diff mbox series

[kirkstone] libsoup-2.4: fix CVE-2025-32049

Message ID 20260218064234.34789-1-hprajapati@mvista.com
State New
Headers show
Series [kirkstone] libsoup-2.4: fix CVE-2025-32049 | expand

Commit Message

Hitendra Prajapati Feb. 18, 2026, 6:42 a.m. UTC 
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/448
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408 (simplified)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-32049.patch  | 36 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.2.bb             |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049.patch
diff mbox series

Patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049.patch
new file mode 100644
index 0000000000..465f8ed3fb
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32049.patch
@@ -0,0 +1,36 @@ 
+From 6ec7c5be50b48d6ce0a09aa3468f2c5725406a97 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Wed, 21 May 2025 10:42:51 -0500
+Subject: [PATCH] Add size limit for total message size
+
+This size limit could break applications, but it will close the denial
+of service issue.
+
+Reference : https://access.redhat.com/errata/RHSA-2025:8132
+
+CVE: CVE-2025-32049
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/6ec7c5be50b48d6ce0a09aa3468f2c5725406a9]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libsoup/soup-websocket-connection.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
+index 9d5f4f8..9493fdf 100644
+--- a/libsoup/soup-websocket-connection.c
++++ b/libsoup/soup-websocket-connection.c
+@@ -913,6 +913,11 @@ process_contents (SoupWebsocketConnection *self,
+ 		switch (pv->message_opcode) {
+ 		case 0x01:
+ 		case 0x02:
++			/* Safety valve */
++			if (pv->message_data->len + payload_len > pv->max_incoming_payload_size) {
++				too_big_error_and_close (self, (pv->message_data->len + payload_len));
++				return;
++			}
+ 			g_byte_array_append (pv->message_data, payload, payload_len);
+ 			break;
+ 		default:
+-- 
+2.50.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
index 0cc90a17cc..bd3960e2f7 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
@@ -43,6 +43,7 @@  SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-4948.patch \
            file://CVE-2025-4476.patch \
            file://CVE-2025-4945.patch \
+           file://CVE-2025-32049.patch \
           "
 SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159"