From patchwork Tue May 13 19:07:58 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62872
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 29BD8C3ABC3
	for <webhook@archiver.kernel.org>; Tue, 13 May 2025 19:08:24 +0000 (UTC)
Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com
 [209.85.215.171])
 by mx.groups.io with SMTP id smtpd.web10.84422.1747163302565404028
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:22 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=iN/MEeg1;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f171.google.com with SMTP id
 41be03b00d2f7-af5085f7861so4299802a12.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1747163302;
 x=1747768102; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Sjel1dInFbvGcwZBwofvUD6Wg2xkMqZd6YGO+CM0ab4=;
        b=iN/MEeg1PTAFHeLULoZmoo5GzS/P/PrCOlUxOiHgnalbSzraMdwYCMOVv0nI9xet91
         DBP1VHJFMJioM3yXmcxJqI2J19/CtzpyucyN/YCc7bW9SB8FIwVJtLoAAcV2rxm0uUA4
         S2zb8gBzSPnId/bmV4mrYLva5Jd4R8OlKgqc7lwZXJrrxXaH0CynDsNao3WvAvu7hgFC
         YGZmpQzAUdpCLaqM3H7YAJ2kzt2W9H+MP7MEbttA0r911RCtqlwdBsbVuwooNcLYUYy0
         TId6pyWQmM+c+7GNfLJ2zhOv4WskWeJ9HuetN0f7kQDcQi4ocXlUBerIizXlTrFjldEO
         JITA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747163302; x=1747768102;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Sjel1dInFbvGcwZBwofvUD6Wg2xkMqZd6YGO+CM0ab4=;
        b=wyKl8Lg52BsE6ZYheQ1T+QEQhzgabhoKKqTwlX/kJBENsZtShbKNrvQNV0Xl70Qm75
         l8icelDk/GLgvM516+TbmoCyWCUEcrQ/H5FcwFoTzz4JUoXS9GZGEWFj3lROKD/E8LFL
         NB+v9v/nDqqkJgE0V8JuEhg+pMvcyBFnwk/skEmSny5dXBhrbfBuud6htwtYmM2TJ0eL
         /0OpIs/PB24wmBaYIT1LL5oC/xDIm+irhoFj3gfDUXG1p3pRUQoQsFEEf9L30yLrHbML
         RSWkfRKd+kgTeMm4B8AiIZAIhGqNC+1S7Oc2wjdFZYCb+eNjgI9+QDBcUI/ftq9m8TNP
         zDgw==
X-Gm-Message-State: AOJu0YwFBad/qnvnJDakijyKEQL4ydkcIL+qkvJbL/0fRHROo7QdbSwj
	sRhJls2S6YdtSC771kpIO/bAQicCYUBOkpk/n+S7Nh5RDkdT9GrEa/ZtGC9a0PxOoAxoMn8Nw8u
	Q
X-Gm-Gg: ASbGncvwzLxRY/fFyFUIkHZyEk5wVV0Gzw7wglCctif4EPU3wFuYJCZwy/L/qOmd7WG
	aIkUX+zSmeECXZh5z0lFEr+tl/GOv0CIjbr8kCgwrN/sv0a2Qv3qezsGZdncPek4vFM2SdBv8uL
	07IAduP3xTw0AsF3GQX0EYBwFtXpGtZzZw1QBWKdNO2DppsUAFC0YngA+wjrn5CuqiJVoZGzFn2
	YmYFzczyRRF9JwV+ly5yrfmzcKkh21eb+cw7XLpSR/tX5SY0Pu1ey6yhTRvlvxMnwqX5C15m3ZH
	SjxdLhMzdIv6VMiqqG/H24JpgHtvpH7/95++t9Obb3c=
X-Google-Smtp-Source: 
 AGHT+IHMHqSzfgFjgSabj+O4ZDeqsaZbHCCvOQt66DV/euuKOSnTj0GeYzWNeWkw37eo1OOcDd8A5w==
X-Received: by 2002:a17:903:1790:b0:22e:7f20:52c6 with SMTP id
 d9443c01a7336-2319816c415mr9223845ad.23.1747163301801;
        Tue, 13 May 2025 12:08:21 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:37ec:faaf:5b57:6b2e])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22fc829d425sm84851005ad.202.2025.05.13.12.08.21
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 May 2025 12:08:21 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 01/15] perl: patch CVE-2024-56406
Date: Tue, 13 May 2025 12:07:58 -0700
Message-ID: 
 <8e3c821e9ce8f3a9667847a284bc5a6f4973ea13.1747163155.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1747163155.git.steve@sakoman.com>
References: <cover.1747163155.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 May 2025 19:08:24 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216434

From: Peter Marko <peter.marko@siemens.com>

Pick patch mentioned in NVD links for this CVE.
Tested by runniing ptest and CVE reproducer (before&after).
Ptest fails on test dist/threads/t/join, however the same test also
fails without this patch.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...4-56406-Heap-buffer-overflow-with-tr.patch | 30 +++++++++++++++++++
 meta/recipes-devtools/perl/perl_5.34.3.bb     |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 meta/recipes-devtools/perl/files/0001-CVE-2024-56406-Heap-buffer-overflow-with-tr.patch

diff --git a/meta/recipes-devtools/perl/files/0001-CVE-2024-56406-Heap-buffer-overflow-with-tr.patch b/meta/recipes-devtools/perl/files/0001-CVE-2024-56406-Heap-buffer-overflow-with-tr.patch
new file mode 100644
index 0000000000..377ef95f12
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/0001-CVE-2024-56406-Heap-buffer-overflow-with-tr.patch
@@ -0,0 +1,30 @@
+From 87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Wed, 18 Dec 2024 18:25:29 -0700
+Subject: [PATCH] CVE-2024-56406: Heap-buffer-overflow with tr//
+
+This was due to underallocating needed space.  If the translation forces
+something to become UTF-8 that is initially bytes, that UTF-8 could
+now require two bytes where previously a single one would do.
+
+(cherry picked from commit f93109c8a6950aafbd7488d98e112552033a3686)
+
+CVE: CVE-2024-56406
+Upstream-Status: Backport [https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ op.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/op.c b/op.c
+index 69ff030e88..298b292633 100644
+--- a/op.c
++++ b/op.c
+@@ -7515,6 +7515,7 @@ S_pmtrans(pTHX_ OP *o, OP *expr, OP *repl)
+                  * same time.  But otherwise one crosses before the other */
+                 if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) {
+                     can_force_utf8 = TRUE;
++                    max_expansion = MAX(2, max_expansion);
+                 }
+             }
+ 
diff --git a/meta/recipes-devtools/perl/perl_5.34.3.bb b/meta/recipes-devtools/perl/perl_5.34.3.bb
index ed3518b62d..f6ebbf2d16 100644
--- a/meta/recipes-devtools/perl/perl_5.34.3.bb
+++ b/meta/recipes-devtools/perl/perl_5.34.3.bb
@@ -21,6 +21,7 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
            file://CVE-2023-31484.patch \
            file://CVE-2023-31486-0001.patch \
            file://CVE-2023-31486-0002.patch \
+           file://0001-CVE-2024-56406-Heap-buffer-overflow-with-tr.patch \
            "
 SRC_URI:append:class-native = " \
            file://perl-configpm-switch.patch \

From patchwork Tue May 13 19:07:59 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62874
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 055E7C3ABC9
	for <webhook@archiver.kernel.org>; Tue, 13 May 2025 19:08:34 +0000 (UTC)
Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com
 [209.85.210.174])
 by mx.groups.io with SMTP id smtpd.web10.84424.1747163303978423712
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:24 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=2Hq0Ebmk;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f174.google.com with SMTP id
 d2e1a72fcca58-741b3e37a1eso4986654b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1747163303;
 x=1747768103; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=0Hu/5gVRMlCHVbajWI1pBs+NbMvSqUtFlEgTwcpq5yk=;
        b=2Hq0Ebmkn2VwAPubna1PnFWQQlY142oGaAlijXS1g/JS366yGOj2ESGA+GTFJptH4m
         uqq4TGeAZEIi6WZUmtOwdBIe7Q2tttqjCJFxfvIve1APL2kt5kbP7gpcGCji7GU2Gbxv
         HC87zn4+QZSgi/ANgExC5fLa4ZoNoCxNwtYXF/zuuasgOvCMvAw0pA0TQ4Nzh8Rb7SwA
         8GxAeDDJMSdBnRe7+MJifHwEVrbl1bQRA2fG2t2MH4+r+0Qx3ROnmzVNqEH1AfZvYD4g
         MHPvrIvOUEE6y3genV3z8juMiU5CC0uuAx3A8GODH6GA+5e7sy6yX3FMaeZNiLEM49Gr
         LlmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747163303; x=1747768103;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=0Hu/5gVRMlCHVbajWI1pBs+NbMvSqUtFlEgTwcpq5yk=;
        b=QkdEE/NfLwsBLmm15NwMGYUOOPKtWzRvZnkZPMg3rQDUZspqVliIdtKJdP+AiUV6UM
         3QDZpy8QKfJy7Q7HGevLh3kktk7NJlRaX0WTmWcuuu4QxM9c8o35QEO79OSqVYvwpNjK
         92RD5Zst4TqjbsrcMBDDHIPCeOFDZrWzlUy+IUYhfVbCBq+VZu6eRLLrkcgsqr2BZs65
         Na98Dy2TidJAwE88XVp1dPLxAnGWx1ls2Id2vxzCpiDR92xqDWKmqDS7OfvyLZQz0mT6
         BdycwoLAX1tigRi/IpyTMHCIQBHtGkIydqQHUDT8/lf1wJaBIWgVFLkV3OXYAliQBkOQ
         aoZw==
X-Gm-Message-State: AOJu0Yy3ATML70trqkd434IF1tcj+fkIU/XaBJ6bVbBmlETk+lKi/JC5
	nDDtW6GtLTIHitiMaQ9cn2bt7m+8VahZ9zCmG5aGWne4kHFITrEXu50HlSX4mDoZfu9KHXtZjXW
	U
X-Gm-Gg: ASbGnctd3iRg+j0VtcjH43AyPBhijyX1GZ8GiiDbFdQYdT/6VzpHY1Ahm22m80PZ5B8
	NcrzoOAKn/h+64S/+chdqY0dO/fk7F2abIxb7DR0sgVbGTyMTRh3kZGtNd0tDr5fAf/lJX713Jt
	arnc20qZdBO5pPF5er++OCCE9HKUxgfTtrtO6n3gKDSpKPP6fimmKfNwnIxcSyAKxriKv/Gj82E
	SXHG66qMGJAYehUNNtI7SWlLCgg9CQ7IryEuRMlCTT4xd7mpl1hQxf2fCZfiI0IN4F/eSlpZf8w
	QWoePe+V/hJCjedD8M2kwvaTnMtG49qJYw7Hw39HBO4=
X-Google-Smtp-Source: 
 AGHT+IH44s/DuyUsYmkQtJcfrH65fb0zcatodlf6qmEh8ZM0rEU2Ulf/poDkKsi8YnxRbPdIbuztKw==
X-Received: by 2002:a17:903:3ba3:b0:223:3396:15e8 with SMTP id
 d9443c01a7336-2319810114emr8428915ad.22.1747163303200;
        Tue, 13 May 2025 12:08:23 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:37ec:faaf:5b57:6b2e])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22fc829d425sm84851005ad.202.2025.05.13.12.08.22
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 May 2025 12:08:22 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 02/15] libsoup-2.4: Update fix CVE-2024-52532
Date: Tue, 13 May 2025 12:07:59 -0700
Message-ID: 
 <144d067ed5b98b8ca477a6a0e8c958c0b15e9643.1747163155.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1747163155.git.steve@sakoman.com>
References: <cover.1747163155.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 May 2025 19:08:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216435

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/4c9e75c6676a37b6485620c332e568e1a3f530ff

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup-2.4/CVE-2024-52532-3.patch        | 46 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.2.bb             |  1 +
 2 files changed, 47 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-3.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-3.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-3.patch
new file mode 100644
index 0000000000..edcca86e8c
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-3.patch
@@ -0,0 +1,46 @@
+From 4c9e75c6676a37b6485620c332e568e1a3f530ff Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Wed, 13 Nov 2024 14:14:23 +0000
+Subject: [PATCH] websocket-test: Disconnect error signal in another place
+
+This is the same change as commit 29b96fab "websocket-test: disconnect
+error copy after the test ends", and is done for the same reason, but
+replicating it into a different function.
+
+Fixes: 6adc0e3e "websocket: process the frame as soon as we read data"
+Resolves: https://gitlab.gnome.org/GNOME/libsoup/-/issues/399
+Signed-off-by: Simon McVittie <smcv@debian.org>
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/4c9e75c6676a37b6485620c332e568e1a3f530ff]
+CVE: CVE-2024-52532
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ tests/websocket-test.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tests/websocket-test.c b/tests/websocket-test.c
+index 6a48c1f9..723f2857 100644
+--- a/tests/websocket-test.c
++++ b/tests/websocket-test.c
+@@ -1508,8 +1508,9 @@ test_receive_invalid_encode_length_16 (Test *test,
+ 	GError *error = NULL;
+ 	InvalidEncodeLengthTest context = { test, NULL };
+ 	guint i;
++	guint error_id;
+ 
+-	g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
++	error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
+ 	g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received);
+ 
+ 	/* We use 126(~) as payload length with 125 extended length */
+@@ -1522,6 +1523,7 @@ test_receive_invalid_encode_length_16 (Test *test,
+ 	WAIT_UNTIL (error != NULL || received != NULL);
+ 	g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR);
+ 	g_clear_error (&error);
++        g_signal_handler_disconnect (test->client, error_id);
+ 	g_assert_null (received);
+ 
+ 	g_thread_join (thread);
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
index 88d08ad0ec..b299fcf6de 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
@@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2024-52530.patch \
            file://CVE-2024-52532-1.patch \
            file://CVE-2024-52532-2.patch \
+           file://CVE-2024-52532-3.patch \
            file://CVE-2024-52531-1.patch \
            file://CVE-2024-52531-2.patch \
           "

From patchwork Tue May 13 19:08:00 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62878
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 29F02C3ABD9
	for <webhook@archiver.kernel.org>; Tue, 13 May 2025 19:08:34 +0000 (UTC)
Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com
 [209.85.214.169])
 by mx.groups.io with SMTP id smtpd.web10.84426.1747163305585022731
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:25 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=LRKBcwg4;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.169,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f169.google.com with SMTP id
 d9443c01a7336-22e45088d6eso76377085ad.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1747163305;
 x=1747768105; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=oZo8fTPtqK6BvRVzAMME5LGVgdRv3TtfPIyv9iAEMaE=;
        b=LRKBcwg4hc1ZXsCCoXgLaY50pluokvgBWDSYvx+NNeM6yh4vlZcTsL6qgkLj+QtLGd
         s6mZ/eTz+fOvkH4HlNZw5UfOwBM6iXhg6AlNi3zFJvcWRfpQp8xxUl3uO84Lw0qjbFuf
         k/xUBCRF26LTUJ7M3vHudN0gspF5lDPcGw9lntQtHzOpTz89kHahZTBSqp3Xjj8ywPFf
         AwWBwuOBAH1GABIBT2Et14IfNJRqKjZjtp37vf+IQCeGxGptg8Xj6gxfqmYtplIjZDfV
         QcXtAtYqqB9rkCXJlBoiCPYK/zGIWC2scz1Wubj4z2N87xzjyHUl0IZ3CSTE1p9tJPPO
         qw2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747163305; x=1747768105;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=oZo8fTPtqK6BvRVzAMME5LGVgdRv3TtfPIyv9iAEMaE=;
        b=QE0OTS01nXoXgLW62zfHf9eca169yJ95N2+XjFZYW5kANDDlEkudoiuMLxgnlGPiiV
         OemYJlDznEdSN9x3M3JEu5HvbaTo1IyGHtjZxc13T5aotQLt1VlYK5+vTWkur27mMEw5
         r1pbUXjOnjv3btN+ruyR8zZqwGrRY015j+jrANU0XGATWa76auE5QFSY4eJiiZzZDCDN
         CQjNlq0SYMtbS6KbEcnZaWQwk9Lox2HzIH2GMkU+8T50SpoPNO5Pc3u04r5HmPpf6hV7
         rk5JtaJo4KFRp3yBUHM9orDc8NbfGjNs1z0g8I//9iX+WBAR9q8tDpjoOKBHDnDadYVC
         JJTA==
X-Gm-Message-State: AOJu0YxWGKBBCEM4AaQMDaDkL3PLafmbjckLV8wSC7amD1E1DHhagc9k
	jHv5pHu3j90i3HDedhoo2kv8dl0rfV2vIo7TwV0gyCfQFw3H064ods9PPBjeEXGSDJ9e9hnyPFD
	N
X-Gm-Gg: ASbGnctHcHBubgMsUv0hGx2cCPAWBFRyBOx99jAqAY9K4ty0F5b6rkijNbpDa29fdE/
	KXD4bp6a7h0GNVZ0Cfxwp9mVPsLDGtfbgXPg+R8XJoVaPKSOCQcJxccM8cxpkSrZBxrve8lIfoP
	Zq/8fO+HbHl6TevasSRivUMU+Z5yENY9zI3dHcn/H97EEMxPUwRLuf876CMjq2Vgm+kY8j+BWpm
	/I3RDTzuCU6aMqJg1xnhcH1VCl91vwLPilipT94aQmHQpvA9xlrC67YJUE5QNLol+m4vkGjdHic
	acU//X8dh21JNUsrbO9EPf9nY4mz7RCLcEV14mVr/8o=
X-Google-Smtp-Source: 
 AGHT+IHAfYUJ28aEudHzz05o4c1HPwXS1vKjMviXSiq2/BFU7V0bopAuXQ/S9qbGoU8oPUAfL3A7Sg==
X-Received: by 2002:a17:903:1109:b0:223:635d:3e38 with SMTP id
 d9443c01a7336-231980cf7c1mr9367735ad.15.1747163304721;
        Tue, 13 May 2025 12:08:24 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:37ec:faaf:5b57:6b2e])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22fc829d425sm84851005ad.202.2025.05.13.12.08.24
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 May 2025 12:08:24 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 03/15] libsoup-2.4: Fix CVE-2025-32906
Date: Tue, 13 May 2025 12:08:00 -0700
Message-ID: 
 <2b938dd6beb1badca59804ffbe395deb679bc1b1.1747163155.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1747163155.git.steve@sakoman.com>
References: <cover.1747163155.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 May 2025 19:08:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216436

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/1f509f31b6f8420a3661c3f990424ab7b9164931
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup-2.4/CVE-2025-32906-1.patch        | 61 ++++++++++++++
 .../libsoup-2.4/CVE-2025-32906-2.patch        | 83 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.2.bb             |  2 +
 3 files changed, 146 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-2.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-1.patch
new file mode 100644
index 0000000000..916a41a71f
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-1.patch
@@ -0,0 +1,61 @@
+From 1f509f31b6f8420a3661c3f990424ab7b9164931 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 11 Feb 2025 14:36:26 -0600
+Subject: [PATCH] headers: Handle parsing edge case
+
+This version number is specifically crafted to pass sanity checks allowing it to go one byte out of bounds.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/1f509f31b6f8420a3661c3f990424ab7b9164931]
+CVE: CVE-2025-32906 #Dependency Patch
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c      |  2 +-
+ tests/header-parsing-test.c | 12 ++++++++++++
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 85385cea..9d6d00a3 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -225,7 +225,7 @@ soup_headers_parse_request (const char          *str,
+ 	    !g_ascii_isdigit (version[5]))
+ 		return SOUP_STATUS_BAD_REQUEST;
+ 	major_version = strtoul (version + 5, &p, 10);
+-	if (*p != '.' || !g_ascii_isdigit (p[1]))
++	if (p + 1 >= str + len || *p != '.' || !g_ascii_isdigit (p[1]))
+ 		return SOUP_STATUS_BAD_REQUEST;
+ 	minor_version = strtoul (p + 1, &p, 10);
+ 	version_end = p;
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 07ea2866..10ddb684 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -6,6 +6,10 @@ typedef struct {
+ 	const char *name, *value;
+ } Header;
+ 
++static char unterminated_http_version[] = {
++        'G','E','T',' ','/',' ','H','T','T','P','/','1', '0', '0', '.'
++};
++
+ static struct RequestTest {
+ 	const char *description;
+ 	const char *bugref;
+@@ -383,6 +387,14 @@ static struct RequestTest {
+ 	  { { NULL } }
+ 	},
+ 
++        /* This couldn't be a C string as going one byte over would have been safe. */
++	{ "Long HTTP version terminating at missing minor version", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/404",
++	  unterminated_http_version, sizeof (unterminated_http_version),
++	  SOUP_STATUS_BAD_REQUEST,
++           NULL, NULL, -1,
++	  { { NULL } }
++	},
++
+ 	{ "Non-HTTP request", NULL,
+ 	  "GET / SOUP/1.1\r\nHost: example.com\r\n", -1,
+ 	  SOUP_STATUS_BAD_REQUEST,
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-2.patch
new file mode 100644
index 0000000000..5baad15648
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-2.patch
@@ -0,0 +1,83 @@
+From af5b9a4a3945c52b940d5ac181ef51bb12011f1f Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 12 Feb 2025 11:30:02 -0600
+Subject: [PATCH] headers: Handle parsing only newlines
+
+Closes #404
+Closes #407
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f]
+CVE: CVE-2025-32906
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c      |  4 ++--
+ tests/header-parsing-test.c | 13 ++++++++++++-
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 9d6d00a3..52ef2ece 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -186,7 +186,7 @@ soup_headers_parse_request (const char          *str,
+ 	/* RFC 2616 4.1 "servers SHOULD ignore any empty line(s)
+ 	 * received where a Request-Line is expected."
+ 	 */
+-	while ((*str == '\r' || *str == '\n') && len > 0) {
++	while (len > 0 && (*str == '\r' || *str == '\n')) {
+ 		str++;
+ 		len--;
+ 	}
+@@ -371,7 +371,7 @@ soup_headers_parse_response (const char          *str,
+ 	 * after a response, which we then see prepended to the next
+ 	 * response on that connection.
+ 	 */
+-	while ((*str == '\r' || *str == '\n') && len > 0) {
++	while (len > 0 && (*str == '\r' || *str == '\n')) {
+ 		str++;
+ 		len--;
+ 	}
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 10ddb684..4faafbd6 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -6,10 +6,15 @@ typedef struct {
+ 	const char *name, *value;
+ } Header;
+ 
++/* These are not C strings to ensure going one byte over is not safe. */
+ static char unterminated_http_version[] = {
+         'G','E','T',' ','/',' ','H','T','T','P','/','1', '0', '0', '.'
+ };
+ 
++static char only_newlines[] = {
++        '\n', '\n', '\n', '\n'
++};
++
+ static struct RequestTest {
+ 	const char *description;
+ 	const char *bugref;
+@@ -387,7 +392,6 @@ static struct RequestTest {
+ 	  { { NULL } }
+ 	},
+ 
+-        /* This couldn't be a C string as going one byte over would have been safe. */
+ 	{ "Long HTTP version terminating at missing minor version", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/404",
+ 	  unterminated_http_version, sizeof (unterminated_http_version),
+ 	  SOUP_STATUS_BAD_REQUEST,
+@@ -457,6 +461,13 @@ static struct RequestTest {
+ 	  SOUP_STATUS_BAD_REQUEST,
+            NULL, NULL, -1,
+ 	  { { NULL } }
++	},
++
++	{ "Only newlines", NULL,
++	  only_newlines, sizeof (only_newlines),
++	  SOUP_STATUS_BAD_REQUEST,
++           NULL, NULL, -1,
++	  { { NULL } }
+ 	}
+ };
+ static const int num_reqtests = G_N_ELEMENTS (reqtests);
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
index b299fcf6de..f409816fc2 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
@@ -19,6 +19,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2024-52532-3.patch \
            file://CVE-2024-52531-1.patch \
            file://CVE-2024-52531-2.patch \
+           file://CVE-2025-32906-1.patch \
+           file://CVE-2025-32906-2.patch \
           "
 SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159"
 

From patchwork Tue May 13 19:08:01 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62877
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 337F3C3ABDA
	for <webhook@archiver.kernel.org>; Tue, 13 May 2025 19:08:34 +0000 (UTC)
Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com
 [209.85.215.171])
 by mx.groups.io with SMTP id smtpd.web10.84427.1747163306858074748
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:26 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=FksP8Tez;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f171.google.com with SMTP id
 41be03b00d2f7-af6a315b491so5266972a12.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1747163306;
 x=1747768106; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=7ixoyjIAeCAkmK9RJPXu2mahAn9mu9AFR2OUKixN2Ow=;
        b=FksP8TezPu1TYVmj2hw2DNihkf7Ej7nZsAPO1TKVDIlZoB8u+TGHigIfcKwl7lrkHA
         0qHLFAQG40/3bZBQ2l/sXPTFlKXPZ7F0MAceP1jBHpHAvsg8jq+DH3qVWMfm9b9ZwzYi
         Lq0CMNmo1kmHiRGzctQg+dNWYD9DMlDsQRQe+A46SiY1bHa/e377SXwvt+NIPMudKEd4
         1rmxDezZqAmwsDxvF5JezKXSCikpJ5e30EByvqNdwZNCnPWVtBVz7lnqpl+HEXZqmbGY
         a75mJvgdbdAJYFF1JWhnnhC93wf1aMmdx3u0lxdDkNdbVyYAVjX77lXhInFcDCZCXR2S
         ktUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747163306; x=1747768106;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=7ixoyjIAeCAkmK9RJPXu2mahAn9mu9AFR2OUKixN2Ow=;
        b=oS+Cge8DCOsik6SSjXUWdrtz3sFp+iipdodNLbBc5yneExjGUUcRihWAUShz5r+V/u
         kWvQBABMazfhogrgC9XA969QyoVmCSUZvc1kp0Bc7g0RGBFqCmNPcuw7EWPHt7I5/ECp
         RiF9qR06+WP2E1MF+G6Ov93qBmrefa7Mz9Vn6S166mDRQAfoTUvARYnJAY1DrIFyRaE7
         iHTxyqFlevV4qCusfbCQl+cNuY0Jr3PexnP6nkekIeb7/ji5aOnjRCIxOB6szSosF/4K
         w9uBVLAB+wal206REdgaKAoRQqW5BE/Ar9MH+Ocqsxju7a0aEDYTKNlVyr20jKvGSZQc
         ohmA==
X-Gm-Message-State: AOJu0YzQNg5QijPH+VKyWXj2UkfSJNePTSykhlmgsHyTPJ8QVo43gdya
	QUR25HzZ6tbzwIi1sQZbw7CpK2di54X23Qvn/vX8WrOONHOlmV5r4Lg5BdTg4JHbfNHGvdWZD9W
	x
X-Gm-Gg: ASbGnctHneoF+XroiaDhyTIGQhdmNv0PWGWQA0/Cmqis/+HREeMVwP+y6RW41Tk5SWL
	c4jkJYWzz90+N8XAM+gFcGSFlDSG/y/+w4k3CHriZfZHM5uvXItmwiVlSpW5VhKsSSWu+AEd5kF
	VUCGjfszyjkkEQ78RRfsmz87OCmcHaZ6pI9tTPIEhzYwUocp4zCBYq30DPOGjjMm3sPz77eEoaV
	Y4/BPk06WFniF0+OlB+R+FPjRbdp/cXUYhHPz/OGElyHIO50psVTUW6MxpB2GFmMEsZJKrpQcCy
	+66bEhLFQd9XZzrZemTD2MFsTE6tx8YE+3WeWECsCv4=
X-Google-Smtp-Source: 
 AGHT+IHWRwWw1CEg07EqBvEsmZGVcoEA/7FpSu/QlhrEHl++wOpJ84nvXtNhdhEpDSoMCFNMoxEKbg==
X-Received: by 2002:a17:903:8c3:b0:22e:5882:1812 with SMTP id
 d9443c01a7336-2319819ec3emr8282625ad.32.1747163306057;
        Tue, 13 May 2025 12:08:26 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:37ec:faaf:5b57:6b2e])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22fc829d425sm84851005ad.202.2025.05.13.12.08.25
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 May 2025 12:08:25 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 04/15] libsoup-2.4: Fix CVE-2025-32909
Date: Tue, 13 May 2025 12:08:01 -0700
Message-ID: 
 <ad1244ee75b4169eab21c2c8744b86342b32dd07.1747163155.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1747163155.git.steve@sakoman.com>
References: <cover.1747163155.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 May 2025 19:08:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216437

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-32909.patch  | 36 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.2.bb             |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch
new file mode 100644
index 0000000000..046f20203f
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch
@@ -0,0 +1,36 @@
+From ba4c3a6f988beff59e45801ab36067293d24ce92 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 8 Jan 2025 16:30:17 -0600
+Subject: [PATCH] content-sniffer: Handle sniffing resource shorter than 4
+ bytes
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/ba4c3a6f988beff59e45801ab36067293d24ce92]
+CVE: CVE-2025-32909
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-content-sniffer.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
+index 967ec61..a1f23c2 100644
+--- a/libsoup/soup-content-sniffer.c
++++ b/libsoup/soup-content-sniffer.c
+@@ -227,9 +227,14 @@ sniff_mp4 (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+ {
+ 	const char *resource = (const char *)buffer->data;
+ 	guint resource_length = MIN (512, buffer->length);
+-	guint32 box_size = *((guint32*)resource);
++	guint32 box_size;
+ 	guint i;
+ 
++	  if (resource_length < sizeof (guint32))
++		  return FALSE;
++
++	  box_size = *((guint32*)resource);
++
+ #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+ 	box_size = ((box_size >> 24) |
+ 		    ((box_size << 8) & 0x00FF0000) |
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
index f409816fc2..00f7fea41a 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
@@ -21,6 +21,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2024-52531-2.patch \
            file://CVE-2025-32906-1.patch \
            file://CVE-2025-32906-2.patch \
+           file://CVE-2025-32909.patch \
           "
 SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159"
 

From patchwork Tue May 13 19:08:02 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62879
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 417FAC3ABDC
	for <webhook@archiver.kernel.org>; Tue, 13 May 2025 19:08:34 +0000 (UTC)
Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com
 [209.85.215.181])
 by mx.groups.io with SMTP id smtpd.web10.84428.1747163308145817011
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:28 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=ogxhSG3W;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f181.google.com with SMTP id
 41be03b00d2f7-ae727e87c26so4154519a12.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1747163307;
 x=1747768107; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=a1692rcHiepkJ4rqtA9kz8K3huzxoUoBmGAtj0Hpu+Y=;
        b=ogxhSG3WYPbuvD5YRV1oX9omrfo0GR78TyE+8Kx0AqQsoVxiotI/0DE8FLddtGXIpD
         LSXZAhleunL0/O3+sSQWjrEvdrNcjZW+Q6MnsTfc6433r7zQK4CR2aMmG/mIEAn7HPTO
         uUm1z1Yxpzh34gZtZXGLSav1uRNWx37bUATV06uEnSs7sCy7DujkyIeJ+9DJYu65zMDq
         u8z4cKP3aoIqWiB5jpNTQxu5TMz4s+d2C6jMkzKUAs0WjRquKyxqgjg9UhcAay8UhBxv
         DDFaw7K5MCMJeMyQtMASKHtKeD5YGf59aIVjsHBAUMbqbvd1vdW54RIz3sJlhSk7xD9e
         Dh6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747163307; x=1747768107;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=a1692rcHiepkJ4rqtA9kz8K3huzxoUoBmGAtj0Hpu+Y=;
        b=PSfLo0QTvYKqUT1I1P3cbd85nqRpyzqrzFrWTkpFbkj4jYbVwEJnVdNBfbnh/7OBAg
         j8t+fn6ClbzBgIk5/ZKMDR6ytFxSThiC1p13G/r1ff28kkJDN8JS+xEX/ah03IvrAO8q
         r1+8yKYyvewYj9tY9Fba5RIs1qnHzntmw1LdzIrzKWsAtdX6KuA6O3I59iERE/AylgbC
         NDjlMEq6NPJU3va266yTK59ud54WVvbAsjPsNrO9spGdYsruR4ctDOjAlLHSCdBykR4P
         a+Y8eCNqy7PpMxlKrnrfxWg2bIz5wal50ZS0sx6ygZ6dtnAez/S4B5JmpUDSb9zq3e6I
         QyPg==
X-Gm-Message-State: AOJu0Yw55JClg42k3/7oPuZ95OkT4IvVAoi36YxvppM6juovzVwes32k
	/8xKPebwEVn91EA5bosrjE26Y6KJJkrBM/g/ZYCw4ilYmKaQfbuhDALj3HX3b1Rb8kkMVkwzV/N
	Q
X-Gm-Gg: ASbGnctgqH2lwILXK4IhDwSXR4C+GwLL4TemvBFrj99EUkEjWpB/VXI3wLC2y0Qrk1D
	1vfMX2zXQpKVWijAfvqpFDkBskX7HY6vjowG1lDlU3g4i8EfxUN/sq+FGf27rY17/Q6uP6sKpQ1
	mwUxGiP2AE0Ip/t8C74g6G/gS+xeovi6U6ZxVX9OHhrd/jS6U1kwBlqfW+dZhGsmL2mNOxq20XC
	5XxMC2aa9Q6NEEkBzDEqP9qHlK7u9+IUaC/x7BBuVGhG6jcMZPmBJM1qnEXiELUJWtxIXLfxH/Z
	ATQH0vnUJ8oh0ixlOb2wTzlo4sQ//1SBsSuyYkHBnno=
X-Google-Smtp-Source: 
 AGHT+IF/yJ89UntIwQlJzH0ZcIQrsam1mtm4QAooXlwisbUv+5p6wpZXCYY+39qkO04PodfBUoX9hA==
X-Received: by 2002:a17:902:d550:b0:22e:6bb1:f717 with SMTP id
 d9443c01a7336-231981c05d0mr7830845ad.41.1747163307382;
        Tue, 13 May 2025 12:08:27 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:37ec:faaf:5b57:6b2e])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22fc829d425sm84851005ad.202.2025.05.13.12.08.26
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 May 2025 12:08:27 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 05/15] libsoup: update fix CVE-2024-52532
Date: Tue, 13 May 2025 12:08:02 -0700
Message-ID: 
 <caf0ac894d029aaac7d746fe87db1aa0e8c3c93f.1747163155.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1747163155.git.steve@sakoman.com>
References: <cover.1747163155.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 May 2025 19:08:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216438

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/4c9e75c6676a37b6485620c332e568e1a3f530ff

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup/CVE-2024-52532-3.patch    | 46 +++++++++++++++++++
 meta/recipes-support/libsoup/libsoup_3.0.7.bb |  1 +
 2 files changed, 47 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52532-3.patch

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-3.patch b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-3.patch
new file mode 100644
index 0000000000..edcca86e8c
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-3.patch
@@ -0,0 +1,46 @@
+From 4c9e75c6676a37b6485620c332e568e1a3f530ff Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Wed, 13 Nov 2024 14:14:23 +0000
+Subject: [PATCH] websocket-test: Disconnect error signal in another place
+
+This is the same change as commit 29b96fab "websocket-test: disconnect
+error copy after the test ends", and is done for the same reason, but
+replicating it into a different function.
+
+Fixes: 6adc0e3e "websocket: process the frame as soon as we read data"
+Resolves: https://gitlab.gnome.org/GNOME/libsoup/-/issues/399
+Signed-off-by: Simon McVittie <smcv@debian.org>
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/4c9e75c6676a37b6485620c332e568e1a3f530ff]
+CVE: CVE-2024-52532
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ tests/websocket-test.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tests/websocket-test.c b/tests/websocket-test.c
+index 6a48c1f9..723f2857 100644
+--- a/tests/websocket-test.c
++++ b/tests/websocket-test.c
+@@ -1508,8 +1508,9 @@ test_receive_invalid_encode_length_16 (Test *test,
+ 	GError *error = NULL;
+ 	InvalidEncodeLengthTest context = { test, NULL };
+ 	guint i;
++	guint error_id;
+ 
+-	g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
++	error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
+ 	g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received);
+ 
+ 	/* We use 126(~) as payload length with 125 extended length */
+@@ -1522,6 +1523,7 @@ test_receive_invalid_encode_length_16 (Test *test,
+ 	WAIT_UNTIL (error != NULL || received != NULL);
+ 	g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR);
+ 	g_clear_error (&error);
++        g_signal_handler_disconnect (test->client, error_id);
+ 	g_assert_null (received);
+ 
+ 	g_thread_join (thread);
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index 869f0f1696..4b723d3150 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -15,6 +15,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2024-52530.patch \
            file://CVE-2024-52532-1.patch \
            file://CVE-2024-52532-2.patch \
+           file://CVE-2024-52532-3.patch \
            file://CVE-2024-52531-1.patch \
            file://CVE-2024-52531-2.patch \
            file://CVE-2024-52531-3.patch \

From patchwork Tue May 13 19:08:03 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62875
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1963FC3ABD8
	for <webhook@archiver.kernel.org>; Tue, 13 May 2025 19:08:34 +0000 (UTC)
Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com
 [209.85.214.177])
 by mx.groups.io with SMTP id smtpd.web11.84917.1747163309916287051
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:29 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=f7jNeltb;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f177.google.com with SMTP id
 d9443c01a7336-22c336fcdaaso56964445ad.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1747163309;
 x=1747768109; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=QxJOIRXF2yY3JctWFvPnkFyXKMVNgS4rbV4LOUzU0QY=;
        b=f7jNeltbr/d9OGI7r54ZoYElhPzCmKvVNyjisxztAf8tsuSoHWeTBQ647cswDl7LfY
         BlwFJ9MAsK3dPiC6GAP7hf3taOFi7q5ILFzxqRaj+lJgDWUxqmUefR5y27CfvOB9j0Tq
         7awkbOV/xIGhwL1gb9MUHs3FqC8TK7E1qxAh5z9uS8GN7i2KPlHWAVubGF3L/erlGTk5
         cLTciXaGRds1tN/7Ht/mhFVa3gYRDMM0UjgfHOV7lIzqGVhI0R5HMizO+Ykdvr1ugmF1
         xCYpdcEc1kHt4X46JTQUaehgMATRBSAIQ07hd8zJVwSfjqTnNBlQb60stKUzAm3xmz+k
         wd1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747163309; x=1747768109;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=QxJOIRXF2yY3JctWFvPnkFyXKMVNgS4rbV4LOUzU0QY=;
        b=ugYutTCppY6UlFLzXAEkNWHC7TOoFFIyW1rlUJemIHjpygiijS46Zz5T2Myx3G04w6
         yCQ30ooPwU1+F6Z+7f8U8nx32FQLgvQ3y+DK/SjtoRkdDY8C+NrlVgq2UR09UbSA2mqV
         JjGnZjEmxKweNe3wvlbIq9YiQhL2bRivkrYvuWalfCnA1AvMN1uqt3VKGZAr/UuCn+Eo
         UyxBPApxUBJSWbIL4btYdV1W9Koq7p2pfwSAyNxcW+F5wAHksjLr9Rj3qxlrOmL/jTyc
         CsD29SgiK5LNmCnYva+7bl8VXR1RMwfrgXgUaQ9b5vKy6XbV6POvN9BOX1upsMqKxMQ6
         z75Q==
X-Gm-Message-State: AOJu0YzID3gC7xN95PRNV3OK6ukgn4GumuVIr40UbaGVdkYVRNpJsnB9
	5yA0Hm579b6IUXWNFHs6UWqALFmHU4K85b+o7PoAhO0A84dxQ6JweYvKONsIVRjfl3q3jZdCFmm
	3
X-Gm-Gg: ASbGncudSD+mdgMRKhgg49SrVkccGVdaNvik3HhZRRDmbmrWdvMj2Upx7jYlXuLhmBB
	khZiJ8rNLSN128FOd7VKy12dKF+j0JE7euIbyQv9Iao19+ijTPeB8ztUUzMaJgVqookBNb4iqxB
	MYYxWpVgdRdf6WBEfddBNUuFHZx0A0Bh6cX0uHpqTGFVlIyWyXCxnPTtFjktNV5mxwAl+hVep3M
	hhbARTT3JF7C2yviLqhwrHXTlWUEkfsE8t6nzM/af+3NUfAbewjsX2vHWF7tJ3GvSlJ/QZMim/o
	mCLmqk7UbzU6JyI9+QDAmf4ptmgSv3Wbh78+Ign7/iw=
X-Google-Smtp-Source: 
 AGHT+IGqYY4fwyGYVgt6/4oM5CWMiW+QBWr5D6JPdfbFNC1Nb1e1lG2c576S+zMGDyvn4MJodmvsgw==
X-Received: by 2002:a17:903:198b:b0:22e:3b65:9279 with SMTP id
 d9443c01a7336-23198186ec8mr8278925ad.53.1747163308912;
        Tue, 13 May 2025 12:08:28 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:37ec:faaf:5b57:6b2e])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22fc829d425sm84851005ad.202.2025.05.13.12.08.28
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 May 2025 12:08:28 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 06/15] libsoup: Fix CVE-2025-32906
Date: Tue, 13 May 2025 12:08:03 -0700
Message-ID: 
 <17fbb56b3cbea445767cba988f3db5b32fb00b71.1747163155.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1747163155.git.steve@sakoman.com>
References: <cover.1747163155.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 May 2025 19:08:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216439

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/1f509f31b6f8420a3661c3f990424ab7b9164931
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup/CVE-2025-32906-1.patch    | 61 ++++++++++++++
 .../libsoup/libsoup/CVE-2025-32906-2.patch    | 83 +++++++++++++++++++
 meta/recipes-support/libsoup/libsoup_3.0.7.bb |  2 +
 3 files changed, 146 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32906-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32906-2.patch

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32906-1.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32906-1.patch
new file mode 100644
index 0000000000..916a41a71f
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32906-1.patch
@@ -0,0 +1,61 @@
+From 1f509f31b6f8420a3661c3f990424ab7b9164931 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Tue, 11 Feb 2025 14:36:26 -0600
+Subject: [PATCH] headers: Handle parsing edge case
+
+This version number is specifically crafted to pass sanity checks allowing it to go one byte out of bounds.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/1f509f31b6f8420a3661c3f990424ab7b9164931]
+CVE: CVE-2025-32906 #Dependency Patch
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c      |  2 +-
+ tests/header-parsing-test.c | 12 ++++++++++++
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 85385cea..9d6d00a3 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -225,7 +225,7 @@ soup_headers_parse_request (const char          *str,
+ 	    !g_ascii_isdigit (version[5]))
+ 		return SOUP_STATUS_BAD_REQUEST;
+ 	major_version = strtoul (version + 5, &p, 10);
+-	if (*p != '.' || !g_ascii_isdigit (p[1]))
++	if (p + 1 >= str + len || *p != '.' || !g_ascii_isdigit (p[1]))
+ 		return SOUP_STATUS_BAD_REQUEST;
+ 	minor_version = strtoul (p + 1, &p, 10);
+ 	version_end = p;
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 07ea2866..10ddb684 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -6,6 +6,10 @@ typedef struct {
+ 	const char *name, *value;
+ } Header;
+ 
++static char unterminated_http_version[] = {
++        'G','E','T',' ','/',' ','H','T','T','P','/','1', '0', '0', '.'
++};
++
+ static struct RequestTest {
+ 	const char *description;
+ 	const char *bugref;
+@@ -383,6 +387,14 @@ static struct RequestTest {
+ 	  { { NULL } }
+ 	},
+ 
++        /* This couldn't be a C string as going one byte over would have been safe. */
++	{ "Long HTTP version terminating at missing minor version", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/404",
++	  unterminated_http_version, sizeof (unterminated_http_version),
++	  SOUP_STATUS_BAD_REQUEST,
++           NULL, NULL, -1,
++	  { { NULL } }
++	},
++
+ 	{ "Non-HTTP request", NULL,
+ 	  "GET / SOUP/1.1\r\nHost: example.com\r\n", -1,
+ 	  SOUP_STATUS_BAD_REQUEST,
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32906-2.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32906-2.patch
new file mode 100644
index 0000000000..5baad15648
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32906-2.patch
@@ -0,0 +1,83 @@
+From af5b9a4a3945c52b940d5ac181ef51bb12011f1f Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 12 Feb 2025 11:30:02 -0600
+Subject: [PATCH] headers: Handle parsing only newlines
+
+Closes #404
+Closes #407
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f]
+CVE: CVE-2025-32906
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c      |  4 ++--
+ tests/header-parsing-test.c | 13 ++++++++++++-
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 9d6d00a3..52ef2ece 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -186,7 +186,7 @@ soup_headers_parse_request (const char          *str,
+ 	/* RFC 2616 4.1 "servers SHOULD ignore any empty line(s)
+ 	 * received where a Request-Line is expected."
+ 	 */
+-	while ((*str == '\r' || *str == '\n') && len > 0) {
++	while (len > 0 && (*str == '\r' || *str == '\n')) {
+ 		str++;
+ 		len--;
+ 	}
+@@ -371,7 +371,7 @@ soup_headers_parse_response (const char          *str,
+ 	 * after a response, which we then see prepended to the next
+ 	 * response on that connection.
+ 	 */
+-	while ((*str == '\r' || *str == '\n') && len > 0) {
++	while (len > 0 && (*str == '\r' || *str == '\n')) {
+ 		str++;
+ 		len--;
+ 	}
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 10ddb684..4faafbd6 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -6,10 +6,15 @@ typedef struct {
+ 	const char *name, *value;
+ } Header;
+ 
++/* These are not C strings to ensure going one byte over is not safe. */
+ static char unterminated_http_version[] = {
+         'G','E','T',' ','/',' ','H','T','T','P','/','1', '0', '0', '.'
+ };
+ 
++static char only_newlines[] = {
++        '\n', '\n', '\n', '\n'
++};
++
+ static struct RequestTest {
+ 	const char *description;
+ 	const char *bugref;
+@@ -387,7 +392,6 @@ static struct RequestTest {
+ 	  { { NULL } }
+ 	},
+ 
+-        /* This couldn't be a C string as going one byte over would have been safe. */
+ 	{ "Long HTTP version terminating at missing minor version", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/404",
+ 	  unterminated_http_version, sizeof (unterminated_http_version),
+ 	  SOUP_STATUS_BAD_REQUEST,
+@@ -457,6 +461,13 @@ static struct RequestTest {
+ 	  SOUP_STATUS_BAD_REQUEST,
+            NULL, NULL, -1,
+ 	  { { NULL } }
++	},
++
++	{ "Only newlines", NULL,
++	  only_newlines, sizeof (only_newlines),
++	  SOUP_STATUS_BAD_REQUEST,
++           NULL, NULL, -1,
++	  { { NULL } }
+ 	}
+ };
+ static const int num_reqtests = G_N_ELEMENTS (reqtests);
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index 4b723d3150..a5b6c2f039 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -19,6 +19,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2024-52531-1.patch \
            file://CVE-2024-52531-2.patch \
            file://CVE-2024-52531-3.patch \
+           file://CVE-2025-32906-1.patch \
+           file://CVE-2025-32906-2.patch \
           "
 SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
 

From patchwork Tue May 13 19:08:04 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62876
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2188EC3ABC3
	for <webhook@archiver.kernel.org>; Tue, 13 May 2025 19:08:34 +0000 (UTC)
Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com
 [209.85.214.174])
 by mx.groups.io with SMTP id smtpd.web11.84918.1747163310989567573
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:31 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=iWp9OUsK;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f174.google.com with SMTP id
 d9443c01a7336-22fa414c497so70100575ad.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1747163310;
 x=1747768110; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=M2/1quisCc/uM8Q9xFAwIKTiCgTfl3Mce9ql36UvWd8=;
        b=iWp9OUsKN/EIk6FOvx+0CrA4T40lbGc+wE1W9LD3yv5tvTSwQvkdyxvU3fo5Xl0tst
         M9SQyUgu2o9ELhLRaUmtOX1ZY0Xc52mSs8/uVm/f30EDej6ow8Lh3yx9fQfoW7BM8PCC
         n0PgIvXhN4jSuB706XoKN2X7wqAOy8sGtHjl9DZ0OB1XHMjqegfpLUCPtZcq0twyxINl
         PXFrpWk9dEwayTNzM7orU+hmNccPZRGCjIeP3O9cbICM5VeKFYXOxMzmOVlXjE7rgsEr
         4oAUcQ1L1ZNFZDBrqZpBKIakWLkRMeMjzymKL4FNBpH5XsmkHZbktYOwtCKucTQ1LLv0
         QcqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747163310; x=1747768110;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=M2/1quisCc/uM8Q9xFAwIKTiCgTfl3Mce9ql36UvWd8=;
        b=cS7a3HqrwVGyt7eSOKPG0GaFD5JfeQM6v4NRwPO1IwUeP6B432F19pd+8MrBd48u7o
         ZKFLXl+LyH6YQYVv50Niynhz9rVQQSdtVFtWon3YTctyVrrdoTvfpp09Wck6kLLpYJ9R
         mZbSH2sKqJTqqvznupZoj1NCB5lcT9KP/Bt2XPodbBf5/HnsZFoUkQjxdLxJT9mkaX/Y
         FlmUxWOBK54jJzCSVsGtgqLLTHQCvijVHBZgM64Sun1bKbhgcS+HakHCDhTEMQ7OhCpo
         LMuly4mn1EP96j1vFo4knPCTBpIcsN3/c8r3zV/rnsDdZ0B+BSrYwkpgX+NWHekD4aVr
         Jgug==
X-Gm-Message-State: AOJu0Yz3ioWa88iYBiAniB2VZaGJxO6Ei9MbD9P3bRs98qmdJYXxUWJr
	oEHy6FCqnzbctGMBPZwljXtY0MmNZq+DUQWCDoUgY42oh49ZlUJ0GBK+cEMmqMW4onJA0dW4kkn
	p
X-Gm-Gg: ASbGnctrLiLhrewzfFTEoFgq3SZrQW9HcRZQUqA0ocAQdBUa/qy6THGJflsFdaNluBj
	2txbOCNqQNeCW6/G6hjGeY07zGcOo8kub7upec0BVnJC56aeyGcuIRvtOnnxhCpQaJsqUYwUox0
	ZsdG8YgNbzgyBoZQlG/G4+kO4ZqiigCDc9LVzGwHiBzPuMIl3bMMzI0sSaDTPlZeM91R8OJVQv9
	ZpK7bjDeis1lo5T7v2e5Cjr2ToOfq8OsD0PLYj110zEv2hqF77+3sSKVCRfcIK0KN1KqfaRzeLk
	zNOCwv/S2H8PC/3YjyfUJhyO2PW7pg1HUFgrAIGhmArOee+qp3Go9w==
X-Google-Smtp-Source: 
 AGHT+IHApkoO0PKQlOGjurRQKt9TAk3+2PixExTXUq5+6DHrc0MwbaewjwzT1Y08C2DoKOWmbVrq+Q==
X-Received: by 2002:a17:902:f681:b0:220:c86d:d7eb with SMTP id
 d9443c01a7336-2319819d73dmr8286115ad.36.1747163310276;
        Tue, 13 May 2025 12:08:30 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:37ec:faaf:5b57:6b2e])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22fc829d425sm84851005ad.202.2025.05.13.12.08.29
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 May 2025 12:08:29 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 07/15] libsoup: Fix CVE-2025-32909
Date: Tue, 13 May 2025 12:08:04 -0700
Message-ID: 
 <491373828c1c66030fb41687f9a42b9e4deb010b.1747163155.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1747163155.git.steve@sakoman.com>
References: <cover.1747163155.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 May 2025 19:08:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216440

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup/CVE-2025-32909.patch      | 36 +++++++++++++++++++
 meta/recipes-support/libsoup/libsoup_3.0.7.bb |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32909.patch

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32909.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32909.patch
new file mode 100644
index 0000000000..8982da58f1
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32909.patch
@@ -0,0 +1,36 @@
+From ba4c3a6f988beff59e45801ab36067293d24ce92 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 8 Jan 2025 16:30:17 -0600
+Subject: [PATCH] content-sniffer: Handle sniffing resource shorter than 4
+ bytes
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/ba4c3a6f988beff59e45801ab36067293d24ce92]
+CVE: CVE-2025-32909
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/content-sniffer/soup-content-sniffer.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index 5a181ff1..aeee2e25 100644
+--- a/libsoup/content-sniffer/soup-content-sniffer.c
++++ b/libsoup/content-sniffer/soup-content-sniffer.c
+@@ -243,9 +243,14 @@ sniff_mp4 (SoupContentSniffer *sniffer, GBytes *buffer)
+ 	gsize resource_length;
+ 	const char *resource = g_bytes_get_data (buffer, &resource_length);
+ 	resource_length = MIN (512, resource_length);
+-	guint32 box_size = *((guint32*)resource);
++	guint32 box_size;
+ 	guint i;
+ 
++        if (resource_length < sizeof (guint32))
++                return FALSE;
++
++	box_size = *((guint32*)resource);
++
+ #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+ 	box_size = ((box_size >> 24) |
+ 		    ((box_size << 8) & 0x00FF0000) |
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index a5b6c2f039..4fa8fce1c4 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -21,6 +21,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2024-52531-3.patch \
            file://CVE-2025-32906-1.patch \
            file://CVE-2025-32906-2.patch \
+           file://CVE-2025-32909.patch \
           "
 SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
 

From patchwork Tue May 13 19:08:05 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62880
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3381EC3ABDD
	for <webhook@archiver.kernel.org>; Tue, 13 May 2025 19:08:34 +0000 (UTC)
Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com
 [209.85.210.169])
 by mx.groups.io with SMTP id smtpd.web11.84919.1747163312731938935
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:32 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=ADaFt0ly;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.169,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f169.google.com with SMTP id
 d2e1a72fcca58-7423df563d6so4775835b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1747163312;
 x=1747768112; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=cKHbFvYa4jrMmqLE1HMEGpGDSjIRXbAKa5krt89Vb78=;
        b=ADaFt0lyRRBLg4wFMW1dfXRAGfNuglz17wq/Gwdn1S9aP5PYsCyTQpQ3uFU8L2CVky
         bjOaBK+7xJhEb108c4jDlzFwC1KNc/A1Y4aUSaodEbdIGW+SqLFmcFsPOGyCjVF4ox3J
         RrL8urSuAayIx6QbmWt062CrSLQi3qMITFkPqRufbjtH2kkCSYXdfs8BiV1SmmI1zESM
         gGF58pCrhYfSCqLJaeRV0Gspr6euaNrTe/sEPQsV/XBhpbqlnRWQ7l5htcd/YDK5orDV
         dHluYYm5yGctnGfC7fpriW1UeRgqiyNbCh2fteMAVGkQLMMGr24w46JoH2IOGL8u6qH6
         Pnww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747163312; x=1747768112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=cKHbFvYa4jrMmqLE1HMEGpGDSjIRXbAKa5krt89Vb78=;
        b=jRlrLy3X401hjzAr07iypT8K6LYaTPaeu669LQ+Pg4uuTAStu+U++VE/ym7k7mZJvO
         qZf/3O610xoRPF43KYyLGRN2amGLyDAWZIhISxm2hP60tp4R9PkqTUveQYmGgymJtIOR
         kAP2pRbXoEv3ks7Z+pkaqKSiYy7EU98+i0liJiFD+gQWq/FqC9bCz/GuOjAgBW5RQ4BK
         iCVHBJQ5C8uKQw1+Z0GP6qOjJBwsL6fIBIRvyLa0VyGuVvtzU3Wb6irzYtTyofTmEYKb
         pA/f545n49kqhUhASji+uStf5IqkIx6lMIqx5iMldTz00lhuzsQJpWUtOI2MFrAhZJ/w
         bXBw==
X-Gm-Message-State: AOJu0Yz1QuyCX4pFSl5Rr9xvCnH8HG3QSF4B3wDioTyqLTJSFRoOpVii
	H4RN3h2D4BPKkcz/YcojQBxhcIfcWzRoF92gE/T1EG45RiMb76LWXN9efABuR19vEm3bvak8YO5
	N
X-Gm-Gg: ASbGncth9GP4jjReZweHSx5onrdy+jlxiMZ3g7Z2w9UlNy+QhPPx3F3eqT7KBluyEe9
	d2iGxdfBy1h2JVfgMLJi5ce2kjEn+YN1OEkWQH1zs1wPCCFlCKjnMFwNO8rRNCHP8E/8A8f3icb
	x7vA9pE19sVp3ujYiop7ZD9D6RQ9zV5fofqln5pTFixcssI8M/twfucc42gi2IFRq4nMxUoGmHF
	ajX117dHEFZ6fDHSj1PclJOt1u0yiWXS8GYrZ0IAVhKjtfNeCUQRLykbiGQn0naPVspmb6zFSOS
	cPv6I+TgQnLBOFN/I2Jhcy8NalW8dRU5TPaTWmL5CRg=
X-Google-Smtp-Source: 
 AGHT+IGdUyJsV4JafJ4K0IDUPSLngvI0eWCQpZbwCvYEgEZmSShU6awcR0/+ew/xyf4OrWnY1WDQ3Q==
X-Received: by 2002:a17:903:3c70:b0:22e:4c98:cd8b with SMTP id
 d9443c01a7336-231980c96ecmr8373855ad.3.1747163311764;
        Tue, 13 May 2025 12:08:31 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:37ec:faaf:5b57:6b2e])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22fc829d425sm84851005ad.202.2025.05.13.12.08.31
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 May 2025 12:08:31 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 08/15] libsoup: Fix CVE-2025-32910
Date: Tue, 13 May 2025 12:08:05 -0700
Message-ID: 
 <aeaa106595f173f5646a17adb413a85e0d01887e.1747163155.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1747163155.git.steve@sakoman.com>
References: <cover.1747163155.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 May 2025 19:08:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216441

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/e40df6d48a1cbab56f5d15016cc861a503423cfe
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/405a8a34597a44bd58c4759e7d5e23f02c3b556a
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/ea16eeacb052e423eb5c3b0b705e5eab34b13832

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup/CVE-2025-32910-1.patch    |  98 ++++++++++++
 .../libsoup/libsoup/CVE-2025-32910-2.patch    | 149 ++++++++++++++++++
 .../libsoup/libsoup/CVE-2025-32910-3.patch    |  27 ++++
 meta/recipes-support/libsoup/libsoup_3.0.7.bb |   3 +
 4 files changed, 277 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32910-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32910-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32910-3.patch

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32910-1.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32910-1.patch
new file mode 100644
index 0000000000..27011f587f
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32910-1.patch
@@ -0,0 +1,98 @@
+From e40df6d48a1cbab56f5d15016cc861a503423cfe Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Sun, 8 Dec 2024 20:00:35 -0600
+Subject: [PATCH] auth-digest: Handle missing realm in authenticate header
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/e40df6d48a1cbab56f5d15016cc861a503423cfe]
+CVE: CVE-2025-32910
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/auth/soup-auth-digest.c |  3 ++
+ tests/auth-test.c               | 50 +++++++++++++++++++++++++++++++++
+ 2 files changed, 53 insertions(+)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index 2e81849af..4f12e87a5 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -148,6 +148,9 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+ 	guint qop_options;
+ 	gboolean ok = TRUE;
+ 
++        if (!soup_auth_get_realm (auth))
++                return FALSE;
++
+ 	g_free (priv->domain);
+ 	g_free (priv->nonce);
+ 	g_free (priv->opaque);
+diff --git a/tests/auth-test.c b/tests/auth-test.c
+index 158fdac10..3066e904a 100644
+--- a/tests/auth-test.c
++++ b/tests/auth-test.c
+@@ -1866,6 +1866,55 @@ do_multiple_digest_algorithms (void)
+ 	soup_test_server_quit_unref (server);
+ }
+ 
++static void
++on_request_read_for_missing_realm (SoupServer        *server,
++                                   SoupServerMessage *msg,
++                                   gpointer           user_data)
++{
++        SoupMessageHeaders *response_headers = soup_server_message_get_response_headers (msg);
++        soup_message_headers_replace (response_headers, "WWW-Authenticate", "Digest qop=\"auth\"");
++}
++
++static void
++do_missing_realm_test (void)
++{
++        SoupSession *session;
++        SoupMessage *msg;
++        SoupServer *server;
++        SoupAuthDomain *digest_auth_domain;
++        gint status;
++        GUri *uri;
++
++        server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
++	soup_server_add_handler (server, NULL,
++				 server_callback, NULL, NULL);
++	uri = soup_test_server_get_uri (server, "http", NULL);
++
++	digest_auth_domain = soup_auth_domain_digest_new (
++		"realm", "auth-test",
++		"auth-callback", server_digest_auth_callback,
++		NULL);
++        soup_auth_domain_add_path (digest_auth_domain, "/");
++	soup_server_add_auth_domain (server, digest_auth_domain);
++        g_object_unref (digest_auth_domain);
++
++        g_signal_connect (server, "request-read",
++                          G_CALLBACK (on_request_read_for_missing_realm),
++                          NULL);
++
++        session = soup_test_session_new (NULL);
++        msg = soup_message_new_from_uri ("GET", uri);
++        g_signal_connect (msg, "authenticate",
++                          G_CALLBACK (on_digest_authenticate),
++                          NULL);
++
++        status = soup_test_session_send_message (session, msg);
++
++        g_assert_cmpint (status, ==, SOUP_STATUS_UNAUTHORIZED);
++	g_uri_unref (uri);
++	soup_test_server_quit_unref (server);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -1899,6 +1948,7 @@ main (int argc, char **argv)
+ 	g_test_add_func ("/auth/auth-uri", do_auth_uri_test);
+         g_test_add_func ("/auth/cancel-request-on-authenticate", do_cancel_request_on_authenticate);
+         g_test_add_func ("/auth/multiple-algorithms", do_multiple_digest_algorithms);
++        g_test_add_func ("/auth/missing-realm", do_missing_realm_test);
+ 
+ 	ret = g_test_run ();
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32910-2.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32910-2.patch
new file mode 100644
index 0000000000..b62e09cbdb
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32910-2.patch
@@ -0,0 +1,149 @@
+From 405a8a34597a44bd58c4759e7d5e23f02c3b556a Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Thu, 26 Dec 2024 18:18:35 -0600
+Subject: [PATCH] auth-digest: Handle missing nonce
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/405a8a34597a44bd58c4759e7d5e23f02c3b556a]
+CVE: CVE-2025-32910
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/auth/soup-auth-digest.c | 45 +++++++++++++++++++++++++--------
+ tests/auth-test.c               | 19 ++++++++------
+ 2 files changed, 46 insertions(+), 18 deletions(-)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index 4f12e87a..350bfde6 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -138,6 +138,19 @@ soup_auth_digest_get_qop (SoupAuthDigestQop qop)
+ 	return g_string_free (out, FALSE);
+ }
+ 
++static gboolean
++validate_params (SoupAuthDigest *auth_digest)
++{
++        SoupAuthDigestPrivate *priv = soup_auth_digest_get_instance_private (auth_digest);
++
++        if (priv->qop || priv->algorithm == SOUP_AUTH_DIGEST_ALGORITHM_MD5_SESS) {
++                if (!priv->nonce)
++                        return FALSE;
++        }
++
++        return TRUE;
++}
++
+ static gboolean
+ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+ 			 GHashTable *auth_params)
+@@ -175,16 +188,21 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+ 	if (priv->algorithm == -1)
+ 		ok = FALSE;
+ 
+-	stale = g_hash_table_lookup (auth_params, "stale");
+-	if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
+-		recompute_hex_a1 (priv);
+-	else {
+-		g_free (priv->user);
+-		priv->user = NULL;
+-		g_free (priv->cnonce);
+-		priv->cnonce = NULL;
+-		memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
+-		memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
++        if (!validate_params (auth_digest))
++                ok = FALSE;
++
++        if (ok) {
++                stale = g_hash_table_lookup (auth_params, "stale");
++                if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
++                        recompute_hex_a1 (priv);
++                else {
++                        g_free (priv->user);
++                        priv->user = NULL;
++                        g_free (priv->cnonce);
++                        priv->cnonce = NULL;
++                        memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
++                        memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
++                }
+         }
+ 
+ 	return ok;
+@@ -276,6 +294,8 @@ soup_auth_digest_compute_hex_a1 (const char              *hex_urp,
+ 
+ 		/* In MD5-sess, A1 is hex_urp:nonce:cnonce */
+ 
++                g_assert (nonce && cnonce);
++
+ 		checksum = g_checksum_new (G_CHECKSUM_MD5);
+ 		g_checksum_update (checksum, (guchar *)hex_urp, strlen (hex_urp));
+ 		g_checksum_update (checksum, (guchar *)":", 1);
+@@ -366,6 +386,8 @@ soup_auth_digest_compute_response (const char        *method,
+ 	if (qop) {
+ 		char tmp[9];
+ 
++                g_assert (cnonce);
++
+ 		g_snprintf (tmp, 9, "%.8x", nc);
+ 		g_checksum_update (checksum, (guchar *)tmp, strlen (tmp));
+ 		g_checksum_update (checksum, (guchar *)":", 1);
+@@ -429,6 +451,9 @@ soup_auth_digest_get_authorization (SoupAuth *auth, SoupMessage *msg)
+ 	g_return_val_if_fail (uri != NULL, NULL);
+ 	url = soup_uri_get_path_and_query (uri);
+ 
++        g_assert (priv->nonce);
++        g_assert (!priv->qop || priv->cnonce);
++
+ 	soup_auth_digest_compute_response (soup_message_get_method (msg), url, priv->hex_a1,
+ 					   priv->qop, priv->nonce,
+ 					   priv->cnonce, priv->nc,
+diff --git a/tests/auth-test.c b/tests/auth-test.c
+index 3066e904..c651c7cd 100644
+--- a/tests/auth-test.c
++++ b/tests/auth-test.c
+@@ -1867,16 +1867,17 @@ do_multiple_digest_algorithms (void)
+ }
+ 
+ static void
+-on_request_read_for_missing_realm (SoupServer        *server,
+-                                   SoupServerMessage *msg,
+-                                   gpointer           user_data)
++on_request_read_for_missing_params (SoupServer        *server,
++                                      SoupServerMessage *msg,
++                                      gpointer           user_data)
+ {
++        const char *auth_header = user_data;
+         SoupMessageHeaders *response_headers = soup_server_message_get_response_headers (msg);
+-        soup_message_headers_replace (response_headers, "WWW-Authenticate", "Digest qop=\"auth\"");
++        soup_message_headers_replace (response_headers, "WWW-Authenticate", auth_header);
+ }
+ 
+ static void
+-do_missing_realm_test (void)
++do_missing_params_test (gconstpointer auth_header)
+ {
+         SoupSession *session;
+         SoupMessage *msg;
+@@ -1899,8 +1900,8 @@ do_missing_realm_test (void)
+         g_object_unref (digest_auth_domain);
+ 
+         g_signal_connect (server, "request-read",
+-                          G_CALLBACK (on_request_read_for_missing_realm),
+-                          NULL);
++                          G_CALLBACK (on_request_read_for_missing_params),
++                          (gpointer)auth_header);
+ 
+         session = soup_test_session_new (NULL);
+         msg = soup_message_new_from_uri ("GET", uri);
+@@ -1948,7 +1949,9 @@ main (int argc, char **argv)
+ 	g_test_add_func ("/auth/auth-uri", do_auth_uri_test);
+         g_test_add_func ("/auth/cancel-request-on-authenticate", do_cancel_request_on_authenticate);
+         g_test_add_func ("/auth/multiple-algorithms", do_multiple_digest_algorithms);
+-        g_test_add_func ("/auth/missing-realm", do_missing_realm_test);
++        g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test);
++        g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test);
++        g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test);
+ 
+ 	ret = g_test_run ();
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32910-3.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32910-3.patch
new file mode 100644
index 0000000000..32e0c86e62
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32910-3.patch
@@ -0,0 +1,27 @@
+From ea16eeacb052e423eb5c3b0b705e5eab34b13832 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Fri, 27 Dec 2024 13:52:52 -0600
+Subject: [PATCH] auth-digest: Fix leak
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/ea16eeacb052e423eb5c3b0b705e5eab34b13832]
+CVE: CVE-2025-32910
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/auth/soup-auth-digest.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index 350bfde6..9eb7fa0e 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -72,6 +72,7 @@ soup_auth_digest_finalize (GObject *object)
+ 	g_free (priv->nonce);
+ 	g_free (priv->domain);
+ 	g_free (priv->cnonce);
++        g_free (priv->opaque);
+ 
+ 	memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
+ 	memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index 4fa8fce1c4..2c05ef338e 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -22,6 +22,9 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32906-1.patch \
            file://CVE-2025-32906-2.patch \
            file://CVE-2025-32909.patch \
+           file://CVE-2025-32910-1.patch \
+           file://CVE-2025-32910-2.patch \
+           file://CVE-2025-32910-3.patch \
           "
 SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
 

From patchwork Tue May 13 19:08:06 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62882
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3739FC3ABD8
	for <webhook@archiver.kernel.org>; Tue, 13 May 2025 19:08:44 +0000 (UTC)
Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com
 [209.85.210.177])
 by mx.groups.io with SMTP id smtpd.web10.84429.1747163314115179549
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:34 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=fYSCt3jG;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f177.google.com with SMTP id
 d2e1a72fcca58-739b3fe7ce8so5487139b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1747163313;
 x=1747768113; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ArvOiNmlmgzUhYcBR9Nd7ZZ4rHMmWm98ewquxqRPSwI=;
        b=fYSCt3jGrGDp5QNxzUoc0geORt1t4QKA7B3oyOdw9Fvmpj7rbxtnAIWqzEpcHEyU5x
         fVsc1bF99nGzQ8EWvFY17LGBC0BH3M9ui8wTxPYmRLRmdGHi3h+b2cdoQPQPo+hN4xDp
         YeRUO17aM+8Eg2VYxlOCdPF+qwtd7/KvW7p8xd60BDRlwJNQpXHx9TROXqg00lh4sen+
         pzSnDZXPOXes+3vTryaJGryyjgKbPNgT0LMGVZQdKr4JGOJJcFwFt1j7Hh5Vg4mJVk96
         5EfecyE851kZyjTGbWJdkGxNN3jk2d5gW/6YuoIxTj5vBO3RpQNiwPI1NL2/Lt3sxC98
         AjRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747163313; x=1747768113;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ArvOiNmlmgzUhYcBR9Nd7ZZ4rHMmWm98ewquxqRPSwI=;
        b=jVBsF6nTXpXBPemMleWsmqYe6LXapMspMMOcyoNYFKb5AS+ZtIrifc6KqHEiNuWdHt
         1u7kszhxbVbLQo5r27uDXsAYcff7fw1kP7Dl5hV+5/UqLPmQRO+LnW9OFWiya+TllGaz
         BVgpOwdTTeWwl23du1M2eQKaBzZTuek91hDV6xTw0Az/zmhSqEtEyko9hAgPAg9XdraT
         1mM1nq2fVd6XbGtEZani/HMOJbzSvMmBaaJhTJmhCcZ8QtDosC7+E1ghkqDvwAxSDXen
         QgxQYAQ+Cqa7uN8ekPBd9//QHP6Edldnv1jDU04xWNn4PvPO6f7WYi3h51DjFYrW9gIP
         6ZcA==
X-Gm-Message-State: AOJu0Yx2eBSFnu2QBvgp828JfjeR8y04s4f8Lhec92oViq6c6GKSaRuH
	EE09oEwo8i3FOs687ZFz9wFuke1gt1dPb3wIy3yyfQ0kP6J0e33aB7W7QPimdDxc52y2/XjW607
	l
X-Gm-Gg: ASbGncuuIYxGx6ihAx6ivNHmYSUDD42C6QYY1eFgKRBjl4wz5X7dIsIZTfQd7rNvADx
	y/lqx5eu6SsjteqrBngFXbDZc4GsZ6FCyPp8ydopYWjIgrx5jmLAHGXFxKLiFKjkBi6PHBNOyI7
	9IxkaBuzakGcgXUon8xyVhOmS//slOJlvsf6Q27hC7MpEwx3hD2R6T7jYAWPY/l8S04KuAZRFCz
	8NJ02xYxMQPWWSl8GyhdwvuJoOUisK/IrzbENzCtSOzsia9dHL0B6SALL3H67yiLskq2xLlAypU
	MAOh1i7HhDTg6mR+veRehx8lh4wDPB3DxSDRN1UvmQA=
X-Google-Smtp-Source: 
 AGHT+IHk0TfykUI+TdCpWS5U/BlU/MOEfxfssRwXPHVkgb9+Tt3cIb++iSY/IVJ0zBmYgf8uV0Tyrg==
X-Received: by 2002:a17:902:ef4c:b0:215:bc30:c952 with SMTP id
 d9443c01a7336-231980ce06amr7766195ad.6.1747163313234;
        Tue, 13 May 2025 12:08:33 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:37ec:faaf:5b57:6b2e])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22fc829d425sm84851005ad.202.2025.05.13.12.08.32
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 May 2025 12:08:32 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 09/15] libsoup: Fix CVE-2025-32911 &
 CVE-2025-32913
Date: Tue, 13 May 2025 12:08:06 -0700
Message-ID: 
 <e79585ab2a492a5023bce637cbe519fcd1370e04.1747163155.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1747163155.git.steve@sakoman.com>
References: <cover.1747163155.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 May 2025 19:08:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216442

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/7b4ef0e004ece3a308ccfaa714c284f4c96ade34
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../CVE-2025-32911_CVE-2025-32913-1.patch     | 72 +++++++++++++++++++
 .../CVE-2025-32911_CVE-2025-32913-2.patch     | 44 ++++++++++++
 meta/recipes-support/libsoup/libsoup_3.0.7.bb |  2 +
 3 files changed, 118 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32911_CVE-2025-32913-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32911_CVE-2025-32913-2.patch

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32911_CVE-2025-32913-1.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32911_CVE-2025-32913-1.patch
new file mode 100644
index 0000000000..4e1d8212f5
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32911_CVE-2025-32913-1.patch
@@ -0,0 +1,72 @@
+From 7b4ef0e004ece3a308ccfaa714c284f4c96ade34 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Fri, 27 Dec 2024 17:53:50 -0600
+Subject: [PATCH] soup_message_headers_get_content_disposition: Fix NULL deref
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/7b4ef0e004ece3a308ccfaa714c284f4c96ade34]
+CVE: CVE-2025-32911 CVE-2025-32913 #Dependency Patch
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-message-headers.c | 13 +++++++++----
+ tests/header-parsing-test.c    | 14 ++++++++++++++
+ 2 files changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index 56cc1e9d..04f4c302 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -1660,10 +1660,15 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders  *hdrs,
+ 	 */
+ 	if (params && g_hash_table_lookup_extended (*params, "filename",
+ 						    &orig_key, &orig_value)) {
+-		char *filename = strrchr (orig_value, '/');
+-
+-		if (filename)
+-			g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
++                if (orig_value) {
++                        char *filename = strrchr (orig_value, '/');
++
++                        if (filename)
++                                g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
++                } else {
++                        /* filename with no value isn't valid. */
++                        g_hash_table_remove (*params, "filename");
++                }
+ 	}
+ 	return TRUE;
+ }
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 5e423d2b..d0b360c8 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -1039,6 +1039,7 @@ do_param_list_tests (void)
+ #define RFC5987_TEST_HEADER_FALLBACK "attachment; filename*=Unknown''t%FF%FF%FFst.txt; filename=\"test.txt\""
+ #define RFC5987_TEST_HEADER_NO_TYPE  "filename=\"test.txt\""
+ #define RFC5987_TEST_HEADER_NO_TYPE_2  "filename=\"test.txt\"; foo=bar"
++#define RFC5987_TEST_HEADER_EMPTY_FILENAME ";filename"
+ 
+ static void
+ do_content_disposition_tests (void)
+@@ -1139,6 +1140,19 @@ do_content_disposition_tests (void)
+         g_assert_cmpstr (parameter2, ==, "bar");
+ 	g_hash_table_destroy (params);
+ 
++        /* Empty filename */
++        soup_message_headers_clear (hdrs);
++        soup_message_headers_append (hdrs, "Content-Disposition",
++				     RFC5987_TEST_HEADER_EMPTY_FILENAME);
++	if (!soup_message_headers_get_content_disposition (hdrs,
++							   &disposition,
++							   &params)) {
++		soup_test_assert (FALSE, "empty filename decoding FAILED");
++		return;
++	}
++        g_assert_false (g_hash_table_contains (params, "filename"));
++	g_hash_table_destroy (params);
++
+ 	soup_message_headers_unref (hdrs);
+ 
+ 	/* Ensure that soup-multipart always quotes filename */
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32911_CVE-2025-32913-2.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32911_CVE-2025-32913-2.patch
new file mode 100644
index 0000000000..5d9f33c736
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32911_CVE-2025-32913-2.patch
@@ -0,0 +1,44 @@
+From f4a761fb66512fff59798765e8ac5b9e57dceef0 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Fri, 27 Dec 2024 18:00:39 -0600
+Subject: [PATCH] soup_message_headers_get_content_disposition: strdup
+ truncated filenames
+
+This table frees the strings it contains.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0]
+CVE: CVE-2025-32911 CVE-2025-32913
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-message-headers.c | 2 +-
+ tests/header-parsing-test.c    | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index 04f4c302..ee7a3cb1 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -1664,7 +1664,7 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders  *hdrs,
+                         char *filename = strrchr (orig_value, '/');
+ 
+                         if (filename)
+-                                g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
++                                g_hash_table_insert (*params, g_strdup (orig_key), g_strdup (filename + 1));
+                 } else {
+                         /* filename with no value isn't valid. */
+                         g_hash_table_remove (*params, "filename");
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index d0b360c8..07ea2866 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -1150,6 +1150,7 @@ do_content_disposition_tests (void)
+ 		soup_test_assert (FALSE, "empty filename decoding FAILED");
+ 		return;
+ 	}
++        g_free (disposition);
+         g_assert_false (g_hash_table_contains (params, "filename"));
+ 	g_hash_table_destroy (params);
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index 2c05ef338e..f5877c3419 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -25,6 +25,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32910-1.patch \
            file://CVE-2025-32910-2.patch \
            file://CVE-2025-32910-3.patch \
+           file://CVE-2025-32911_CVE-2025-32913-1.patch \
+           file://CVE-2025-32911_CVE-2025-32913-2.patch \
           "
 SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
 

From patchwork Tue May 13 19:08:07 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62885
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4CD94C3ABDA
	for <webhook@archiver.kernel.org>; Tue, 13 May 2025 19:08:44 +0000 (UTC)
Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com
 [209.85.214.176])
 by mx.groups.io with SMTP id smtpd.web11.84920.1747163315440972780
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:35 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=0pK6tbGp;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.176,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f176.google.com with SMTP id
 d9443c01a7336-22fb6eda241so63218725ad.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1747163315;
 x=1747768115; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=3ocYiPHNs1+3wJweKaHFLTTkJnUn+5dbuYF55N4pkvM=;
        b=0pK6tbGpROBzkE/HJP9mjjc7g3dH6b4gAA0/xrI4SS/IqUl4ZSuM2C9o7BjH8vfbuL
         9uAvy145MAylec6risAveTMwiBeoQU1dtoaaSbbWJNptivR+GQLmkRijbYysuKDHOJ6U
         QGxQ6CPuzqT0LBpEjACyEffkMGXbomvQRNEVlyQH1uMgN5UFuNCEtW4GvGijfXccnfM/
         JO+qfhwuT9HwsOXmbafQCMwrKGFyDhrrtoJho5kmZxuNzHpL7Z2CqhcofS7tZSNsfM2f
         u08o3Q8pOO3jylvt3EbmnNXAXEE9QqJNHy72LtfrKXmnGzUybHwG/KHRU3x5HUt2rbcf
         USFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747163315; x=1747768115;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=3ocYiPHNs1+3wJweKaHFLTTkJnUn+5dbuYF55N4pkvM=;
        b=GL9sVIaKD6RtfW/Sci9GLHNx0f9hjZSKDQgJKx1K5vhO75O+cif2tCmulIMBmmq08n
         u577zRv9NgtqaPgftxxG0N0q/8luV6/A+2YhMYwTIakj8slKSXrNaEvyGyi3eWNyawLT
         TdPvHNeOO8wew5qZA7hSE9415jmxMD8RmNO5uQQX/blCOZ++x3fN3bmVf8BaG9ryIsfF
         d20wNyBZa3d10S+jIMYDUjzJhzehZ/Fg4pS17mKrA/NgXk4uVzVeoglaBE14emM4uHcz
         R/DwnWA7DQvMwzZ4DbrVHHAfS+8DVBwErZPgxj8/jEht+4q4JtGJKy/kdaFRziCwtSTb
         4vgg==
X-Gm-Message-State: AOJu0YxWaacXrqatQrW/uMh2ki5N/d1eCxG5kni6XmjsAGCI12dcHjs9
	YD5Ry1cVx74UffUkVgxYqIMF0yERoF9WrF+TWc+z/nQ5pdi8bQCkpvVOK5n8tj8056Dccnspxu7
	z
X-Gm-Gg: ASbGncuFKWyEbJiTySUQApWOi6RGz5AdhLchLRsQjmKj1sDuDKA1MHelNnS3rjcLKGh
	miuHxANx9mwia8DKTC8jQ/OXvMw4XtGDcrKEr/jAucW7iGalujFP4EPL1uM2/cwimMI4rOlQzFG
	o3A+9nldWfKAdz2NJINmsMpZ2E4jAumkb/VGFBuX9MWpUzD5IzOBdUZhwdmKnpeyCTy7L3vNj4y
	Kd9tlYTtWXFY64vAL4MQTTHOuzZf/6gkp/ZeNBFmGcRlQjBP72WRf1cmAcJBqaZU61IRvWBQ/1C
	dHOXYBo4rVIV3OeHc6fx4UrcyGSpQbuOFfcqgapdPX8EI+IcT8/Idw==
X-Google-Smtp-Source: 
 AGHT+IHyQ5GKzMUgCm4tT7ke08LICZwWaP2HvRNkHFz/JFQOM/AbOr4DfoPAf1grTwfxhR4BtUaOiw==
X-Received: by 2002:a17:903:1a27:b0:220:e9ef:ec98 with SMTP id
 d9443c01a7336-23198138162mr9272475ad.19.1747163314633;
        Tue, 13 May 2025 12:08:34 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:37ec:faaf:5b57:6b2e])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22fc829d425sm84851005ad.202.2025.05.13.12.08.34
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 May 2025 12:08:34 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 10/15] libsoup: Fix CVE-2025-32912
Date: Tue, 13 May 2025 12:08:07 -0700
Message-ID: 
 <7c709d985c4e732f6fedd56748b3de3e52869282.1747163155.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1747163155.git.steve@sakoman.com>
References: <cover.1747163155.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 May 2025 19:08:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216443

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup/CVE-2025-32912-1.patch    | 41 +++++++++++++++++++
 .../libsoup/libsoup/CVE-2025-32912-2.patch    | 30 ++++++++++++++
 meta/recipes-support/libsoup/libsoup_3.0.7.bb |  2 +
 3 files changed, 73 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32912-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32912-2.patch

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32912-1.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32912-1.patch
new file mode 100644
index 0000000000..c35c599502
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32912-1.patch
@@ -0,0 +1,41 @@
+From cd077513f267e43ce4b659eb18a1734d8a369992 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 5 Feb 2025 14:03:05 -0600
+Subject: [PATCH] auth-digest: Handle missing nonce
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992]
+CVE: CVE-2025-32912
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/auth/soup-auth-digest.c | 2 +-
+ tests/auth-test.c               | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index 9eb7fa0e..d69a4013 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -162,7 +162,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+ 	guint qop_options;
+ 	gboolean ok = TRUE;
+ 
+-        if (!soup_auth_get_realm (auth))
++        if (!soup_auth_get_realm (auth) || !g_hash_table_contains (auth_params, "nonce"))
+                 return FALSE;
+ 
+ 	g_free (priv->domain);
+diff --git a/tests/auth-test.c b/tests/auth-test.c
+index c651c7cd..484097f1 100644
+--- a/tests/auth-test.c
++++ b/tests/auth-test.c
+@@ -1952,6 +1952,7 @@ main (int argc, char **argv)
+         g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test);
+         g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test);
+         g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test);
++        g_test_add_data_func ("/auth/missing-params/nonce-and-qop", "Digest realm=\"auth-test\"", do_missing_params_test);
+ 
+ 	ret = g_test_run ();
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32912-2.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32912-2.patch
new file mode 100644
index 0000000000..ad6f3a8028
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32912-2.patch
@@ -0,0 +1,30 @@
+From 910ebdcd3dd82386717a201c13c834f3a63eed7f Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Sat, 8 Feb 2025 12:30:13 -0600
+Subject: [PATCH] digest-auth: Handle NULL nonce
+
+`contains` only handles a missing nonce, `lookup` handles both missing and empty.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f]
+CVE: CVE-2025-32912
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/auth/soup-auth-digest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index d69a4013..dc4dbfc5 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -162,7 +162,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+ 	guint qop_options;
+ 	gboolean ok = TRUE;
+ 
+-        if (!soup_auth_get_realm (auth) || !g_hash_table_contains (auth_params, "nonce"))
++        if (!soup_auth_get_realm (auth) || !g_hash_table_lookup (auth_params, "nonce"))
+                 return FALSE;
+ 
+ 	g_free (priv->domain);
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index f5877c3419..dbf437c42f 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -27,6 +27,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32910-3.patch \
            file://CVE-2025-32911_CVE-2025-32913-1.patch \
            file://CVE-2025-32911_CVE-2025-32913-2.patch \
+           file://CVE-2025-32912-1.patch \
+           file://CVE-2025-32912-2.patch \
           "
 SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
 

From patchwork Tue May 13 19:08:08 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62887
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 610F9C3ABDC
	for <webhook@archiver.kernel.org>; Tue, 13 May 2025 19:08:44 +0000 (UTC)
Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com
 [209.85.210.170])
 by mx.groups.io with SMTP id smtpd.web11.84923.1747163316809552087
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:36 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=IdWQBnsF;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.170,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f170.google.com with SMTP id
 d2e1a72fcca58-7411f65811cso5710764b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1747163316;
 x=1747768116; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=y5X9+l/gQjKCMkV/Bo3z+UpZiE/HjE9hBOHmG2kqcBY=;
        b=IdWQBnsFDyZ7PqZthWijkmeYCrQx7gOuchy1Jc/m8ExTVKCa1qxLB0bEubIy5AErNu
         Fe6ZRkd91Mt/BUaphAFsTb/OxDQn1RRwJcMm8Bab1eDnj27XDMNUkreJ0tYTFSM2L5ZD
         O9nrWXuFi7eiWw4oS5iZgW0CRiy5IfpCFhCklBGzhH5DDwO6BzCsHESOBQEs21g7Qi2a
         ccivbv92VeIYid62lSG5ONyc8UHjED0Vxv2guQPaXkyuXNNhaVWV2jVHdfpKFLjomBjj
         +em95n+NAeDxbPN/Bo+iih2LQ901yL583WUkMfPQg25r37CIR40AzJ50akvOR1RsZN6U
         yd+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747163316; x=1747768116;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=y5X9+l/gQjKCMkV/Bo3z+UpZiE/HjE9hBOHmG2kqcBY=;
        b=ac8l0023yASDkx0uSryrW9NpIX+UVeVHUcVLDieIKyRLHojZpZ3hhP75bFWKyi+LdL
         UTH5MzPuMnIAY/BNlF+SdkMrZkGM0A2job4VJvQ09vh4KW1xPZhMbX+M0Dh8fdH/LOjK
         7yulmCXlh19pnesjgDoDdMRUyCEJDjoTHjWCQ+t90LH4KrJ8jpDsHHXudwU/sE4O7Kiv
         4ploxRNhGTzM3GJbN21N7kDp9Si9rRRGs2eu+S4z26HOzmkuYpmDSzW79FGokHnP4Iac
         /5vkLdPvbIKq1uFpHo6+XE4E/xCkmO4HtD1SADPnW0f1ormjo7Zy/6Q6xIgtaasEJ+/0
         85pg==
X-Gm-Message-State: AOJu0YyYRuRVdPWGcXoX884IcGKLoPiVpJmW0ucbEiHvgu00askf3J2v
	Rxb6AiISB5IH7WWZSTerPn94S1NGkT4nTGnCy8Fx4iz8Rz7eWEd3a0bxRy7Z4E5qZJWNkCrTP0U
	l
X-Gm-Gg: ASbGnctLvKlTh1p1kd2zdIX483PzJoz8j7ACozLiS6JYyFklKDfyjct87sfnZur3Q31
	AXo9FN0n/0l9d6osCmyRG34noH4jt0aAAcnYoc7cRkatvsReyWu6MGhLw8A6qaZ190r8mYYyw/p
	fnH7EgwU9WlFrKcABO3mtk6UADgFJuPjdHsF2zjSuWz3PRML0lBKZ7xiak+xRAy+DbU4+zKo8wI
	GkEOgLL/3wFPW/pCHfRSDxwJCcinkgkR+hGfOXi748JeFs39hhovxVDxEPvzU4wJkpFzLNRriLh
	4/CfgNL5vqICuhezU3zY3DEESyuo6mJUGjgjA9BpJ/8=
X-Google-Smtp-Source: 
 AGHT+IFSe3Tjh3QBpCbeNMiDeG4jq3cqpRApVgD9TMm9ZKaZ5mVxjq9tzQkDcPNp9RfHDAaYmzgjuA==
X-Received: by 2002:a17:902:cf06:b0:22e:50e1:746 with SMTP id
 d9443c01a7336-231981c8e77mr7689985ad.36.1747163316003;
        Tue, 13 May 2025 12:08:36 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:37ec:faaf:5b57:6b2e])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22fc829d425sm84851005ad.202.2025.05.13.12.08.35
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 May 2025 12:08:35 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 11/15] libsoup: Fix CVE-2025-32914
Date: Tue, 13 May 2025 12:08:08 -0700
Message-ID: 
 <ce7cda16d823012f71d91c820083b0da93762d9d.1747163155.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1747163155.git.steve@sakoman.com>
References: <cover.1747163155.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 May 2025 19:08:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216444

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/commit/5bfcf8157597f2d327050114fb37ff600004dbcf]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup/CVE-2025-32914.patch      | 111 ++++++++++++++++++
 meta/recipes-support/libsoup/libsoup_3.0.7.bb |   1 +
 2 files changed, 112 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32914.patch

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32914.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32914.patch
new file mode 100644
index 0000000000..0ada9f3134
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32914.patch
@@ -0,0 +1,111 @@
+From 5bfcf8157597f2d327050114fb37ff600004dbcf Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 15 Apr 2025 09:03:00 +0200
+Subject: [PATCH] multipart: Fix read out of buffer bounds under
+ soup_multipart_new_from_message()
+
+This is CVE-2025-32914, special crafted input can cause read out of buffer bounds
+of the body argument.
+
+Closes #436
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/5bfcf8157597f2d327050114fb37ff600004dbcf]
+CVE: CVE-2025-32914
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-multipart.c |  2 +-
+ tests/multipart-test.c   | 58 ++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 59 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
+index 2421c91f8..102ce3722 100644
+--- a/libsoup/soup-multipart.c
++++ b/libsoup/soup-multipart.c
+@@ -173,7 +173,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers,
+ 			return NULL;
+ 		}
+ 
+-		split = strstr (start, "\r\n\r\n");
++		split = g_strstr_len (start, body_end - start, "\r\n\r\n");
+ 		if (!split || split > end) {
+ 			soup_multipart_free (multipart);
+ 			return NULL;
+diff --git a/tests/multipart-test.c b/tests/multipart-test.c
+index 2c0e7e969..f5b986889 100644
+--- a/tests/multipart-test.c
++++ b/tests/multipart-test.c
+@@ -471,6 +471,62 @@ test_multipart (gconstpointer data)
+ 	loop = NULL;
+ }
+ 
++static void
++test_multipart_bounds_good (void)
++{
++	#define TEXT "line1\r\nline2"
++	SoupMultipart *multipart;
++	SoupMessageHeaders *headers, *set_headers = NULL;
++	GBytes *bytes, *set_bytes = NULL;
++	const char *raw_data = "--123\r\nContent-Type: text/plain;\r\n\r\n" TEXT "\r\n--123--\r\n";
++	gboolean success;
++
++	headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
++	soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
++
++	bytes = g_bytes_new (raw_data, strlen (raw_data));
++
++	multipart = soup_multipart_new_from_message (headers, bytes);
++
++	g_assert_nonnull (multipart);
++	g_assert_cmpint (soup_multipart_get_length (multipart), ==, 1);
++	success = soup_multipart_get_part (multipart, 0, &set_headers, &set_bytes);
++	g_assert_true (success);
++	g_assert_nonnull (set_headers);
++	g_assert_nonnull (set_bytes);
++	g_assert_cmpint (strlen (TEXT), ==, g_bytes_get_size (set_bytes));
++	g_assert_cmpstr ("text/plain", ==, soup_message_headers_get_content_type (set_headers, NULL));
++	g_assert_cmpmem (TEXT, strlen (TEXT), g_bytes_get_data (set_bytes, NULL), g_bytes_get_size (set_bytes));
++
++	soup_message_headers_unref (headers);
++	g_bytes_unref (bytes);
++
++	soup_multipart_free (multipart);
++
++	#undef TEXT
++}
++
++static void
++test_multipart_bounds_bad (void)
++{
++	SoupMultipart *multipart;
++	SoupMessageHeaders *headers;
++	GBytes *bytes;
++	const char *raw_data = "--123\r\nContent-Type: text/plain;\r\nline1\r\nline2\r\n--123--\r\n";
++
++	headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
++	soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
++
++	bytes = g_bytes_new (raw_data, strlen (raw_data));
++
++	/* it did read out of raw_data/bytes bounds */
++	multipart = soup_multipart_new_from_message (headers, bytes);
++	g_assert_null (multipart);
++
++	soup_message_headers_unref (headers);
++	g_bytes_unref (bytes);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -498,6 +554,8 @@ main (int argc, char **argv)
+ 	g_test_add_data_func ("/multipart/sync", GINT_TO_POINTER (SYNC_MULTIPART), test_multipart);
+ 	g_test_add_data_func ("/multipart/async", GINT_TO_POINTER (ASYNC_MULTIPART), test_multipart);
+ 	g_test_add_data_func ("/multipart/async-small-reads", GINT_TO_POINTER (ASYNC_MULTIPART_SMALL_READS), test_multipart);
++	g_test_add_func ("/multipart/bounds-good", test_multipart_bounds_good);
++	g_test_add_func ("/multipart/bounds-bad", test_multipart_bounds_bad);
+ 
+ 	ret = g_test_run ();
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index dbf437c42f..87ffb34f7d 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -29,6 +29,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32911_CVE-2025-32913-2.patch \
            file://CVE-2025-32912-1.patch \
            file://CVE-2025-32912-2.patch \
+           file://CVE-2025-32914.patch \
           "
 SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
 

From patchwork Tue May 13 19:08:09 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62886
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6119BC3ABDE
	for <webhook@archiver.kernel.org>; Tue, 13 May 2025 19:08:44 +0000 (UTC)
Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com
 [209.85.214.173])
 by mx.groups.io with SMTP id smtpd.web11.84924.1747163318087321039
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:38 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=t19j7lIf;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f173.google.com with SMTP id
 d9443c01a7336-23198fcdeb0so1068165ad.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1747163317;
 x=1747768117; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Ko2vNXtNqdZea4Wbg9rBSgrUqeg/cKxomOt3ZFUfsTo=;
        b=t19j7lIfYYkmRxdBJAWemfZu/NnkKww9OFArRt8/I+Uz24hoMUPf0jMYFKsI2ahh/M
         5GUueVfjO0yBbFQevNEsAwLg8wZFrKH5lHkNUoOCoGzr5sg3UkmsFMQLdy04eFaKa+2J
         o4dRiGyyp12kmEObMIaUIL2Ha1scqtxJcerqVeKXJQPNeSZ2MblY+kCm9eoNW0AyZozg
         9NtL4P4Cbxxysy6vKvgejn6CYFjoJ8qDCgrrrVfBHwMDFATOCjivj6uxij8t+IYeFMSu
         Kdj7WPhDz81JG5eBkgK2tuQiEwPlpN7vAkev3mR920UMwcBTVLmwmue12nrtqDlmGpvm
         V0Xg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747163317; x=1747768117;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Ko2vNXtNqdZea4Wbg9rBSgrUqeg/cKxomOt3ZFUfsTo=;
        b=DaVQYhtl1SVYgiiHibnclqcHSZr6GemC353ItdlTMOH9vKWiKHbnCgrKNnMOfomv+C
         iD98ZDzADNK1lxh5aMI1iQTXxvx1huXrtg4s8gQkgwQPsWQK9HWPSvZ6CX6dah7jPYN7
         4t4JVcF/MeVDIjxsnVoxmCFzyOTFXCStT9xEmlginAwlYgfKzVdSzG2oZb7u/pr2u+BZ
         mpmsDZz5K+ROr2xReHCTl+fu6rXjED6KQu28iiW5/AGrjj/kjy2x0Fz1NhUdzK5jyo4L
         8BVEQ/pgZIwPt/1KD9+ToU1mZ/WBSoSsvmdrHvXa8hu27JEV6VUZZY085PIPB0I3gq2v
         gUOw==
X-Gm-Message-State: AOJu0Yz7futknF7Uv1DWnjPY7Sas7hVpBkLebUHiN3iSnGIgel8w2ja5
	MxFHKLH09PmIHqzfL8YgiAla2YgKdj09PMy+wnLsdRrOIBiHCINGW4xSS65/21r+Uxok2K53u1v
	h
X-Gm-Gg: ASbGncsBzG3N1jQIoVEiBsyZJLjDFPnz7feAT+kgpKaHhm2UoZEvNDc2FETd4RhwW8g
	9NiZl8gf+2hdge/yLaOUF3HZK02SP6Jh7VQ6xz48QgWCuG9YQ21/dTMK12QhOB8Ti4fjt6I3Qbr
	2egQ5ptFZH8V8lH8JupnhxYuKrTgDMban3WWqQO1O7CtKsiwhmHu8FI0Us1r9+FhDbyM56dUqDH
	74Emihk1Jtx4k0FSwdM+b6+SSEpm4lZTSqnecfnpMfjVMLnbv0fIuw/8RZIawAAd5ueTOj/qIk9
	P6cR4LIpsBdynkv0pSKzqVF+qxEH7hDhWW1xTzn1pl4=
X-Google-Smtp-Source: 
 AGHT+IG3n7ohW50F0ULQ+niwI4M4U6gEnjc3EIKoj9HgvElWfrFAdtq9OGzzR0u/LJwGRPAlxnerLg==
X-Received: by 2002:a17:902:f545:b0:223:f9a4:3f99 with SMTP id
 d9443c01a7336-2319811998emr7381905ad.29.1747163317361;
        Tue, 13 May 2025 12:08:37 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:37ec:faaf:5b57:6b2e])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22fc829d425sm84851005ad.202.2025.05.13.12.08.36
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 May 2025 12:08:37 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 12/15] scripts/install-buildtools: Update to
 4.0.26
Date: Tue, 13 May 2025 12:08:09 -0700
Message-ID: 
 <04ff268291598c1e0588cff43df694a714e48746.1747163155.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1747163155.git.steve@sakoman.com>
References: <cover.1747163155.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 May 2025 19:08:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216445

From: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>

Update to the 4.0.26 release of the 4.0 series for buildtools

Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/install-buildtools | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/install-buildtools b/scripts/install-buildtools
index 56b22e4270..8e55bd69c8 100755
--- a/scripts/install-buildtools
+++ b/scripts/install-buildtools
@@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout)
 
 DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools')
 DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto'
-DEFAULT_RELEASE = 'yocto-4.0.24'
-DEFAULT_INSTALLER_VERSION = '4.0.24'
+DEFAULT_RELEASE = 'yocto-4.0.26'
+DEFAULT_INSTALLER_VERSION = '4.0.26'
 DEFAULT_BUILDDATE = '202110XX'
 
 # Python version sanity check

From patchwork Tue May 13 19:08:10 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62881
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 373D4C3ABC9
	for <webhook@archiver.kernel.org>; Tue, 13 May 2025 19:08:44 +0000 (UTC)
Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com
 [209.85.210.172])
 by mx.groups.io with SMTP id smtpd.web11.84925.1747163319458912531
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:39 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=eLswGGkZ;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.172,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f172.google.com with SMTP id
 d2e1a72fcca58-736c277331eso151111b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1747163319;
 x=1747768119; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=uvwkcbKXnEgLZQvCo//elhXndmR/rgItj3QyGtdlbX8=;
        b=eLswGGkZm4/3JeS07a1RJz+2vopHEbiEasguJnIN+EjzcblMfiOrwQZ/fIUfXQUatd
         qWeA4IQdoRtF9PmtETYjVDwYoRnfZd94TdAw5qI/7Qz4kY2zx3ffjKOkmZi4+oUGKE8n
         tPIhVEWyz0qUKQ+m4qcrnmzALWYXfoDE+efFcAWvTuoLfO88MqwWNcaddZquFWFAnvmM
         /5+k3d0l6eGAGyEruQ7h/nL0tQTxFrGCn80cRgaGjMmQcaye0Ph3A8l65daoY340DNOO
         KjBr3symChar1HlYl5QVIKuIv8Xm85T5sGXxhgPcfzjAZB5/pJ6C1XjDFs9Eo9wph5f+
         HVRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747163319; x=1747768119;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=uvwkcbKXnEgLZQvCo//elhXndmR/rgItj3QyGtdlbX8=;
        b=wVPdH5Zp1yOVKvfXdwJO76YVuQ7uzNVmiNb1fbn3fnYeXFhlPW9/RySrtQV3BVcl1P
         cx3jfQz30WXRXiOFLLqm9jn0AGknGQIP716VpsTnY7oA7WHTZSU6HVUWau2r5gEtzxBn
         ElWtfPq+65iDw+T18c+TzzHw7Yi8Y2zasZA1h62Q9ag18+yHpD8Lm7iHFOsPEqBswV8C
         AGvBbxkBORYZCT0TZkyBkXs9N3jGgzsgy1VJd0xmqLTiIhLf2wEJhZhX5mKU+GnrhR1i
         /EuzTMPmx/qsznceJs/pYcJoSqa9JJ+6r/+UOtpLvckcFr9WfS/918rT5MfECnZI1Q3T
         WBZQ==
X-Gm-Message-State: AOJu0Yz0MC9w5abd26KMRLdrgKBl+IRHVBlkKX1+8W6xC6btF3+zu3ik
	PaEUTm35Sr06kI4DqQ5s/O7LioVoRkSzWOUWEOtO6sBvIkmr5072Bqbf/RfCCytotjL09t0bBy5
	F
X-Gm-Gg: ASbGncv3bou6HhSm13yFIg3GGpSxSam3cfTCEwTJzkWBkkz4OF5tHvYYIFAVfgc340/
	gAVi29LdkfUSdcJ9aDHCtf+6Pqhinb+77ovcqltIiAXk3XrPPqqobLDlVQ7AU9gShxNwEYODBw2
	9trNKpCqEV9tKANlpbqzco5nrREMVTOBK7I4/GJqTZPf4bBg2Xuj/w+1XWtpq0PCYEpC5v6Xx8q
	XmGeuhJkxQVIH7deLLLSgAyopsb+77SCAEvtKOzuWJuiyDf5poLKrL+ikrx7T+kC082DtNwwetw
	hYseesMW3lJlF62kvgUUjbXaUpYqHd8O5oaJ7Px/6EQ=
X-Google-Smtp-Source: 
 AGHT+IEPYy8gvZecGyi4sK0N7fh9kWCY1y1eBAmc8Ov4HBBVIWhPjg/tBe6EyXzwn+8FzTgCyUT+Uw==
X-Received: by 2002:a17:903:1a4e:b0:22e:50f2:1450 with SMTP id
 d9443c01a7336-23197fc77f2mr9033175ad.22.1747163318692;
        Tue, 13 May 2025 12:08:38 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:37ec:faaf:5b57:6b2e])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22fc829d425sm84851005ad.202.2025.05.13.12.08.38
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 May 2025 12:08:38 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 13/15] glibc: stable 2.35 branch updates
Date: Tue, 13 May 2025 12:08:10 -0700
Message-ID: 
 <70e9ae425e34221af6a7bdda6b83f2f8e7848278.1747163155.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1747163155.git.steve@sakoman.com>
References: <cover.1747163155.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 May 2025 19:08:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216446

From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>

d2febe7c40 math: Improve layout of exp/exp10 data
20b5d5ce26 AArch64: Use prefer_sve_ifuncs for SVE memset
9569a67a58 AArch64: Add SVE memset
59f67e1b82 math: Improve layout of expf data
904c58e47b AArch64: Remove zva_128 from memset
8042d17638 AArch64: Optimize memset
be451d6053 AArch64: Improve generic strlen
8b3d09dc0d assert: Add test for CVE-2025-0395
29d9b1e59e assert: Reformat Makefile.

Testresults:
Before update	|After update	 |Difference
PASS:  4832	|PASS:4833  	 |PASS:  +1
FAIL:  132	|FAIL:132	 |FAIL:  0
XPASS: 6	|XPASS:6 	 |XPASS: 0
XFAIL: 16	|XFAIL:16 	 |XFAIL: 0
UNSUPPORTED: 200|UNSUPPORTED:200 |UNSUPPORTED: 0

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/glibc/glibc-version.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index d98b6a4911..34b199c02b 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
 SRCBRANCH ?= "release/2.35/master"
 PV = "2.35"
-SRCREV_glibc ?= "549d8315791aa8176ff1537db3e09c185c6e602f"
+SRCREV_glibc ?= "d2febe7c407665c18cfea1930c65f41899ab3aa3"
 SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"

From patchwork Tue May 13 19:08:11 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62883
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 45D12C3ABC3
	for <webhook@archiver.kernel.org>; Tue, 13 May 2025 19:08:44 +0000 (UTC)
Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com
 [209.85.214.173])
 by mx.groups.io with SMTP id smtpd.web11.84926.1747163320771417074
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:40 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=GgNlKcnj;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f173.google.com with SMTP id
 d9443c01a7336-22c336fcdaaso56965695ad.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1747163320;
 x=1747768120; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=PwMioiLYPIozsK+s/9GGu4Dz1cjyatX+xPYO7rBI0Xk=;
        b=GgNlKcnjTzQrpK2ush3GmADGll2IhejuNV8PxztHabtXJnFyKwys4rZrCnaLucO6qU
         fPPIZXA0lYPhucsZLxCqbDMjrmg+PFIeUsoInI717zQHaim1aLSXijyGsTZqLS03ANLY
         +Zi1a5aiElPs+n70J1dyztDhVWOxG26Q0xMnuPpSuWuLvByD0HfvX01vSmyjyc9+O9Nk
         fWuB8wQneBUZvKS0oEiViTn2xEshH86FaaQYHMqNF9RKy3BQksLgnw5I0YGesAT80vp8
         K15qYgLO5zBvOyu+9sMdBNDUfPwgYDP1qLZF0hR2a7ZjzzsxqZQpXQUHfrwEYubmW78q
         tq2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747163320; x=1747768120;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=PwMioiLYPIozsK+s/9GGu4Dz1cjyatX+xPYO7rBI0Xk=;
        b=MEgoSEeUeM4uKTUPIYHFmdw8ZRnBhdIUWfH3wbWmLSBQhW2SKs8DYCtIaPP4BArWT2
         rLmEt0s0lY3RerXZHzwv991QfRcjH6kElasB/UdzaSBps2qwRyac+w/u6DnBYZJhscN8
         s4g8THnsbmgXYhgPaMe653RmLOnFZ/OYMsOBS7We/eLpKs0wI77IjS0aVEVknnJ0+TbC
         FGErxa5owXDqPzKSh0BDqIn6zR1/ynBPi2JD3u3TSdgZyZlHtkPhnJdmBQQX5+Vao9IR
         3AXfFZ/pBbDYUMern5vs11aM798FVV3vAXdkPYUVcU9WF4IDogRplzl+pgOurpb4k5PJ
         SSMQ==
X-Gm-Message-State: AOJu0YxkGL9pPGulPT3HCioqIGHwV5p6n+SryP+aly4Chor5a/p+ggA7
	/e1XrroQ5xV14t23Hit2qSxsPWBC+kMOgeinyAnGlgcatb8e5EwP/2v2s4qo1I3YJDftWHk9AvU
	h
X-Gm-Gg: ASbGncuCh5/mRbW0Y3wvlGmHsUWkHMoJkr8d3PeDWLJzqKHtMmSiXb681XXODLr5nca
	KG2x9c4ieKwekbHP/jR9TcM11l4tRlpJysOQ5BaFYnCE6/HB8JoIKIgrl/tG1ML9QG4t0Fqf75/
	bpNwIa5Y1TSLhqI7/jGvnkdiROyxSBIYFwS892hY3Huka1GHY5q8+WQ6QeOHTbQeRXI1+q+g5Wm
	4AoCVTflLVTCC9O0TBy+SCbgP/D9j1ITv2Mjlh4YFjz8LXxXCcC8tTbbZz/gQ1MXXjEhlW1uYL0
	lRAu7qyX6GRJhQiXkwgggJA05l4Mnr5hc6hSlZDicBE=
X-Google-Smtp-Source: 
 AGHT+IH6YmYmBC0X5Ra8hchH+rxlESvi8HoW3GJk3ab0PL8zAPdjcaMWCetYidoQToGbgv8czZSboA==
X-Received: by 2002:a17:902:e88a:b0:224:162:a3e0 with SMTP id
 d9443c01a7336-2319816fab6mr7536065ad.49.1747163319979;
        Tue, 13 May 2025 12:08:39 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:37ec:faaf:5b57:6b2e])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22fc829d425sm84851005ad.202.2025.05.13.12.08.39
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 May 2025 12:08:39 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 14/15] module.bbclass: add KBUILD_EXTRA_SYMBOLS
 to install
Date: Tue, 13 May 2025 12:08:11 -0700
Message-ID: 
 <1403ffa42014ad5c88c28da6c360ea5fd1857147.1747163155.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1747163155.git.steve@sakoman.com>
References: <cover.1747163155.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 May 2025 19:08:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216447

From: Alon Bar-Lev <alon.barlev@gmail.com>

Symbols are used during install as well, adding KBUILD_EXTRA_SYMBOLS enables
successful installation.

    | DEBUG: Executing shell function do_install
    | NOTE: make -j 22 KERNEL_SRC=xxx/kernel-source -C xxx/drivers
    KDIR=xxx/kernel-source DEPMOD=echo
    MODLIB=xxx/image/lib/modules/6.6.75-yocto-standard-00189-g530c419bc9db
    INSTALL_FW_PATH=xxx/image/lib/firmware CC=aarch64-poky-linux-gcc
    -fuse-ld=bfd -fcanon-prefix-map  LD=aarch64-poky-linux-ld.bfd
    OBJCOPY=aarch64-poky-linux-objcopy  STRIP=aarch64-poky-linux-strip
    O=xxx/kernel-build-artifacts modules_install
    | make: Entering directory 'xxx/drivers'
    | make -C xxx/kernel-source M=xxx/drivers modules
    | make[1]: Entering directory 'xxx/kernel-source'
    | make[2]: Entering directory 'xxx/kernel-build-artifacts'
    |   MODPOST xxx/drivers/Module.symvers
    | ERROR: modpost: "xxx" [xxx/xxx.ko] undefined!

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0ef80eeda967a9e04ff91c3583aabbc35c9868e8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/module.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes/module.bbclass b/meta/classes/module.bbclass
index a09ec3ed1e..2315f3c834 100644
--- a/meta/classes/module.bbclass
+++ b/meta/classes/module.bbclass
@@ -51,6 +51,7 @@ module_do_install() {
 	           INSTALL_FW_PATH="${D}${nonarch_base_libdir}/firmware" \
 	           CC="${KERNEL_CC}" LD="${KERNEL_LD}" \
 	           O=${STAGING_KERNEL_BUILDDIR} \
+		   KBUILD_EXTRA_SYMBOLS="${KBUILD_EXTRA_SYMBOLS}" \
 	           ${MODULES_INSTALL_TARGET}
 
 	if [ ! -e "${B}/${MODULES_MODULE_SYMVERS_LOCATION}/Module.symvers" ] ; then

From patchwork Tue May 13 19:08:12 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62884
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 51A99C3ABD9
	for <webhook@archiver.kernel.org>; Tue, 13 May 2025 19:08:44 +0000 (UTC)
Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com
 [209.85.215.179])
 by mx.groups.io with SMTP id smtpd.web11.84927.1747163322188383595
 for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:42 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=nszW1gFW;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f179.google.com with SMTP id
 41be03b00d2f7-b2325c56ebdso4940024a12.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 13 May 2025 12:08:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1747163321;
 x=1747768121; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Pn9UYatJXqeVnjPMDnsFqeEJ6wN8/kL5HoCQU5sK104=;
        b=nszW1gFWbK9TtNhd/nv/7xR/+bkcJq2CD25XngodXZH7G5oFAHfBLTcYsV5/SLZ5PP
         ne+MEdTE3kAvuNbDg5TV9UWrCvhpLJDQSl7Von7dJjWGdC0htgR3mhNHJGLnNGUl2J8o
         Ht5rmqLCeSr+r3dcNEsWB3vWKfSY3SrgxODUPFigKe2cpWRg3bK84OVvCqcLZgbnBzyH
         1s9DkfU1nC21yjuGZyxyYsTFLQttmyTnNhwciiPrycp0Y5oMEnf5x46y1aNIg6P6w7M5
         zCc5tvDWdtiojtzX04k3tuhG0S7tLuOwDthwARI+38hnfikn+FoHK4wk/vrAvIjHMaM0
         k4gg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747163321; x=1747768121;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Pn9UYatJXqeVnjPMDnsFqeEJ6wN8/kL5HoCQU5sK104=;
        b=aEuuzy7Zoi6lSzl4Q9WudoynTBtk5xyw+rcPivY/i9XbHq8WSUJAxveNTSdbM+XCn2
         uzoI4aX6yWZ2m62Kbw8JXh8fEGE52IcOTTxvBAA1B0ggxwVlmMw+Yo6cIiUV4hQGwFre
         zb1f+jn8C4dKQHoQsLkv8Em8c048Y00dBp2XRU8M5XCp40tnWyoCPlYnOQ3f4HRxKtZb
         0+ghkQXYAV5Gl3Zata7K5so0YXWmqH2oLICQCsRIok36u9iOSMS2d7K1oSlb5qS5MwBZ
         F7IYGbQfcvxjz0IdJ/aPPlbSvUt8OSMvTWhY4npvGsXp/ENH/JwP2NEf1FFy56YxNg4a
         TAYQ==
X-Gm-Message-State: AOJu0YyXPXRgaTqgWlE0/jyNOVPjl0nNHUQrW0XYgsA4ydAgPeQCEMGE
	TmJ6EzGhYgTx+9A44eeCHtvFMhZbAy8aokNTny+h4wIRxqzKSojWa7/ZmlaeCvlduBzjfEjE5bj
	w
X-Gm-Gg: ASbGncsMEZI38RefC1/I5hsNB3BuphPFzr5efv5fi4IqmlkzDGvB+sk0h5cyxNnIgGX
	fwV+E92xlxNe/o3ttn8binS1TcharXPvZlgJT1iyik9WTyShW44YyE3lLHu/d7r7a6gOVROOSlk
	o8PkvW56xayK6MNSL1BPRtDpyx/FgxbJx3bT2oTTKD7hZOnEALkefY9JVq2uDeZIqGaqExGchU6
	O5TdtDQSAxlpIu4E6lyxwDBXSlmShxRGJMcxhv2W5U3zlmsa3nvasg+ljdWsYdgAnYOVIwz1Izs
	TJZ8XuoksIfV2jN4Ml4o8WPej5hiQmlE+yYppvWJ5/8=
X-Google-Smtp-Source: 
 AGHT+IH6LV3okV7nU8e7tL4EfgxNc/ZwJ089Sd0s+6i6SK6nBjxuJC6MyT7sWsoYPNWstzuPBMjTmA==
X-Received: by 2002:a17:903:3ad0:b0:22e:b215:1b6 with SMTP id
 d9443c01a7336-231980ef20emr9472225ad.28.1747163321386;
        Tue, 13 May 2025 12:08:41 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:37ec:faaf:5b57:6b2e])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22fc829d425sm84851005ad.202.2025.05.13.12.08.40
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 May 2025 12:08:41 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 15/15] perl: enable _GNU_SOURCE define via
 d_gnulibc
Date: Tue, 13 May 2025 12:08:12 -0700
Message-ID: 
 <79dc3f42958bfefe03a8240e2a57501c38d2bd3c.1747163155.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1747163155.git.steve@sakoman.com>
References: <cover.1747163155.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 13 May 2025 19:08:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216448

From: Alexander Kanavin <alex.kanavin@gmail.com>

This is needed to properly support memmem() and friends under musl
as musl guards the declarations with _GNU_SOURCE define, and if the
declarations are not present, gcc will issue warnings and generate
assembly that assumes the functions return int (instead of e.g.
void*), with catastrophic consequences at runtime.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6422e62fbc5c65a2165a72c97c880cfa9a80e957)
Signed-off-by: Peter Hurley <peter@meraki.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/perl/perl_5.34.3.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-devtools/perl/perl_5.34.3.bb b/meta/recipes-devtools/perl/perl_5.34.3.bb
index f6ebbf2d16..c8475fc450 100644
--- a/meta/recipes-devtools/perl/perl_5.34.3.bb
+++ b/meta/recipes-devtools/perl/perl_5.34.3.bb
@@ -70,6 +70,7 @@ do_configure:class-target() {
     -Dlibpth='${libdir} ${base_libdir}' \
     -Dglibpth='${libdir} ${base_libdir}' \
     -Alddlflags=' ${LDFLAGS}' \
+    -Dd_gnulibc=define \
     ${PACKAGECONFIG_CONFARGS}
 
     #perl.c uses an ARCHLIB_EXP define to generate compile-time code that