bb             |   9 +
>  .../libsoup/libsoup/CVE-2025-2784.patch       | 137 ++++++++++++
>  .../libsoup/libsoup/CVE-2025-32050.patch      |  29 +++
>  .../libsoup/libsoup/CVE-2025-32051-1.patch    |  29 +++
>  .../libsoup/libsoup/CVE-2025-32051-2.patch    |  57 +++++
>  .../libsoup/libsoup/CVE-2025-32052.patch      |  31 +++
>  .../libsoup/libsoup/CVE-2025-32053.patch      |  40 ++++
>  .../libsoup/libsoup/CVE-2025-32907-1.patch    | 200 ++++++++++++++++++
>  .../libsoup/libsoup/CVE-2025-32907-2.patch    |  68 ++++++
>  .../libsoup/libsoup/CVE-2025-4476.patch       |  38 ++++
>  .../libsoup/libsoup/CVE-2025-46421.patch      | 139 ++++++++++++
>  .../libsoup/libsoup/CVE-2025-4948.patch       |  97 +++++++++
>  .../libsoup/libsoup/CVE-2025-4969.patch       |  76 +++++++
>  meta/recipes-support/libsoup/libsoup_3.0.7.bb |  12 ++
>  26 files changed, 1380 insertions(+), 135 deletions(-)
>  create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46421.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4948.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-2784.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32051-1.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32051-2.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-1.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-46421.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4948.patch
>  create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4969.patch
>
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#218553): https://lists.openembedded.org/g/openembedded-core/message/218553
> Mute This Topic: https://lists.openembedded.org/mt/113619132/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>