From patchwork Tue May 13 09:03:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vijay Anusuri X-Patchwork-Id: 62844 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B5C7C3ABC3 for ; Tue, 13 May 2025 09:03:51 +0000 (UTC) Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) by mx.groups.io with SMTP id smtpd.web10.71659.1747127030478181959 for ; Tue, 13 May 2025 02:03:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@mvista.com header.s=google header.b=E7na/J9j; spf=pass (domain: mvista.com, ip: 209.85.215.175, mailfrom: vanusuri@mvista.com) Received: by mail-pg1-f175.google.com with SMTP id 41be03b00d2f7-b268e4bfd0dso3084139a12.2 for ; Tue, 13 May 2025 02:03:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista.com; s=google; t=1747127029; x=1747731829; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=r4v/ZMSWX6rrF2AuHq5LQW2550m6i3Y63nk/dwv7R6k=; b=E7na/J9jCQqOdrPmTv53WIgd21H46fk9sG0U+mRslbQrfmBm3qKsLQs/xpphEvKrRd LvTFGlRLGWFiU/I90zYmJ58DZEtAXgBlEWaiWWgvDR5I8qLmv8ndofw9nTm2kslefi/Y 5CxlZIYE0IKGmsSblNULE1sBae6s7w5wIC5nI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747127029; x=1747731829; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=r4v/ZMSWX6rrF2AuHq5LQW2550m6i3Y63nk/dwv7R6k=; b=FB56rmdOFCs0mp2LCBM+23KjAAZMgL4XBnt9x0ycb3H9h4vR50BptCULC3b9yaJCn5 wBIH0PWzRqumjr1LGLqq+RIkjiiOm+oPTvdhJImxOag6mSOVul7GqYmhQTbmAnJTajD0 jmtfN/utCNrXTA/dfCWMACl8K0M75hjKn7RnZLOQVuxOCrJAOT9e4/WOIh+5O4ZvTMap /NGfgeYbmx24RsrQHfIeNucVwWRqngtPSEDnOSqStbg/8p7/dzXe0JW+gz360JlOGG/4 cYMmbGkFqpHKirOnWhRTQfGsb8TbvIRLj8vq9/j0okw9prOHE2BKGZusOd88Lq6pL+AI KL8w== X-Gm-Message-State: AOJu0Yw4itt+9R5UG4UsNU/bJH3X1tJDOgM9Pinalv/5/LG2UuSbqoks k0tsO75Sey9zB/Ild5tbiaSlBhlcY5Cob9ZpFcJat+6qZUhaY1gHr9eqvOLloxgYjoV0aBmk4mG 71h0= X-Gm-Gg: ASbGncs317X/4WtHDfWqALqBHgWdVUqDOqhIWs6dA46EOwuV3Axe9qWsDn6NTreM2FT GFToUPC0r6tOHIJ9Nu+6nrJIwG3MAhiu8KVzt1Y4cybh4Ju8DxDbV2xwveB10L6bMcbn1jB0SG9 TEyaz1iTSVR98qVyHCz/UT9qhB14Dx8iwMlqCL8RbIHgyM7jUPWlDi4amiR37Q5oPV/adLUPrLQ 4SDfH8bgE+X63b8M7ZCdTgrfP9jWev816MdpV8DlEbTS71TPAeahv1tDvPCjm2dry2elANX0v3b TXZ4QFm+DsAEXK2sOzSZ4SuMgWZGJXAZV/dqCMmBOsKDVHzLd8NVWBrs3uaj6Oo= X-Google-Smtp-Source: AGHT+IHqbGCVqXmJ2zIioAJ5DGurBpEOSF7gLGNDQYcNLXh3qILcQwO3xtN5/WYBv28lX/bCxWc5sQ== X-Received: by 2002:a17:902:ce8d:b0:223:5a6e:b16 with SMTP id d9443c01a7336-22fc8b3d56emr277697895ad.5.1747127028699; Tue, 13 May 2025 02:03:48 -0700 (PDT) Received: from localhost.localdomain ([49.207.220.49]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22fc829f388sm76574885ad.214.2025.05.13.02.03.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 May 2025 02:03:48 -0700 (PDT) From: vanusuri@mvista.com To: openembedded-core@lists.openembedded.org Cc: Vijay Anusuri Subject: [OE-core][kirkstone][PATCH 1/3] libsoup-2.4: Update fix CVE-2024-52532 Date: Tue, 13 May 2025 14:33:38 +0530 Message-Id: <20250513090340.2209255-1-vanusuri@mvista.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 May 2025 09:03:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/216403 From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/4c9e75c6676a37b6485620c332e568e1a3f530ff Signed-off-by: Vijay Anusuri --- .../libsoup-2.4/CVE-2024-52532-3.patch | 46 +++++++++++++++++++ .../libsoup/libsoup-2.4_2.74.2.bb | 1 + 2 files changed, 47 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-3.patch diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-3.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-3.patch new file mode 100644 index 0000000000..edcca86e8c --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-3.patch @@ -0,0 +1,46 @@ +From 4c9e75c6676a37b6485620c332e568e1a3f530ff Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Wed, 13 Nov 2024 14:14:23 +0000 +Subject: [PATCH] websocket-test: Disconnect error signal in another place + +This is the same change as commit 29b96fab "websocket-test: disconnect +error copy after the test ends", and is done for the same reason, but +replicating it into a different function. + +Fixes: 6adc0e3e "websocket: process the frame as soon as we read data" +Resolves: https://gitlab.gnome.org/GNOME/libsoup/-/issues/399 +Signed-off-by: Simon McVittie + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/4c9e75c6676a37b6485620c332e568e1a3f530ff] +CVE: CVE-2024-52532 +Signed-off-by: Vijay Anusuri +--- + tests/websocket-test.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tests/websocket-test.c b/tests/websocket-test.c +index 6a48c1f9..723f2857 100644 +--- a/tests/websocket-test.c ++++ b/tests/websocket-test.c +@@ -1508,8 +1508,9 @@ test_receive_invalid_encode_length_16 (Test *test, + GError *error = NULL; + InvalidEncodeLengthTest context = { test, NULL }; + guint i; ++ guint error_id; + +- g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error); ++ error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error); + g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received); + + /* We use 126(~) as payload length with 125 extended length */ +@@ -1522,6 +1523,7 @@ test_receive_invalid_encode_length_16 (Test *test, + WAIT_UNTIL (error != NULL || received != NULL); + g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR); + g_clear_error (&error); ++ g_signal_handler_disconnect (test->client, error_id); + g_assert_null (received); + + g_thread_join (thread); +-- +GitLab + diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb index 88d08ad0ec..b299fcf6de 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb @@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2024-52530.patch \ file://CVE-2024-52532-1.patch \ file://CVE-2024-52532-2.patch \ + file://CVE-2024-52532-3.patch \ file://CVE-2024-52531-1.patch \ file://CVE-2024-52531-2.patch \ " From patchwork Tue May 13 09:03:39 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vijay Anusuri X-Patchwork-Id: 62846 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22A43C3ABC3 for ; Tue, 13 May 2025 09:04:01 +0000 (UTC) Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com [209.85.215.174]) by mx.groups.io with SMTP id smtpd.web11.72063.1747127033922202535 for ; Tue, 13 May 2025 02:03:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@mvista.com header.s=google header.b=GB4Y7AlS; spf=pass (domain: mvista.com, ip: 209.85.215.174, mailfrom: vanusuri@mvista.com) Received: by mail-pg1-f174.google.com with SMTP id 41be03b00d2f7-ae727e87c26so3669106a12.0 for ; Tue, 13 May 2025 02:03:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista.com; s=google; t=1747127033; x=1747731833; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rHapH8kc42fzlTniiO/LbURp0yAPINOy9rcFEj7w8TI=; b=GB4Y7AlSvjCI2PZonyUwdB24+R23W/i9s9mNLAZUF0tL8A28O+z8WDsx6NUo0uRtgj zKtTALChO4fb9JD0u0p2cCPYKNgAx/aT0GvElkZW77v1lr+YDAOtgmd2iOxutBjDP/Mn y+jR7TtsPT0coN6Eh9fSLMeyXXPK+cZVyxG98= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747127033; x=1747731833; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rHapH8kc42fzlTniiO/LbURp0yAPINOy9rcFEj7w8TI=; b=p4xUFRhMUk3EiNjX1TlfZ4Mq0xqIUS7gi+sUTg9yRK7oVGtJcZsmwPHlaLWcaSA2+M RqpGEGSx+qhPrzTbCaikZTCfFoVL/Sq5P3snq1Y78CO0gkx9TDtchD4v+vWE+Y8TmWeM rn/UKKAej1I0QZIXed8Yc5NK0LGJyRccm+MuxbVjKhxGal41J/ZEFV5XnvdkAlnPFNuA XwswDNNEHilrixjdLSlBQN8WYKmWzuoAJK+kdNzFaTN0GBLgcLorjvaCShX1ZchrOvyq WSIew6XLzEcc82iDiULIKrKfXynzEoC5/pKO9McWSlilTuXJwZlDDLidzYgpq+WO7wm6 t37g== X-Gm-Message-State: AOJu0YyhC6kaVopp9s+sV9xzpnx5cxzuwjgoX6P6NpEf50Z9ARPFbTOU t8ve3t7fpV73LpbJ4vRvvb6zFWzj920YVnAeXCkIKXkqa6VOy90hJPSQe2He2u1kGbUPz7C6oqD D9L4= X-Gm-Gg: ASbGncuK9BCI78QjuSeEd6LJTZ4wx6rz9esCN7+cJf+sgEZPWhTUSwvY9wY+Ctt61sr o/88kG0uL1H+pPGNLSXM8Ud5UTC/ZYKSY91i7rf73MhkHnjvwKB0jiQRvaFJaR7x5Lt/nQMbsOI KoXf+brsWVj14cXuq08Kmp00UZQ0eTc6FxwWKkOJDGTEsD43Gaf562eWU9TwS5zly++wfKvuKv0 i49rfZdmpeHf2SLFWCnSOlyz0BFheJInov8FGEHw7dQOx7Ye1IOtP6OOAo1vwAcwom0sFE05mHb 49t/ypEHvmOCMBreB8kbSP2tfiwbL0d5Bs4jdY2Qaii2zyXPSTnuf/T7bZLWb5Uaj8FF//OmZA= = X-Google-Smtp-Source: AGHT+IE6oMmb+hmpt6UBeuR9QoG6pzaucnMbjxzXA+TsKuW8KL1UmQylm5aqzdjOeiYU6eaU0D8mVw== X-Received: by 2002:a17:902:cf06:b0:223:517c:bfa1 with SMTP id d9443c01a7336-22fc9185e59mr270652305ad.38.1747127032813; Tue, 13 May 2025 02:03:52 -0700 (PDT) Received: from localhost.localdomain ([49.207.220.49]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22fc829f388sm76574885ad.214.2025.05.13.02.03.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 May 2025 02:03:52 -0700 (PDT) From: vanusuri@mvista.com To: openembedded-core@lists.openembedded.org Cc: Vijay Anusuri Subject: [OE-core][kirkstone][PATCH 2/3] libsoup-2.4: Fix CVE-2025-32906 Date: Tue, 13 May 2025 14:33:39 +0530 Message-Id: <20250513090340.2209255-2-vanusuri@mvista.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20250513090340.2209255-1-vanusuri@mvista.com> References: <20250513090340.2209255-1-vanusuri@mvista.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 May 2025 09:04:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/216404 From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/1f509f31b6f8420a3661c3f990424ab7b9164931 & https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f Signed-off-by: Vijay Anusuri --- .../libsoup-2.4/CVE-2025-32906-1.patch | 61 ++++++++++++++ .../libsoup-2.4/CVE-2025-32906-2.patch | 83 +++++++++++++++++++ .../libsoup/libsoup-2.4_2.74.2.bb | 2 + 3 files changed, 146 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-1.patch create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-2.patch diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-1.patch new file mode 100644 index 0000000000..916a41a71f --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-1.patch @@ -0,0 +1,61 @@ +From 1f509f31b6f8420a3661c3f990424ab7b9164931 Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Tue, 11 Feb 2025 14:36:26 -0600 +Subject: [PATCH] headers: Handle parsing edge case + +This version number is specifically crafted to pass sanity checks allowing it to go one byte out of bounds. + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/1f509f31b6f8420a3661c3f990424ab7b9164931] +CVE: CVE-2025-32906 #Dependency Patch +Signed-off-by: Vijay Anusuri +--- + libsoup/soup-headers.c | 2 +- + tests/header-parsing-test.c | 12 ++++++++++++ + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c +index 85385cea..9d6d00a3 100644 +--- a/libsoup/soup-headers.c ++++ b/libsoup/soup-headers.c +@@ -225,7 +225,7 @@ soup_headers_parse_request (const char *str, + !g_ascii_isdigit (version[5])) + return SOUP_STATUS_BAD_REQUEST; + major_version = strtoul (version + 5, &p, 10); +- if (*p != '.' || !g_ascii_isdigit (p[1])) ++ if (p + 1 >= str + len || *p != '.' || !g_ascii_isdigit (p[1])) + return SOUP_STATUS_BAD_REQUEST; + minor_version = strtoul (p + 1, &p, 10); + version_end = p; +diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c +index 07ea2866..10ddb684 100644 +--- a/tests/header-parsing-test.c ++++ b/tests/header-parsing-test.c +@@ -6,6 +6,10 @@ typedef struct { + const char *name, *value; + } Header; + ++static char unterminated_http_version[] = { ++ 'G','E','T',' ','/',' ','H','T','T','P','/','1', '0', '0', '.' ++}; ++ + static struct RequestTest { + const char *description; + const char *bugref; +@@ -383,6 +387,14 @@ static struct RequestTest { + { { NULL } } + }, + ++ /* This couldn't be a C string as going one byte over would have been safe. */ ++ { "Long HTTP version terminating at missing minor version", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/404", ++ unterminated_http_version, sizeof (unterminated_http_version), ++ SOUP_STATUS_BAD_REQUEST, ++ NULL, NULL, -1, ++ { { NULL } } ++ }, ++ + { "Non-HTTP request", NULL, + "GET / SOUP/1.1\r\nHost: example.com\r\n", -1, + SOUP_STATUS_BAD_REQUEST, +-- +GitLab + diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-2.patch new file mode 100644 index 0000000000..5baad15648 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-2.patch @@ -0,0 +1,83 @@ +From af5b9a4a3945c52b940d5ac181ef51bb12011f1f Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Wed, 12 Feb 2025 11:30:02 -0600 +Subject: [PATCH] headers: Handle parsing only newlines + +Closes #404 +Closes #407 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f] +CVE: CVE-2025-32906 +Signed-off-by: Vijay Anusuri +--- + libsoup/soup-headers.c | 4 ++-- + tests/header-parsing-test.c | 13 ++++++++++++- + 2 files changed, 14 insertions(+), 3 deletions(-) + +diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c +index 9d6d00a3..52ef2ece 100644 +--- a/libsoup/soup-headers.c ++++ b/libsoup/soup-headers.c +@@ -186,7 +186,7 @@ soup_headers_parse_request (const char *str, + /* RFC 2616 4.1 "servers SHOULD ignore any empty line(s) + * received where a Request-Line is expected." + */ +- while ((*str == '\r' || *str == '\n') && len > 0) { ++ while (len > 0 && (*str == '\r' || *str == '\n')) { + str++; + len--; + } +@@ -371,7 +371,7 @@ soup_headers_parse_response (const char *str, + * after a response, which we then see prepended to the next + * response on that connection. + */ +- while ((*str == '\r' || *str == '\n') && len > 0) { ++ while (len > 0 && (*str == '\r' || *str == '\n')) { + str++; + len--; + } +diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c +index 10ddb684..4faafbd6 100644 +--- a/tests/header-parsing-test.c ++++ b/tests/header-parsing-test.c +@@ -6,10 +6,15 @@ typedef struct { + const char *name, *value; + } Header; + ++/* These are not C strings to ensure going one byte over is not safe. */ + static char unterminated_http_version[] = { + 'G','E','T',' ','/',' ','H','T','T','P','/','1', '0', '0', '.' + }; + ++static char only_newlines[] = { ++ '\n', '\n', '\n', '\n' ++}; ++ + static struct RequestTest { + const char *description; + const char *bugref; +@@ -387,7 +392,6 @@ static struct RequestTest { + { { NULL } } + }, + +- /* This couldn't be a C string as going one byte over would have been safe. */ + { "Long HTTP version terminating at missing minor version", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/404", + unterminated_http_version, sizeof (unterminated_http_version), + SOUP_STATUS_BAD_REQUEST, +@@ -457,6 +461,13 @@ static struct RequestTest { + SOUP_STATUS_BAD_REQUEST, + NULL, NULL, -1, + { { NULL } } ++ }, ++ ++ { "Only newlines", NULL, ++ only_newlines, sizeof (only_newlines), ++ SOUP_STATUS_BAD_REQUEST, ++ NULL, NULL, -1, ++ { { NULL } } + } + }; + static const int num_reqtests = G_N_ELEMENTS (reqtests); +-- +GitLab + diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb index b299fcf6de..f409816fc2 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb @@ -19,6 +19,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2024-52532-3.patch \ file://CVE-2024-52531-1.patch \ file://CVE-2024-52531-2.patch \ + file://CVE-2025-32906-1.patch \ + file://CVE-2025-32906-2.patch \ " SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159" From patchwork Tue May 13 09:03:40 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vijay Anusuri X-Patchwork-Id: 62845 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 253CFC3ABC9 for ; Tue, 13 May 2025 09:04:01 +0000 (UTC) Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) by mx.groups.io with SMTP id smtpd.web10.71672.1747127039784535432 for ; Tue, 13 May 2025 02:03:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@mvista.com header.s=google header.b=QHBq/vf8; spf=pass (domain: mvista.com, ip: 209.85.215.182, mailfrom: vanusuri@mvista.com) Received: by mail-pg1-f182.google.com with SMTP id 41be03b00d2f7-b1396171fb1so3566199a12.2 for ; Tue, 13 May 2025 02:03:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista.com; s=google; t=1747127038; x=1747731838; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QRetbm5um+AXKYFHSA10Fqy/el5klRJT8IwRKaYvTqs=; b=QHBq/vf8ev0qotKAqcM6JD2ydcNTfcoM2N2ZSltenf+SVTJYM/YMVBmFSeIwDXR107 dacOAyHKcMtuIsEtI01KZYqh/c0+/mfkIBZA+RopBYvh8yHfdjYvG0w5kn/Vg26ATXpM HbfP/7JjgtIkRS39IHyui8etdOzzoxJldP2DA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747127038; x=1747731838; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QRetbm5um+AXKYFHSA10Fqy/el5klRJT8IwRKaYvTqs=; b=A6LkAm7OEGaaQMBeVnE0vooARDRxEP+QeNRjhc87cNxXNKQHTOJ7oBeIORH4qMqLfx u+iOBRFvzt3Z7fV8OdnizKfunJEy6BWNwldG+7sQEAmIn6bpTytjjmZQOOW22QsZM46N IRINksvi5itc0mp+ReIDc5ykfOEHEG4o6WGOORq9DMPV3HXeh9lgefZsTfRQklqd5P3s svcftGbRvj/e9Q0+U9UTAkEX9n5zj2ta/QT93YkbUc3Vm6YGuXWSjUgXXdPfjiXT7CjU 0IPTSelPxojfqKqB1ueb4NYlGRjtLjPLWY67cnVe9d+scynoCMg2js0NDszfhSx7Duvq tLNw== X-Gm-Message-State: AOJu0YwBdaud5152GIGETbaNykd9eu34beLnUKyqykdLSTk3uSQW/s7T gStXGwvcPFhgr+tnr5YQQWYaGunJQlHhRrJ/6TbIkM0PhKc9iONYJ3lYhfW98SIinjXe4S6gcfh 5wpw= X-Gm-Gg: ASbGncsbQ/iuW8gnFn04YfStH09Is329gGRW8gv9bSjHK+Fr6r5ktNox6JqR9/DhZHV ASjTt0FZ2fAHl1CYg0KfU2VIqJgasXqP1K2Nwq2ZTrpB7wcfsBFUCP9VS23wGwLRmH174rCcbmz 5ls+MTAEMorGs+PjDcw6lbVilCSK502ThACyCnCrRqobaZ+B/QpwPYh+th5VSX5sehCqNz86Tov TVhxhW7lw45THtzKN9qvaRf+pXEMrOmu47jg5rI4MFIk2e9E99V2V3FsDdrditKfACMLQ9/WMAx swpCK7fSC0vL3xooQMT7jMz7nCdHa9HiBC5gtdLBiTQwqk8Jdt+BQ2G1urUNUPoCo7yGLf84AA= = X-Google-Smtp-Source: AGHT+IEOOQub5e2calpwSOK0dEOHOBHBGq+IFIZW7eS2qAtBNucH9rG6JBif8HeE7r0FIrdVDOS5nA== X-Received: by 2002:a17:902:c94b:b0:224:216e:3342 with SMTP id d9443c01a7336-22fc917e22emr258451045ad.43.1747127038237; Tue, 13 May 2025 02:03:58 -0700 (PDT) Received: from localhost.localdomain ([49.207.220.49]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22fc829f388sm76574885ad.214.2025.05.13.02.03.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 May 2025 02:03:57 -0700 (PDT) From: vanusuri@mvista.com To: openembedded-core@lists.openembedded.org Cc: Vijay Anusuri Subject: [OE-core][kirkstone][PATCH 3/3] libsoup-2.4: Fix CVE-2025-32909 Date: Tue, 13 May 2025 14:33:40 +0530 Message-Id: <20250513090340.2209255-3-vanusuri@mvista.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20250513090340.2209255-1-vanusuri@mvista.com> References: <20250513090340.2209255-1-vanusuri@mvista.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 13 May 2025 09:04:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/216405 From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm it/ba4c3a6f988beff59e45801ab36067293d24ce92 Signed-off-by: Vijay Anusuri --- .../libsoup/libsoup-2.4/CVE-2025-32909.patch | 36 +++++++++++++++++++ .../libsoup/libsoup-2.4_2.74.2.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch new file mode 100644 index 0000000000..046f20203f --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch @@ -0,0 +1,36 @@ +From ba4c3a6f988beff59e45801ab36067293d24ce92 Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Wed, 8 Jan 2025 16:30:17 -0600 +Subject: [PATCH] content-sniffer: Handle sniffing resource shorter than 4 + bytes + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/ba4c3a6f988beff59e45801ab36067293d24ce92] +CVE: CVE-2025-32909 +Signed-off-by: Vijay Anusuri +--- + libsoup/soup-content-sniffer.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c +index 967ec61..a1f23c2 100644 +--- a/libsoup/soup-content-sniffer.c ++++ b/libsoup/soup-content-sniffer.c +@@ -227,9 +227,14 @@ sniff_mp4 (SoupContentSniffer *sniffer, SoupBuffer *buffer) + { + const char *resource = (const char *)buffer->data; + guint resource_length = MIN (512, buffer->length); +- guint32 box_size = *((guint32*)resource); ++ guint32 box_size; + guint i; + ++ if (resource_length < sizeof (guint32)) ++ return FALSE; ++ ++ box_size = *((guint32*)resource); ++ + #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + box_size = ((box_size >> 24) | + ((box_size << 8) & 0x00FF0000) | +-- +2.25.1 + diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb index f409816fc2..00f7fea41a 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb @@ -21,6 +21,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2024-52531-2.patch \ file://CVE-2025-32906-1.patch \ file://CVE-2025-32906-2.patch \ + file://CVE-2025-32909.patch \ " SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159"