From patchwork Tue Jun 10 16:08:14 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64719
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E134EC71131
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:08:57 +0000 (UTC)
Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com
 [209.85.214.172])
 by mx.groups.io with SMTP id smtpd.web10.91271.1749571732164153613
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:08:52 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=fNhMcUtS;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.172,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f172.google.com with SMTP id
 d9443c01a7336-2363616a1a6so10792535ad.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:08:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571731;
 x=1750176531; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=jahSKpcYuMBldeiuQQNm5TjKQzSqkQSS4IQmDCs89po=;
        b=fNhMcUtSR1tpu8n5YWial9fCD/OZ+v2QKC59H4RavSNthVUvLSLjBOcNZiH78OB1vc
         SNz+sIPgndN2/wanOSotT8xd/a0KtEAAs2m6AUIrB30us4w/S7hmnuxvbX6FMmg1fiaw
         GueVU1eS9AivKdE8dcFf1C5goH7E6Z1Pmoe4IQNHWL+RoXWqpLjmGRCLkUmGDGw7R+t7
         7NtvxpNty32o9CjXqr1vvVBwa5mov9YLQcB3ogirwBsPJgcO1YF9AwtONbmSaOsFpvP6
         cTINX6siO9TAxmA2dcUAXqAdj2dmJ+yqXYTJbrLaG8fkDJBsJfgir1FsTVAMmRlCKDPM
         470A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571731; x=1750176531;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=jahSKpcYuMBldeiuQQNm5TjKQzSqkQSS4IQmDCs89po=;
        b=Qrddhqgcmn4W2RssET1lV9dpSBszplm7gwUtnXTB85h5piz07wX1FrZMZb1YGMRbLA
         pyasjwdQ9xgULCENJ2DKtKw/c2pQNHsy68xx3h+Pvxxosc4UB1UYqGsqFE/1JjjDWVRe
         2qk2YbFrzk6Wa7BymbfYe61/XZMP5LkmWTBkDUMDbKlXzWWfqJhZEWi4N74o/lbqrxkg
         6ZIxglQ5bqjklaVVJT911/MSpjPPv8R84v1PujIHnqTv7sh/3plJHPoWJQxhs70tBI62
         8VVsneErG7rChERYESMT7I2GDzyJwbP43Z0n+4gBoaOCVxxl5WH/ZPYhoWEihTYfndki
         F00w==
X-Gm-Message-State: AOJu0Yzf8D2/x6fNRt/eefgpXjJCU5Ta0Wx+0h8S/lkND3WbMcuEKDs7
	UoG0gvOoPlMgpza2aS40MsUYXtzoty01daWrx2Zc9vIjEc9jDA68fV1SdenrWV0k2ifcMv5EkOI
	EEYhq
X-Gm-Gg: ASbGncuvYrcq2kl62/7raLVi3jlQxFCcEZKr8zu8jTqcRGeYICBJjT/X9tKEb1XLzRe
	onDYObkqzCE16c8rL+7Q0m0QQ7EHglTuOqadFTNcrqTMUMVMhdQwX6YtFRToMy2qKwC0YcMq9b3
	jTIcQ9OR1kPXLKfDiQfqUfX8Fa7Na4xgfdgluD/gs0qxlIa+d+goPQgqcrYQ7XLRjG9W0gi2dVJ
	iO7Y4C9jqwEMUcndlhmCBe4rtGgu/mq4rOvAwDi3CEeqxDEkW6FzD/XqHURA3w4Iadpt/J3TFsr
	ChnHd3DYpBbBQ/qCMVU1hmoT4zeR16f/gtKcwwx9a234+4ZZ6sXepA==
X-Google-Smtp-Source: 
 AGHT+IFipWvJPaE4ywx0EFEXEsmxjqNyumAY+uF4dK4vrHbiezMycpM0FxcVRDR6332rsHfZktPDhw==
X-Received: by 2002:a17:902:e890:b0:235:e71e:a37b with SMTP id
 d9443c01a7336-23601d973ccmr260450365ad.34.1749571731350;
        Tue, 10 Jun 2025 09:08:51 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.08.50
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:08:51 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 01/32] libsoup-2.4: update patch
 0001-CVE-2025-32911.patch
Date: Tue, 10 Jun 2025 09:08:14 -0700
Message-ID: 
 <d95ddd4ebb4ea78fc64cfb025306f1f953ded3f9.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:08:57 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218370

From: Changqing Li <changqing.li@windriver.com>

CVE-2025-32913 also fixed in this patch

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/435

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/0001-CVE-2025-32911.patch               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/0001-CVE-2025-32911.patch b/meta/recipes-support/libsoup/libsoup-2.4/0001-CVE-2025-32911.patch
index 9ef0643837..d75594bb4f 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4/0001-CVE-2025-32911.patch
+++ b/meta/recipes-support/libsoup/libsoup-2.4/0001-CVE-2025-32911.patch
@@ -3,7 +3,7 @@ From: Changqing Li <changqing.li@windriver.com>
 Date: Wed, 30 Apr 2025 14:59:55 +0800
 Subject: [PATCH] CVE-2025-32911
 
-CVE: CVE-2025-32911
+CVE: CVE-2025-32911 CVE-2025-32913
 Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/422/commits]
 
 Signed-off-by: Changqing Li <changqing.li@windriver.com>

From patchwork Tue Jun 10 16:08:15 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64717
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EA896C71130
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:08:57 +0000 (UTC)
Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com
 [209.85.214.179])
 by mx.groups.io with SMTP id smtpd.web11.90685.1749571733981038995
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:08:54 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=t0w2n4Xa;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f179.google.com with SMTP id
 d9443c01a7336-2350b1b9129so37163065ad.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:08:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571733;
 x=1750176533; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=OIIrbz1QgyoT+Ym4DrUGznUQOoox+0yJGGNfHgmnFkw=;
        b=t0w2n4XaHMdwIrYdKdBBYz0lnzPHNsOmbqw0ESTKkHIZTZzgXR3LeXtyUaW4+XUuSq
         0+i8ZctV0OnYGdZ5I/jvAFfzHSLNAAjDa9ivo16qPjD5tjS9fYcXdT3mANGX1HpE71Uk
         TJfkRdynvOELsY18jesf/ArouqnqJB2AqKO3HrBRy+6VzqO8DVX3oixBpQU5YwLFb3e/
         /5qzUyuRhVT8JwLgabl+D9jABoNFnu9FvA1SyqLsABAZLl8ilia/8huykZglde29J707
         vwPg8bNpTOrd5FuZBna3hUtgEtXW3XGex6vtGTpYkesUxMS0rXZY24P78tOfxCWiyx0+
         cN9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571733; x=1750176533;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=OIIrbz1QgyoT+Ym4DrUGznUQOoox+0yJGGNfHgmnFkw=;
        b=pVHwCJ7ot73ecT/5RbbsKa4fxNFWQNwxw+YehdEmx0q5y75cZByQAps/JrrfNx5gJL
         6806zWD/lIiasY5Bp9g0IZAAsLLpCFY4572t1oYU1KLJei8qUInE/079biWAVG6HRRBk
         1iS/vruZA/uNi8DRlKTb9gO6yRYGiVV8wGKsB0BSW2f8tGVRUT6j3bwT+tiWknoDrwb6
         /g26Jy0DDHcMRz2MqjJbJJGlj+VTD0t2z5Frg5RKwGPm801lr3utXhHkXQIDyOHxj8+s
         I9IIVmrgJeaZuHxWX+PIilDwLruhqEX7HjkJzh4hELtfYRWDKoYV+XdxisHibjogfTIo
         ovKQ==
X-Gm-Message-State: AOJu0YypMJ0bd/REp1weuL82ov9OfeMHY8plNBanMXQcTIUyB6HYREPq
	DnxzSCwLvZ112UXuLeOLbaFBhLGYo4RSvrupbR5dnjQn0BJXzLCsNosJdosj8GfTQvbm5LDG2DS
	oRN59
X-Gm-Gg: ASbGncuaur+X4ASZfykzMeukU1+zMh9c+MqpDXx62ISgCcI+7TrK2TLWeJo70ramlbA
	lKC8+mlLxxFXiBLphswIENFUmz6B+pGxpSyKDf/h4n692vwF35s23eU5+Al2kji7KR9mczf2FbW
	yqq8l+RPOGZDZj0FC7VBvp1mxbKbPJhzK/A6/j7+jh0dQjm6w/FWria/Ao74LAIpPKBOLuJ2qlE
	WxqhDsl90bJni6rpB6/eQl6JmFZaNzmD7nOZg0tNMvei+dgSsp2xUASX3fumQ+9pDePU/hBGduh
	cSbokWE3z2wLoiMgHMNkoJ4K23e/xnkb4Oj+BQ6PIH39p5Rlc/NQag==
X-Google-Smtp-Source: 
 AGHT+IF5jJ+4+ycsucfCb11V0dLsXGVEIqIXLtrBohi6GS7FVUbbTJ8ns6DnGKFCvT/LBCigHMKxsw==
X-Received: by 2002:a17:902:e845:b0:234:9670:cc73 with SMTP id
 d9443c01a7336-23601cf2f3amr266075535ad.5.1749571733085;
        Tue, 10 Jun 2025 09:08:53 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.08.52
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:08:52 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 02/32] libsoup-2.4: fix CVE-2025-32053
Date: Tue, 10 Jun 2025 09:08:15 -0700
Message-ID: 
 <2f8307a3795ccaff50fbfb4fe716cdf37f1c82f2.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:08:57 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218371

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/426

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-32053.patch  | 39 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  4 +-
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch
new file mode 100644
index 0000000000..0d829d6200
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch
@@ -0,0 +1,39 @@
+From d9bcffd6cd5e8ec32889a594f7348d67a5101b3a Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 12 May 2025 13:58:42 +0800
+Subject: [PATCH] Fix heap buffer overflow in
+ soup-content-sniffer.c:sniff_feed_or_html()
+
+CVE: CVE-2025-32053
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-content-sniffer.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
+index 967ec61..5f2896e 100644
+--- a/libsoup/soup-content-sniffer.c
++++ b/libsoup/soup-content-sniffer.c
+@@ -620,7 +620,7 @@ skip_insignificant_space (const char *resource, int *pos, int resource_length)
+ 	       (resource[*pos] == '\x0D')) {
+ 		*pos = *pos + 1;
+ 
+-		if (*pos > resource_length)
++		if (*pos >= resource_length)
+ 			return TRUE;
+ 	}
+ 
+@@ -682,7 +682,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+ 		do {
+ 			pos++;
+ 
+-			if (pos > resource_length)
++			if ((pos + 1) > resource_length)
+ 				goto text_html;
+ 		} while (resource[pos] != '>');
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 22cbbdb1b8..b42a8f9520 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -16,7 +16,9 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://0001-CVE-2025-32911.patch \
            file://CVE-2024-52532-1.patch \
            file://CVE-2024-52532-2.patch \
-           file://CVE-2024-52532-3.patch"
+           file://CVE-2024-52532-3.patch \
+           file://CVE-2025-32053.patch \
+"
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 
 CVE_PRODUCT = "libsoup"

From patchwork Tue Jun 10 16:08:16 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64715
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D0FD5C677C4
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:08:57 +0000 (UTC)
Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com
 [209.85.214.178])
 by mx.groups.io with SMTP id smtpd.web11.90686.1749571735586542519
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:08:55 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=DbWT6k+r;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f178.google.com with SMTP id
 d9443c01a7336-2363e973db1so3988985ad.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:08:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571735;
 x=1750176535; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=/nCALkXuQ5LD1toiMVuGOga+9phGrzMKhTyHcE3R5ZE=;
        b=DbWT6k+rze/HZZZvAE+JC9vugK3rF5qHie974CfFY0CL4qun+OSoYHLY2+cQBIlQbQ
         mInBPgtaYqeDqOOr4uG1SPx7gvSFCO4m2MlKNRUARLPLGp/06yG42J6rhU8m73FpwImn
         mGm6K4B6WmrLDVbaf/x9OPRkxLVeQMHBOUb03EmpHY3K38J3plYVXFc6iJq5Q+xaYuf1
         7xtNeb8av1QkssUHKsF2XWb9dxY2nRqzUfWlzlDkb3NepYocI3oRRPMQabUiQFVLUSQY
         xy4E4elfSYl4Ly1zhuPJBgWBP88ZEJEuWkL4CA484vO65BBkeyuT/X2fU3fQWTxPk501
         +a5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571735; x=1750176535;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=/nCALkXuQ5LD1toiMVuGOga+9phGrzMKhTyHcE3R5ZE=;
        b=wU21VbrD/srWFs6dacSYSMUXDYWChjkPu9D96JyHPpLTCRclWszz5yk+GSN2/1KOen
         tR73Kb8/xxmicE0AtiR/4eY6UdwRObU8P4Rkn2ts87jFFxPoVE2nPNDHDamTnUU5qsor
         kbH1auGtsmCv5+BEvOy4LPLfP3gBNfHUD94G/BagcHvkoRvPSTtpe4agIz89jKhW01n+
         qY3xWLXh4iz5KK9RJ9Ur7mLWs09U3e565Vcz+gQqgEN315UDX92UtQ+Wyu5qKJtN07o9
         yQ3Eq7wC4rHG0XQMRVcywyY/01pbqiVLWsRnnShYPw5teG+14WORyd/nJLJeWSA5dQgD
         +amw==
X-Gm-Message-State: AOJu0YyN39yjf11OfaKPaSB1gfwG94RhL2jaQBo+RHJ935aq/f62n6KO
	d+0mIxeubxfmprv+fgoRDJZd0ua8dWTQnIXlgEZb/ENdQY+r0cSJH+QrqjXYWdUz/3eQNIRgTL2
	c7rIl
X-Gm-Gg: ASbGnctAAKlHcmphUzSnCQTZiuttOv92qQYz4gtG2gccI9KboFAXWMFUpbnInTOe/P5
	HgoMH6cnp8MszCTo4YweiGKLENmonb9PtZFddrz4dOr+SijAn8SRPcGhNzt7BduY+PNmBVTWJ4U
	hQ8Gj9vFE50T0XJiCMq52Hv7EJWxafnTHffsiEpchYXpEhj2uRUas/uthOII+wQflprqGQF/Dub
	Szh/JJ33g32EgmVLa5MQAMZiGqProYPSJPKm52+2k+BJftKU0hIiiEDbV+JB2CO5qPMese7i4aV
	DQmpgi8s/dS+H4zBVJwT7KPueu/EaO2dKG5Q0SGLxfQnBOFhkbrDjQ==
X-Google-Smtp-Source: 
 AGHT+IFW65GRXyWBqWqFQeW9gl1Nz628w/l2a5vccHQlqS95Ey6UrCC5R69IurDJRj8lonaNoFAmgw==
X-Received: by 2002:a17:903:1a4e:b0:215:58be:3349 with SMTP id
 d9443c01a7336-23635bdaa89mr70707595ad.14.1749571734674;
        Tue, 10 Jun 2025 09:08:54 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.08.54
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:08:54 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 03/32] libsoup-2.4: fix CVE-2025-2784
Date: Tue, 10 Jun 2025 09:08:16 -0700
Message-ID: 
 <1d00d1aa58b15adefb9f6ef5e85517018377aa63.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:08:57 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218372

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-2784.patch   | 56 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  1 +
 2 files changed, 57 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch
new file mode 100644
index 0000000000..106f907168
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch
@@ -0,0 +1,56 @@
+From 2eacbd762332795e00692ddab2515c6da23198d3 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 12 May 2025 14:06:41 +0800
+Subject: [PATCH] sniffer: Add better coverage of skip_insignificant_space()
+
+CVE: CVE-2025-2784
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435/diffs?commit_id=242a10fbb12dbdc12d254bd8fc8669a0ac055304;
+ https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/442/diffs?commit_id=c415ad0b6771992e66c70edf373566c6e247089d]
+
+Test code is not added since it uses some functions not defined in
+version 2.74. These tests are not used now, so just ignore them.
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-content-sniffer.c |  9 +++----
+ 1 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
+index 5f2896e..9554636 100644
+--- a/libsoup/soup-content-sniffer.c
++++ b/libsoup/soup-content-sniffer.c
+@@ -612,8 +612,10 @@ sniff_text_or_binary (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+ }
+ 
+ static gboolean
+-skip_insignificant_space (const char *resource, int *pos, int resource_length)
++skip_insignificant_space (const char *resource, gsize *pos, gsize resource_length)
+ {
++	if (*pos >= resource_length)
++		return TRUE;
+ 	while ((resource[*pos] == '\x09') ||
+ 	       (resource[*pos] == '\x20') ||
+ 	       (resource[*pos] == '\x0A') ||
+@@ -632,7 +634,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+ {
+ 	const char *resource = (const char *)buffer->data;
+ 	int resource_length = MIN (512, buffer->length);
+-	int pos = 0;
++	gsize pos = 0;
+ 
+ 	if (resource_length < 3)
+ 		goto text_html;
+@@ -642,9 +644,6 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+ 		pos = 3;
+ 
+  look_for_tag:
+-	if (pos > resource_length)
+-		goto text_html;
+-
+ 	if (skip_insignificant_space (resource, &pos, resource_length))
+ 		goto text_html;
+
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index b42a8f9520..f66ea6105c 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -18,6 +18,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2024-52532-2.patch \
            file://CVE-2024-52532-3.patch \
            file://CVE-2025-32053.patch \
+           file://CVE-2025-2784.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:17 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64718
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E0D42C5B543
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:08:57 +0000 (UTC)
Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com
 [209.85.214.171])
 by mx.groups.io with SMTP id smtpd.web11.90687.1749571737091996933
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:08:57 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=d+be/xwX;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f171.google.com with SMTP id
 d9443c01a7336-235ef62066eso70544995ad.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:08:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571736;
 x=1750176536; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=1ln+utEX2UNEWOKr0xeBEzt5t+MiFm/DslC0aZBEhos=;
        b=d+be/xwXVuKK/9PCUS7abtIcSN9JA/4vxaemn5Xwvn8ZmQ7nzBMpAivQDAydaW2pvM
         ABiAvAuAgh/Eh15+7RYk1CLrrYemp9GRiiBI5kFVOuajKiAnSBANq86IUVnDQ3a5QFAE
         iUPP2BPZbIC3i/fKmMIpRlmjJp/58Psrp9pL8Zr860HGlXAdp7yj6oX60symh7Kfiw+O
         7TycZmTErWStyeQEebyUAn30xpczU61VXJsAbNEzjuRs2isP4IbnAgMxOw5tfHWowrgE
         ifGJlBZDSMDju2Ycw5LqlcDGfGGV2hd/5Qsf1wsOKd2EHglBxM/6P+aneb6Up9uuvhIU
         kScw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571736; x=1750176536;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=1ln+utEX2UNEWOKr0xeBEzt5t+MiFm/DslC0aZBEhos=;
        b=MLw9xIL6qUOxp3VZ7ZuhavGeQV9ApAQozJNapdQG0hTdFPbIFhVFKu/FzW1sM4T/kl
         SF9DUFT9oieepbzwW3xfazKq4n/nnEOTD3PsYzqv+AZqMEhpkbGjP9sdFD5K+VkvV9cy
         D3310TEgIPQEeOiBqOPQRkcJ2+qfvnYAg9zQ6mpqgQd5FyCSR711ieaS6f0vkNtQhpDM
         jTA3O28GpK5Sq2DwtTfSiXg4h0bVJ78h86wLQIgNz9Le+WK9Q9fN/pOPoayl6rm2MTt8
         cWHMXsJ58yDSXIoQTqMvlGvkNcCcDI31ntk2U/z0KFm4RawBkhPWyoLcu06eYLd5MuTo
         Tkcg==
X-Gm-Message-State: AOJu0Yw687w9Mvd/Xs4IB+cqplpLA8z0G2z+GbmP3vdpeK4tJIoWqpaT
	k4l4EPhlc7rFa5T2hdTiYzndN6dSHDdEn+kPGTPGDxkM/TBj1bZ2t+ajRIMe29iI745hHTAFbJM
	NyLhe
X-Gm-Gg: ASbGncvI7cDWrp/HYhuyV4xz/Y+ZyhD+yzJEmnuWG2DgCYhKedezEis8+uCEun+My3+
	7IlLNK/sz5elXbo1nHK8ztu2uWW9cP4qTZ75GFUotwgYqkxah4a+aANdsIHmhsWF2wUQxS04aSp
	TDmsUCszkYQyNO1x7syu/dMlsrHW9lWggRyqritcM9x1zCxUzqBjTn+OVTrAEZNtOYEDRrLXW5j
	NTXBXVWzDYwnQXH/0RJpFSAspQRYm32SFU/NINiC1BLw45Xl17sQ6I0wgPANtAclar3G0s+IX+y
	pBVOr23bzVZDds8Agov/fjJtgdhMyO7ioEoT4Ai2OINbrn9Hjsg2aQ==
X-Google-Smtp-Source: 
 AGHT+IH8fVBTVhy68HfX3AYwpHnLEqO6kuZJI2c/qOQ3N3f7HQNrYVQn8u6Lc8tYAO8HRaZdlnvvEw==
X-Received: by 2002:a17:903:2990:b0:234:ed31:fcae with SMTP id
 d9443c01a7336-23640cb7821mr6222525ad.22.1749571736169;
        Tue, 10 Jun 2025 09:08:56 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.08.55
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:08:55 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 04/32] libsoup-2.4: fix CVE-2024-52530
Date: Tue, 10 Jun 2025 09:08:17 -0700
Message-ID: 
 <5fb04759fcc5b74ea7c2c47fbd1971755a6acb55.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:08:57 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218373

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/377

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2024-52530.patch  | 150 ++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |   1 +
 2 files changed, 151 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch
new file mode 100644
index 0000000000..04713850e1
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch
@@ -0,0 +1,150 @@
+From 4a2bb98e03d79146c729dca52c8d6edc635218ff Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 8 Jul 2024 12:33:15 -0500
+Subject: [PATCH] headers: Strictly don't allow NUL bytes
+
+In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem.
+
+CVE: CVE-2024-52530
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/402/diffs?commit_id=04df03bc092ac20607f3e150936624d4f536e68b]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-headers.c      | 15 +++------
+ tests/header-parsing-test.c | 62 +++++++++++++++++--------------------
+ 2 files changed, 32 insertions(+), 45 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index eec28ad..e5d3c03 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -50,13 +50,14 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+ 	 * ignorable trailing whitespace.
+ 	 */
+ 
++	/* No '\0's are allowed */
++	if (memchr (str, '\0', len))
++		return FALSE;
++
+ 	/* Skip over the Request-Line / Status-Line */
+ 	headers_start = memchr (str, '\n', len);
+ 	if (!headers_start)
+ 		return FALSE;
+-	/* No '\0's in the Request-Line / Status-Line */
+-	if (memchr (str, '\0', headers_start - str))
+-		return FALSE;
+ 
+ 	/* We work on a copy of the headers, which we can write '\0's
+ 	 * into, so that we don't have to individually g_strndup and
+@@ -68,14 +69,6 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+ 	headers_copy[copy_len] = '\0';
+ 	value_end = headers_copy;
+ 
+-	/* There shouldn't be any '\0's in the headers already, but
+-	 * this is the web we're talking about.
+-	 */
+-	while ((p = memchr (headers_copy, '\0', copy_len))) {
+-		memmove (p, p + 1, copy_len - (p - headers_copy));
+-		copy_len--;
+-	}
+-
+ 	while (*(value_end + 1)) {
+ 		name = value_end + 1;
+ 		name_end = strchr (name, ':');
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index 752196e..c1d3b33 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -358,24 +358,6 @@ static struct RequestTest {
+ 	  }
+ 	},
+ 
+-	{ "NUL in header name", "760832",
+-	  "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
+-	  SOUP_STATUS_OK,
+-	  "GET", "/", SOUP_HTTP_1_1,
+-	  { { "Host", "example.com" },
+-	    { NULL }
+-	  }
+-	},
+-
+-	{ "NUL in header value", "760832",
+-	  "GET / HTTP/1.1\r\nHost: example\x00" "com\r\n", 35,
+-	  SOUP_STATUS_OK,
+-	  "GET", "/", SOUP_HTTP_1_1,
+-	  { { "Host", "examplecom" },
+-	    { NULL }
+-	  }
+-	},
+-
+ 	/************************/
+ 	/*** INVALID REQUESTS ***/
+ 	/************************/
+@@ -448,6 +430,21 @@ static struct RequestTest {
+ 	  SOUP_STATUS_EXPECTATION_FAILED,
+ 	  NULL, NULL, -1,
+ 	  { { NULL } }
++	},
++
++	// https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++	{ "NUL in header name", NULL,
++	  "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
++	  SOUP_STATUS_BAD_REQUEST,
++	  NULL, NULL, -1,
++	  { { NULL } }
++	},
++
++	{ "NUL in header value", NULL,
++	  "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++	  SOUP_STATUS_BAD_REQUEST,
++           NULL, NULL, -1,
++	  { { NULL } }
+ 	}
+ };
+ static const int num_reqtests = G_N_ELEMENTS (reqtests);
+@@ -620,22 +617,6 @@ static struct ResponseTest {
+ 	    { NULL } }
+ 	},
+ 
+-	{ "NUL in header name", "760832",
+-	  "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
+-	  SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+-	  { { "Foo", "bar" },
+-	    { NULL }
+-	  }
+-	},
+-
+-	{ "NUL in header value", "760832",
+-	  "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
+-	  SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+-	  { { "Foo", "bar" },
+-	    { NULL }
+-	  }
+-	},
+-
+ 	/********************************/
+ 	/*** VALID CONTINUE RESPONSES ***/
+ 	/********************************/
+@@ -768,6 +749,19 @@ static struct ResponseTest {
+ 	  { { NULL }
+ 	  }
+ 	},
++
++	// https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++	{ "NUL in header name", NULL,
++	  "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
++	  -1, 0, NULL,
++	  { { NULL } }
++	},
++
++	{ "NUL in header value", "760832",
++	  "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++	  -1, 0, NULL,
++	  { { NULL } }
++	},
+ };
+ static const int num_resptests = G_N_ELEMENTS (resptests);
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index f66ea6105c..64383e1221 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -19,6 +19,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2024-52532-3.patch \
            file://CVE-2025-32053.patch \
            file://CVE-2025-2784.patch \
+           file://CVE-2024-52530.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:18 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64720
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E5BF0C5B543
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:07 +0000 (UTC)
Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com
 [209.85.214.171])
 by mx.groups.io with SMTP id smtpd.web10.91274.1749571738634329906
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:08:58 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Fc7DE6Sy;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f171.google.com with SMTP id
 d9443c01a7336-2363616a1a6so10793665ad.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:08:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571738;
 x=1750176538; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=b/rYarmgzAhpTwZjSqYBiwxG8Y3fIzqEw0n1zaN4lUw=;
        b=Fc7DE6Syj4/kvBKjyXbNqSHtBoqU1dgIlloOh58/mhk7oZ5GlnDZOWyoIcvvMKO/O3
         pyPnA5PhrUpSpZSvEy0ppdvUnJv7cL5u4G+3S6kgqwAeuUHN1FA450KO65G3XfDUA+Pf
         1VKnvFGypyGVpQY75LOOI7P/kw47z5uwRyK7BuOxXL4wSYxV6fV5W/tckd5txN9eGdvl
         6Ts5EnlyQGS43HLVJG+0ZGsLeCn7P8RfRlItjiPAlh6tPa50laizQ3bSHRws7QoI5pKn
         +ocwF0gdKpc0p8kFQk+yFXeprMs5rbwDClPN/3UK54Vnobb7b12Q990RwF+UIGcJ1R+e
         0VcQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571738; x=1750176538;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=b/rYarmgzAhpTwZjSqYBiwxG8Y3fIzqEw0n1zaN4lUw=;
        b=hdkN88+jYmqL8h4FJfWd/5P7v+J0nGWia739abCpT/dFMNd1aHZ6K4RtGPV2l5CjIf
         V0IHk55hPl3DA5wUUaOGID7JEKcrI2wAdWrdM/f/9aW7ouj0YYOVSM9X1tBHtIYVIero
         gZ13yuNylI2kXZAz6n/prkAafkQCwOrwzwh0z6N/9UVt0Df8AmILRrKiz6Slhg1gSBvW
         DePvJ12A8BYIk9Sa1E7qbPxDf0yTr96tnZlLzrm0Li5B6LKNZivIexboHN8nMnzNjMCA
         6JvIQSiuilMtkxMKFUPk/2XK3x285nCszE0336KJ4QAIhqpEhDqvhuxmOF8h4gIo38pS
         fxWQ==
X-Gm-Message-State: AOJu0Yw6TJggotN0SQFb0zSoVbGw/imLYqge78SGF2j/2hDZSCOwzCKI
	U99E4ePxHMG6FE9BUj42uCWVkGu3OCT4yQmNR8fYO28a9OGQsV0DKq5jYGYbSOXcJstSn55PqX9
	O8lHG
X-Gm-Gg: ASbGnctFKklfbPIzKNWoNdOJ6WHHsXfeCPdN828vP0hyOdoa8yTVwmaZKjMVduGdb1d
	TsgYORB/rOarVGEbQ4y4u/Ds+AMpVRKOuRmSAvDuRj4MTevebUkR64Ok6QOz4tFox4dGbfSixBe
	rwG+mRvC8rkzZiL2U3kjgkcKu+STAKdhxERPLZOf1WZiWTp4u7ym4q7O450wTU8t0b7WKNEXKfm
	z09QBpQnLvNmBC2Vd7ZHBzHiqcA1SNbwIsayU8DkPNvYB1HwZXzQUKlm6YUpjQ/o93PzhruTPBh
	TF8gL4n3ZHDj3/L9Eyqb85LyXCeWUlQsUZnU21NAcD7ajQT4kjjySg==
X-Google-Smtp-Source: 
 AGHT+IFWLyj/ahvleF+DuYHKEIOD6nEOkyrkCS7REW2/76XcZgyWj31oiq6e0q47C8ES87L9zGXGeQ==
X-Received: by 2002:a17:902:ced1:b0:224:23ab:b88b with SMTP id
 d9443c01a7336-23601cf68e4mr219722375ad.8.1749571737745;
        Tue, 10 Jun 2025 09:08:57 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.08.57
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:08:57 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 05/32] libsoup-2.4: fix CVE-2025-32906
Date: Tue, 10 Jun 2025 09:08:18 -0700
Message-ID: 
 <8bd48ff06234b7dc387e0c578c61429359894edd.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:07 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218374

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/404

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-32906.patch  | 71 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  1 +
 2 files changed, 72 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906.patch
new file mode 100644
index 0000000000..c33ebf8056
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906.patch
@@ -0,0 +1,71 @@
+From 4b8809cca4bbcbf9514314d86227f985362258b0 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 12 Feb 2025 11:30:02 -0600
+Subject: [PATCH] headers: Handle parsing only newlines
+
+Closes #404
+Closes #407
+
+CVE: CVE-2025-32906
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-headers.c      |  4 ++--
+ tests/header-parsing-test.c | 11 +++++++++++
+ 2 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index e5d3c03..87bb3dc 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -185,7 +185,7 @@ soup_headers_parse_request (const char          *str,
+ 	/* RFC 2616 4.1 "servers SHOULD ignore any empty line(s)
+ 	 * received where a Request-Line is expected."
+ 	 */
+-	while ((*str == '\r' || *str == '\n') && len > 0) {
++	while (len > 0 && (*str == '\r' || *str == '\n')) {
+ 		str++;
+ 		len--;
+ 	}
+@@ -369,7 +369,7 @@ soup_headers_parse_response (const char          *str,
+ 	 * after a response, which we then see prepended to the next
+ 	 * response on that connection.
+ 	 */
+-	while ((*str == '\r' || *str == '\n') && len > 0) {
++	while (len > 0 && (*str == '\r' || *str == '\n')) {
+ 		str++;
+ 		len--;
+ 	}
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index c1d3b33..b811115 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -6,6 +6,10 @@ typedef struct {
+ 	const char *name, *value;
+ } Header;
+ 
++static char only_newlines[] = {
++        '\n', '\n', '\n', '\n'
++};
++
+ static struct RequestTest {
+ 	const char *description;
+ 	const char *bugref;
+@@ -445,6 +449,13 @@ static struct RequestTest {
+ 	  SOUP_STATUS_BAD_REQUEST,
+            NULL, NULL, -1,
+ 	  { { NULL } }
++	},
++
++	{ "Only newlines", NULL,
++	  only_newlines, sizeof (only_newlines),
++	  SOUP_STATUS_BAD_REQUEST,
++           NULL, NULL, -1,
++	  { { NULL } }
+ 	}
+ };
+ static const int num_reqtests = G_N_ELEMENTS (reqtests);
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 64383e1221..79ffa19c20 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -20,6 +20,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32053.patch \
            file://CVE-2025-2784.patch \
            file://CVE-2024-52530.patch \
+           file://CVE-2025-32906.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:19 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64723
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 17741C71134
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:08 +0000 (UTC)
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com
 [209.85.214.175])
 by mx.groups.io with SMTP id smtpd.web10.91277.1749571740476786512
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:00 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=zY1dJPy7;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f175.google.com with SMTP id
 d9443c01a7336-23636167afeso12668645ad.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571740;
 x=1750176540; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=K0gWXw5a4WG+2PfgGlYw8nxvbB7aV0dJZKycEaN+V/0=;
        b=zY1dJPy7ACnKuyIpUraOsbSNCw6HDw80IbXNBxG29QaDzL7JBF70oM/OeLym7LDzXj
         PIS4tb4zkPIUOfbY2p6E9ewoULQlECnzuRMGXrrmPzQWvkR3/IjkzK9xqR69XqhkjVPV
         J0p9tuuqzPIjezbYv8IU1Kdbxhf6FBOujrHC4pMf8DtSaJOtNpzoN1lvdCS4OZqVgyFF
         9gpdbmWyQvZPq54ULVLFbfGH/7Z+P2qlXB9S7lq7/tKONIKI9NC+78rILcKBq1yVLxUG
         lm/dW/6Sxk1NGi+WEZ9AYua4XJfG4DKv6jduAWpRCeZ/MvLkm+z+FqICUMasPetNWaoc
         BdWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571740; x=1750176540;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=K0gWXw5a4WG+2PfgGlYw8nxvbB7aV0dJZKycEaN+V/0=;
        b=t079vx4dn39OvFYZoMfOgW0P828BDfee6YIQ+7lgXXVFcf7QOdrfoMw0ZIWKwbmZjb
         NnV28i6n6YUJOwaY/kc0oIcMLIWiB/A3lCOIqMLaDlgTqWDzA88g04NviK5c7goB79dl
         aTNfqXV1jIN/MKeRWWmKq3UGBqQJ/BWarRYApACddQ20+/v3w3+HEKurq4wcCnzEOlcU
         e6Ticpnzpt+jS1YNGkkqjj3Fs42m50zuggGFDmUP3y8Z1Bw4LDup2izeRWIr4oyiwm1w
         qXVX/RsAiIJO0vuct7yjIbM/AP/GZs9hMOYKTwNtKYzsLfKJUx03nh6Y0Bk3R3ExETPx
         /7sQ==
X-Gm-Message-State: AOJu0YzclPFWf+DxVKFOuyg4W657tR2cdvMS/MNoPpflCgHUkEgHYvLt
	+GuALhTE+l4b1/Eb+mOzy6zmM+8/8czgwXZ71y30SBMG/kHDMaiZMiN6xG6+uyvxRdOtiUVnzh0
	wb9HG
X-Gm-Gg: ASbGncsmEp6ISSFOCMG9AwTPIs6629EVdZcLerw6Ol4rjzqQjVA8LH448NGBKOhKvc3
	bicf6BS3/zs3o5sEY4jaQpU3iyyz7Cb++syBDEH1MXTwCvoJx+WkAhkLuoaFtufGtjtH22tz8lg
	uaCP5BbIZPbhv1OZarakIAswaRorrVrf9xXAfinZRXJtCP5KIHxALPanmzhDDGESkU+6/S1LANr
	3Pxu/kYr/eyMfncTDx1hY30BCYFqe/qMgfor4yWsJwzeLXV5XmVc1QEqBnW8dSl3dMryzof/9+n
	c8YBKDvZOrftLSH/KZVk5HNixSIlnKCAm+JS/EE2qfkdTBi2W+8I9g==
X-Google-Smtp-Source: 
 AGHT+IGKtC5ScNmaYC5IrxOXNUPJje0chL34KQ3u/UGLAwekN0mg0ICxaNI+zBZfUBxKT4uLF7S/PQ==
X-Received: by 2002:a17:903:1b4e:b0:235:779:edf0 with SMTP id
 d9443c01a7336-23601dec500mr251817345ad.50.1749571739655;
        Tue, 10 Jun 2025 09:08:59 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.08.58
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:08:59 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 06/32] libsoup-2.4: fix CVE-2025-32914
Date: Tue, 10 Jun 2025 09:08:19 -0700
Message-ID: 
 <1b3ed35fe9afa00987f64415a43ae9ed4f53e7f3.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:08 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218375

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/450

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-32914.patch  | 35 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32914.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32914.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32914.patch
new file mode 100644
index 0000000000..9f3bb21a25
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32914.patch
@@ -0,0 +1,35 @@
+From ac844b9fc7945c38ea21fb7cf1a49a5c226d7c9c Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 12 May 2025 16:17:20 +0800
+Subject: [PATCH] Resolve "(CVE-2025-32914) (#YWH-PGM9867-23) OOB Read on
+ libsoup through function "soup_multipart_new_from_message" in
+ soup-multipart.c leads to crash or exit of process"
+
+CVE: CVE-2025-32914
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/450/diffs?commit_id=5bfcf8157597f2d327050114fb37ff600004dbcf]
+
+Test code are not added since some functions not aligned with version
+2.74.3
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-multipart.c |  2 +-
+ 1 files changed, 1 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
+index a7e550f..dd93973 100644
+--- a/libsoup/soup-multipart.c
++++ b/libsoup/soup-multipart.c
+@@ -181,7 +181,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers,
+ 			return NULL;
+ 		}
+ 
+-		split = strstr (start, "\r\n\r\n");
++		split = g_strstr_len (start, body_end - start, "\r\n\r\n");
+ 		if (!split || split > end) {
+ 			soup_multipart_free (multipart);
+ 			soup_buffer_free (flattened);
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 79ffa19c20..7c1de29fd5 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -21,6 +21,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-2784.patch \
            file://CVE-2024-52530.patch \
            file://CVE-2025-32906.patch \
+           file://CVE-2025-32914.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:20 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64725
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1D94AC71131
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:08 +0000 (UTC)
Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com
 [209.85.214.169])
 by mx.groups.io with SMTP id smtpd.web10.91279.1749571742313299240
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:02 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=LC6/srmi;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.169,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f169.google.com with SMTP id
 d9443c01a7336-234c5b57557so52714525ad.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571741;
 x=1750176541; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=QiZYgiZBxvmwUbYYp5vbdrvfqGiKvuY9uTCVRje79xw=;
        b=LC6/srmieju055rvgupKxPw+cZ41A2KjR53ByuZbeBGUj8Lre1A2Xa5R2SKBdQCWMN
         5bYosnKUqrIFDHYnZQ4/7KdDP5xoFMx0QgYpAHi0lx5Kh2kXaF9fctp8qygJPoR7HdY9
         ywGLf85b9NU8+ankhd2NBKqrgdU6sLhhpFy/SvQ5EiykhktiuhMSVkYsmkZmsozgnDMj
         6nmA65crwYzx2Xj6aFrN0SCte3THIHGoXpINfw4pjR0iXE8Ov1Bu6dTQrSHNpk/IudDM
         UvV2VPeuXnkZ2r0527qCihFeULi9yAKRfD13SDiFpA6XhTm2+kFRud9Mz/qIpiQXvDz5
         gr9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571741; x=1750176541;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=QiZYgiZBxvmwUbYYp5vbdrvfqGiKvuY9uTCVRje79xw=;
        b=jjQGFX33wfOb7FEuOvp6MedYVfvCdhoNOusN50j71pJ1i5B1y487UnzeifdVgyydiV
         cF1rb6aCln/NsHfbJJ6i5pfNfRIwkgjmwrFf8eQwd5aTglmFaURqqB/ZWZhgp8OEkT4x
         wO8vAa95JL3+okP8XvIpdLm9YD0Kps0RSnrUZYwzkLfUCitvH0zWsFW0RXe90J7T/xVs
         5r6u6q0oNyLBc9TZwydOMgsXG+5bFPRGy5E/SPIC9BTGIgNl9sUHkfcPm3ZJapfcfopa
         SatVI/rvnAeY+Qm4dA9MuLTybvQ1kGedFyqK3QkmQ2Gmz+9fmNGWzWPujUpo4M8vf9PO
         cfxQ==
X-Gm-Message-State: AOJu0YwEo2YkYZ5i59UqmVHb8WhUXtJTV1B2UTgw7SNqi4X/EfoyGMRF
	ydn1+iIdbGr+bh9kMDSELVlbl/1fVANU6ZPiwDirs5DAll0gU7LjAGizcbb8jB7ryP87OiQhqzb
	qQIHT
X-Gm-Gg: ASbGncv+SCHWz3zgQfxZJtjyDLL2Z6CZDZxSkiD8Ue06OfTFsHIpJnvb6M+y/IdtvaB
	SBSgnM9E9bUMi1XTujcYkNM38LlYhnHPJ5y+TRdrQprw6stFsFfola6kKE/4CYpjXpp7yCwfkjY
	zDew+d53b648GinDuMzetea9zupttYhxYi/QFrGA65ULSTtVJ0MFu8DBRuZzBzUzaGSrbTYAvSt
	bSj8tu24X4e0W/YsvBEeTtCbuXj9limU5Nh9eKh8WdfTU/PI2dnrLfHZ+VtK9ALlyCvkjdPUouH
	TwbgfFTIbPxS3U/xqnWGC03xttqrGDk9Q7do6/f2XTYhaYgEtcYzrw==
X-Google-Smtp-Source: 
 AGHT+IFSOB4HdQSe9+tgm4B0V2qyT53YS+WpJ6PpU4jEjLq71V4BPlDMucdZSMne7CIZ2kOclojM8w==
X-Received: by 2002:a17:902:ce0f:b0:235:2403:77c7 with SMTP id
 d9443c01a7336-23601d81928mr263746515ad.37.1749571741450;
        Tue, 10 Jun 2025 09:09:01 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.00
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:01 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 07/32] libsoup-2.4: fix CVE-2025-46420
Date: Tue, 10 Jun 2025 09:08:20 -0700
Message-ID: 
 <131a975cac59061f1b3013ce626a93160bf8d2be.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:08 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218376

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/438

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-46420.patch  | 61 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  1 +
 2 files changed, 62 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46420.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46420.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46420.patch
new file mode 100644
index 0000000000..c970661694
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46420.patch
@@ -0,0 +1,61 @@
+From 81e03c538d6a102406114567f4f1c468033ce2e4 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Thu, 26 Dec 2024 18:31:42 -0600
+Subject: [PATCH] soup_header_parse_quality_list: Fix leak
+
+When iterating over the parsed list we now steal the allocated strings that we want and then free_full the list which may contain remaining strings.
+
+CVE: CVE-2025-46420
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/421/diffs?commit_id=c9083869ec2a3037e6df4bd86b45c419ba295f8e]
+
+ Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-headers.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 87bb3dc..9707ca0 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -528,7 +528,7 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+ 	GSList *unsorted;
+ 	QualityItem *array;
+ 	GSList *sorted, *iter;
+-	char *item, *semi;
++	char *semi;
+ 	const char *param, *equal, *value;
+ 	double qval;
+ 	int n;
+@@ -541,9 +541,8 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+ 	unsorted = soup_header_parse_list (header);
+ 	array = g_new0 (QualityItem, g_slist_length (unsorted));
+ 	for (iter = unsorted, n = 0; iter; iter = iter->next) {
+-		item = iter->data;
+ 		qval = 1.0;
+-		for (semi = strchr (item, ';'); semi; semi = strchr (semi + 1, ';')) {
++		for (semi = strchr (iter->data, ';'); semi; semi = strchr (semi + 1, ';')) {
+ 			param = skip_lws (semi + 1);
+ 			if (*param != 'q')
+ 				continue;
+@@ -575,15 +574,15 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable)
+ 		if (qval == 0.0) {
+ 			if (unacceptable) {
+ 				*unacceptable = g_slist_prepend (*unacceptable,
+-								 item);
++								 g_steal_pointer (&iter->data));
+ 			}
+ 		} else {
+-			array[n].item = item;
++			array[n].item = g_steal_pointer (&iter->data);
+ 			array[n].qval = qval;
+ 			n++;
+ 		}
+ 	}
+-	g_slist_free (unsorted);
++	g_slist_free_full (unsorted, g_free);
+ 
+ 	qsort (array, n, sizeof (QualityItem), sort_by_qval);
+ 	sorted = NULL;
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 7c1de29fd5..1ef9303fb8 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -22,6 +22,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2024-52530.patch \
            file://CVE-2025-32906.patch \
            file://CVE-2025-32914.patch \
+           file://CVE-2025-46420.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:21 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64721
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E5C3AC677C4
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:07 +0000 (UTC)
Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com
 [209.85.214.173])
 by mx.groups.io with SMTP id smtpd.web10.91281.1749571743773958446
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:03 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=ZEr8WNqC;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f173.google.com with SMTP id
 d9443c01a7336-23602481460so37373515ad.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571743;
 x=1750176543; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ehUE4zES2H6KeY1due9kFl6WzJI4aaiift041WdG4j8=;
        b=ZEr8WNqCoLPiQfJdqUueq8ndhtI040vSYPnlJOehILRROMIkUjD1mCXnynhyat9OXW
         6gKv99otIyHxaxoyQf/I2x4pWCfDmC6uZ/D/eTlpOgoDysPVzC1pkMWKwrImlax7cYWT
         4k1u87LiMuKYTVXzlPXc35d9Ng2ru2l6eyPKmHRhzRt5Z2V2yXxzR25aAVr0ac5OFm/0
         8DGzQDnAij/9+hUuzsHxyymWPj0pRIGMeqAdeO3qKVKLmhZEavPZQE7rR3Icw0NfzPi8
         YZBf5xo9y0xeidHgE4oWSK1WRzsbdE0cNxgJ+NQZFgaLgXhX2nWroedmr+4bMksJl91N
         HgqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571743; x=1750176543;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ehUE4zES2H6KeY1due9kFl6WzJI4aaiift041WdG4j8=;
        b=GEiGoHULC8s8XKjZ+e/Qme49itSnNpNeDNfo2Lb6vd5BxAXeLCfLQvbZl3Rs4Ie+VY
         BHAay15gfHf6IJbjoHD3FQkwl6j7GCDoDr/LQH9yZAscPQZb60eWidW6egmCgnegzfOT
         +dHpLIAFvZeKtfUKe17q33e141S9CzLIWtlB7cFyqvsQZTI+7EjkucixEP+RVERwST//
         Sh1Slpyj6dH2uGIfYZgL3BxuTPKtkMy5NJWle3xni7Sb0B7CFDevWCE0C9AkFp2h6Xcx
         11EfLF9g4J6T7Bsw/d6dtQ7jpLM9S4omaIKvE5ynqDSgifoUXkpIVZQJJ6sQ0RyesZ1o
         35Bw==
X-Gm-Message-State: AOJu0Yz+vOWboY+8d/yUQUcWkZoDZ86aDGfzWZTC75IA3D0tnrdoGusM
	Yrov4W5pPDCIVvW/VCKtpS5xwev3ioJ5B0WML/5pZjTkdS2xEWyq6ZpiNuhtxlz72KfbsQmZuIt
	/UyrG
X-Gm-Gg: ASbGncuB4XWTWbf8NRM1XY9SWxwnsBJKcsxgHz0btifSDfcJXFZYrFxhI1qUvN2x0xY
	v0ccsIHU/QHqHy8TcKbCHo6Bfk/YEN5c2LmL8T4ifaUlnei1dasIrdSwA2yuanwK2SpPP/bmv+/
	yKZAgbbE9kjxkdV5EzebRD4dU4qahUvOsQWmSRBA6LSRplBd1nQ0Irm/VA5PIdQmTM4mSZX8gCJ
	TS4HvLWjp63Rs3US2Png2uO5mJT48p8u1qmRPodDFCwTgemapjGdsb7idXzLc0f0GdvKeZm7BUm
	MOjrlrW7DImBvgLlUrevkkIRHa4LgRhgZzw8/ZVeTLDz/eYA8RhpiA==
X-Google-Smtp-Source: 
 AGHT+IHqcAvCZ9Uk/2wUim6qVrE3YfmxUcAJ2DrD1SOsP4IQ8bnrDpUUOdWO+8TdnrBybE3F9mZM1w==
X-Received: by 2002:a17:902:fac5:b0:234:9052:2be6 with SMTP id
 d9443c01a7336-23640cf082fmr4487045ad.41.1749571742960;
        Tue, 10 Jun 2025 09:09:02 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.02
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:02 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 08/32] libsoup-2.4: fix CVE-2025-46421
Date: Tue, 10 Jun 2025 09:08:21 -0700
Message-ID: 
 <1012345aa97804da17867e7569a19259f37c2e25.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:07 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218377

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/439

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-46421.patch  | 47 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46421.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46421.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46421.patch
new file mode 100644
index 0000000000..3318093400
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-46421.patch
@@ -0,0 +1,47 @@
+From 5eb225f02bb35de56cfeedd87bde716bf1cb750b Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Wed, 5 Feb 2025 16:18:10 -0600
+Subject: [PATCH] session: Strip authentication credentails on
+ cross-origin redirect
+
+This should match the behavior of Firefox and Safari but not of Chromium.
+
+CVE: CVE-2025-46421
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/436/diffs?commit_id=3e5c26415811f19e7737238bb23305ffaf96f66b]
+
+Test code not added since it included some headers not in version 2.74.3
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-session.c |  8 ++++-
+ 2 files changed, 85 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c
+index 83421ef..8d6ac61 100644
+--- a/libsoup/soup-session.c
++++ b/libsoup/soup-session.c
+@@ -1189,12 +1189,18 @@ soup_session_redirect_message (SoupSession *session, SoupMessage *msg)
+ 						   SOUP_ENCODING_NONE);
+ 	}
+ 
++	/* Strip all credentials on cross-origin redirect. */
++	if (!soup_uri_host_equal (soup_message_get_uri (msg), new_uri)) {
++		soup_message_headers_remove (msg->request_headers, "Authorization");
++		soup_message_set_auth (msg, NULL);
++	}
++
+ 	soup_message_set_uri (msg, new_uri);
+ 	soup_uri_free (new_uri);
+ 
+ 	soup_session_requeue_message (session, msg);
+ 	return TRUE;
+-}
++}
+ 
+ static void
+ redirect_handler (SoupMessage *msg, gpointer user_data)
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 1ef9303fb8..3b460852f3 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -23,6 +23,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32906.patch \
            file://CVE-2025-32914.patch \
            file://CVE-2025-46420.patch \
+           file://CVE-2025-46421.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:22 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64724
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F30E3C5B552
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:07 +0000 (UTC)
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com
 [209.85.214.182])
 by mx.groups.io with SMTP id smtpd.web10.91283.1749571745186831764
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:05 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=vL2TVUgr;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f182.google.com with SMTP id
 d9443c01a7336-2350fc2591dso46557605ad.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571744;
 x=1750176544; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=pcGQiQH+J5SFjte67z7JugQlHPNk2LsujYWOA54ELVE=;
        b=vL2TVUgr0TxakoVn+3M1db4/8JIJ6eYIuCa5AOCAM1KNyWNiHmAXWAWUHS+rHYl7qL
         eFHjbtTvpeBfIl1r8vCv3lUodRKFOCLv3JmIIOXyxAFgeG1XRFesv/pHuXPCnITNbOdR
         y7ulLmts/9G+GBaDYCkWMYSaPTqC4r+2F78/OAAWeptcSdD313xlGhvZGUaNazRtIEXe
         q3xRww8nmM5ny0cEi3BUOJ6xy2brJaaA2j833r/yyPhb55uH+xWo+Vq//4xTYic+fh2z
         FodjkdLZ9L8J4RUkSCrc2lcD5/3BgMBiWh/R1piOxOHkOm1/UKq5WvyGEgdhv6O4nuWD
         EtTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571744; x=1750176544;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=pcGQiQH+J5SFjte67z7JugQlHPNk2LsujYWOA54ELVE=;
        b=lW8inNQ1T1JczSHkoAn50ifManVa5PVXOr4qAjatcveMqo4DBThf6J4CwY2IWS9EWt
         lZpfUZYkNSUe4WIWI8mGoVdeLFvwg23dDr3LlqKOgb+ILw+aq25YJ2IYpd7jYxtGYcRl
         UUYtsuwNQ89n7pwRFnhqMmgIXIJDoWpgOezOOb8muVfa57klQ6Db/MwZlEgE9rpNPRCU
         eZL21TZ9vbMhGQOePjTeiMN2PaP5yXExIF7+HP3F2DtPouE1i1Mkuw7c3Ef4LIMB0sH0
         vn4xDnXFy0italBUD6blCOQiF+bnsZXVDaALT6SlcT2Xy2ILjymaPny273Ih+rIAyWwN
         6vCQ==
X-Gm-Message-State: AOJu0YxFJga6iO4KDG9rFP/XanPYIBoe0RVXhhehL8PpkrRc1UO7Wvp7
	kosxRnaqyR033AXqyJEhKy02PvK7jAxzMlPKYvvNJZ3kIDm6E7Mwihh7so00p/yHZZd9FGSchRQ
	rg2Lc
X-Gm-Gg: ASbGnctDUxGI/TV2JPkfQ1RHIq80s8naXWQ6HuU4XXMGl2GcdQwo8zouNh/HhQvEr37
	b8cVdjqz4B9X2z0VqDZJAYHsIfz/tfTlHu7Zop/sIhTsI35RI2s7G8xDlPcqPkuMjWSI4FALcxv
	49waL6frb6W1pXyD8cUUYtMFn0Qiwsbru3UBLYpFRBkhV5Tu2S0KJGT9zRc9p2i7foG8SocQqMD
	zLNLgpmzSFEAuAuncaMlwJMdLDV2zEs4/2BgIoaP3VHrwMoUUNdsYpm8LXfxQLmpaScc8/jeZg1
	W/OuiW+sOjmuXwGqKsmZFLt4HysWcEGbvge0MLAF89h5MBqTIevFwg==
X-Google-Smtp-Source: 
 AGHT+IFCREXFuurhww1njh7gQ7mqcot0JomUUm1FRHzQ4su7WdDvhlVKXdW5Xp9WjbcyvNFqi6kFAw==
X-Received: by 2002:a17:902:c949:b0:234:1e11:95a3 with SMTP id
 d9443c01a7336-23635c5af8dmr63015365ad.13.1749571744317;
        Tue, 10 Jun 2025 09:09:04 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.03
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:04 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 09/32] libsoup-2.4: fix CVE-2025-32050
Date: Tue, 10 Jun 2025 09:08:22 -0700
Message-ID: 
 <8de43e4c2d202a0bbb242cbc0dc096d07b78f0c1.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:07 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218378

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/424

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-32050.patch  | 29 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch
new file mode 100644
index 0000000000..c032846ef0
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch
@@ -0,0 +1,29 @@
+From 5709dfffb6fdc5b66ce001bf82a755ad8ad1d992 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 28 Oct 2024 12:29:48 -0500
+Subject: [PATCH] Fix using int instead of size_t for strcspn return
+
+CVE: CVE-2025-32050
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-headers.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 9707ca0..67905b2 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -902,7 +902,7 @@ append_param_quoted (GString    *string,
+ 		     const char *name,
+ 		     const char *value)
+ {
+-	int len;
++	gsize len;
+ 
+ 	g_string_append (string, name);
+ 	g_string_append (string, "=\"");
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 3b460852f3..4ddcd1734d 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -24,6 +24,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32914.patch \
            file://CVE-2025-46420.patch \
            file://CVE-2025-46421.patch \
+           file://CVE-2025-32050.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:23 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64722
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0B7AAC71130
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:08 +0000 (UTC)
Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com
 [209.85.214.179])
 by mx.groups.io with SMTP id smtpd.web11.90690.1749571746885517210
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:06 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=UpoW815V;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f179.google.com with SMTP id
 d9443c01a7336-234d366e5f2so64113085ad.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571746;
 x=1750176546; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ZhGpOEANpZY7FaxtTRGhC2TJyjo5+qLnETjwYG9Sxu4=;
        b=UpoW815VZgCNbnrgLByGZo0hNQqRz0/Pus446tdrFF7/AoPyaKfcPw+j0uMmNf+il6
         3fAcuvTihkrHZOYFFAQJNx13ukI2Ze5+w+mlfNWwFKAeJ7iQEWY0FR8YhI7jdQritkzJ
         YbgvgL1htyHw1t34pXL2N8loeke0CeBO7m4BvHqILvszZEMRaWeXYBZI53WZP2JtadeI
         Ctf5efBb3n6cXWQI/xiwN3GZTULoUzsVq6kTmXl/5d1jca7OJzl7vnkT9Z9N8USHkG+A
         6PjQhtZX/j4dFxpZKEvgubnohmKqcKhFRNHYQ3hzsz5+LWW42qslonY7R+GIxhsAfjLd
         cZhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571746; x=1750176546;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ZhGpOEANpZY7FaxtTRGhC2TJyjo5+qLnETjwYG9Sxu4=;
        b=SxtIIsW1SRWfj3r3lgjCclAVAIf7KymgjEz8VeKlBc2YCndYhq7phf2JbhG6Osenu5
         VRleIjat7O30Y/C0i+JDFkbwSNfOeygko3jciV7/lZsopoMK3YXcTF69cWELC1f0us0A
         3UjO8bXkpLbvIKwxp03Ahqq7DCjZK09DP6v3efncrQEn+yAWYr9V5PRSfJ1MkojQuyyw
         Z2pjPMAWgSMNJecJs2iqutqvIl7eIAheekHTCbQ0Cv9F9Ko3EcRbggZhmKOGaFFdfQQ1
         0JSQPyjyhEs9t8P/PboKMIrwThPBsvVQ55rUt0wF4H3MFl7OGNyNUjws5D758ISFPNzo
         rNVA==
X-Gm-Message-State: AOJu0YwtUBbqZumGsg8PfY/VpuRm493SdzT+/Q9eAZxXErTubY2a3/Rs
	65BuTA8J4U+2uf7UiLjgVl6JTQbN/jfrTCQEzxUaXRLvbH63mK8RdmoIThBg55IMsU08iSyHijr
	zLBqn
X-Gm-Gg: ASbGnctYGOTDMi5QXhM67NwcmCUiAqu+CU9u8yZu0RqN1shpOqIZSlXxbmIBejej4lD
	c7QtC4tkIfTKJ4PwrlY1mvTD4WFykX3cUZRpk6hXtCeM6iPtxf0/kW1wzmqfnK63vjIAaUVSB1l
	KgjNyfTg4RoftUHlh0V5EgUDAmYytxh59IhfZFQ032BK0O9t8jEINmp5CqVOvpNVdz+b6zvn1rI
	4ddA+TEA7n2D1ssV0vlgx9xDdMZoqEnfkUD7myB7L0Ndk1CAgej6HZibrqkJ8d9tAXBbTWjyDhZ
	KN28JjuS1NMS4Ne8PFeJSWcJjQapNbaNXip6bGoEzLjC4F7Vj0/gfA==
X-Google-Smtp-Source: 
 AGHT+IEq83qteaTIq0RlXG8JI7BPUmbQ0uXoKweQagFWgkXl66ERW3XcreQmY0gzL50BfrxrlEdYnA==
X-Received: by 2002:a17:902:dace:b0:234:8ec1:4aea with SMTP id
 d9443c01a7336-23601deb4bemr251013855ad.52.1749571746105;
        Tue, 10 Jun 2025 09:09:06 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.05
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:05 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 10/32] libsoup-2.4: fix CVE-2025-32052
Date: Tue, 10 Jun 2025 09:08:23 -0700
Message-ID: 
 <ea01c691da88233ae8c767b59b9a7196351489fc.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:08 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218379

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/425

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-32052.patch  | 32 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch
new file mode 100644
index 0000000000..34bc8113a4
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch
@@ -0,0 +1,32 @@
+From f4a67a9a3033586edaee715d40d5992e02d32893 Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Sat, 16 Nov 2024 12:07:30 -0600
+Subject: [PATCH] Fix heap buffer overflow in soup_content_sniffer_sniff
+
+Co-Author: Ar Jun <pkillarjun@protonmail.com>
+
+CVE: CVE-2025-32052
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652#500da7cfde649872c49169be34b03a1c42a53ddb]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-content-sniffer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
+index 9554636..eac9e7b 100644
+--- a/libsoup/soup-content-sniffer.c
++++ b/libsoup/soup-content-sniffer.c
+@@ -504,7 +504,7 @@ sniff_unknown (SoupContentSniffer *sniffer, SoupBuffer *buffer,
+ 			guint index_pattern = 0;
+ 			gboolean skip_row = FALSE;
+ 
+-			while ((index_stream < resource_length) &&
++			while ((index_stream < resource_length - 1) &&
+ 			       (index_pattern <= type_row->pattern_length)) {
+ 				/* Skip insignificant white space ("WS" in the spec) */
+ 				if (type_row->pattern[index_pattern] == ' ') {
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 4ddcd1734d..01ca9f8966 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -25,6 +25,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-46420.patch \
            file://CVE-2025-46421.patch \
            file://CVE-2025-32050.patch \
+           file://CVE-2025-32052.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:24 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64726
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 15DE5C5B543
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:18 +0000 (UTC)
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com
 [209.85.214.175])
 by mx.groups.io with SMTP id smtpd.web11.90692.1749571748452841414
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:08 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=G++2tPFC;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f175.google.com with SMTP id
 d9443c01a7336-235e1d710d8so69455855ad.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571748;
 x=1750176548; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=4J/cpgv3Sf7hviWIGB3BwFK15nn6RlGtLGg3SXJRrVU=;
        b=G++2tPFCfKL821M+zqgNe8yZWqUTPuY/hbduM6FWTYiLzun5aJ86heqLSmo+RCltwN
         xQNRU9AoW0TrXAdsJp5jtHHCvuy9KICYL/bLvKOHtd9jiHDuyxeO19GvO66kiZdLjBES
         mnpinhmqrROKxLw/LTvDdY/RashreWHlPQe3tdBkzFb4iOUKjnDZJ9OlQiAhh9XBb7dN
         6xihTCXv5LTPSIFQto1B9qrKWGqxIsN+vjQ0qwFkGMRZX8SPx+adMB74QPguinE9yqeh
         XuAabzXD3bNXv9gsQlDuHzKLIAp77myy/n5y6IT3B2f27GYTblfdrwJDp2Ju1/vfNrLa
         +aLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571748; x=1750176548;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=4J/cpgv3Sf7hviWIGB3BwFK15nn6RlGtLGg3SXJRrVU=;
        b=cYPJpRkmRdOhs2eQ7xGj9/Nv/GdbWJjlJpdSQck35+vlmPxdJgfiWgTH996RdSxJlV
         l1HNK/rLKrK2/JB7feY2/tvvSfqzjzpws1lW53T/N8Mhv/u+VmECCopUoQTff5aS17Zd
         B++A+I9EUymDmPFAwDfcQtkOpB300fk9Xo95JGq3UdGj3yxuLGq91TXfjTY4MBPVX3dN
         eyXmh3NbyXPfvCOC81Y35Zp+vVapthFvPGjF/du0SHpqDZTG+u1bi/FQOC2poWszRXRc
         FiiN3l7DUnO0eCXaqfj1+/as8fMlD8Arj5RpS+iW/j75L3g2uztEiyWVCKtKCURYW3Cw
         OF4Q==
X-Gm-Message-State: AOJu0YzaOFQFmG7kzcTJhTNlaeUT94m+sYG97pjpk73VaJbWadF+9TX7
	2JHTzPXCvXmMK7kgSKWAtE0HTn6dhYPrsS+u3hVVLAaNIkgFH4w2E7XglVN5sM8v+Jh26KxlaAe
	pFKMI
X-Gm-Gg: ASbGncsEv5FFbxHPzwZlqAadrf/y+4RG+kTP53UlCKIjtlBUQC/SugOmfUis41yMEGr
	oRZm61MGjXjyzmkNqI2+vmryddgutKeGEcPSBSXg+Ml4OaV8OzdyIIjJSZRZZDb1VS9blS6IMU0
	WBaDr+A5MKgyGUZfD+78j9CtqVGkp6ABkVYHsq+n6y0zyQYT9wkrUKlDm6iFcqb/Xn47I30Ayke
	shde2EUKanBC0ZHWUYTaPyjuVI5LaH2VFqP2BMYdFDZ5kn3JGIeQAHrtO0oJEBohj81oYX1SDFx
	S9sISOa3X+nSgYHbXUFUugCc6lnxpeWzNhWb5R9LaOPXtxCPgOdvPg==
X-Google-Smtp-Source: 
 AGHT+IHdDSHPGmNO4EF/JnU0I1REJLkhBufepwCtWxWvHNzzZG7DNp87E5/w151O8zQt204KF9pA6w==
X-Received: by 2002:a17:903:1aad:b0:235:caa8:1a72 with SMTP id
 d9443c01a7336-23640d0b967mr5384815ad.30.1749571747673;
        Tue, 10 Jun 2025 09:09:07 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.07
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:07 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 11/32] libsoup-2.4: fix CVE-2025-32909
Date: Tue, 10 Jun 2025 09:08:24 -0700
Message-ID: 
 <2329f4f77fc9403e42b0c97dbd693c5d8bc906ae.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218380

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/431

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-32909.patch  | 38 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch
new file mode 100644
index 0000000000..2f5366348d
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch
@@ -0,0 +1,38 @@
+From e6e088e62c10ab91fa2f2ad5c122332aa7cde97c Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 12 May 2025 16:55:37 +0800
+Subject: [PATCH] content-sniffer: Handle sniffing resource shorter than
+ 4 bytes
+
+CVE: CVE-2025-32909
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/commit/ba4c3a6f988beff59e45801ab36067293d24ce92]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-content-sniffer.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
+index eac9e7b..73d2245 100644
+--- a/libsoup/soup-content-sniffer.c
++++ b/libsoup/soup-content-sniffer.c
+@@ -227,9 +227,14 @@ sniff_mp4 (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+ {
+ 	const char *resource = (const char *)buffer->data;
+ 	guint resource_length = MIN (512, buffer->length);
+-	guint32 box_size = *((guint32*)resource);
++	guint32 box_size;
+ 	guint i;
+ 
++	if (resource_length < sizeof (guint32))
++		return FALSE;
++
++	box_size = *((guint32*)resource);
++
+ #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+ 	box_size = ((box_size >> 24) |
+ 		    ((box_size << 8) & 0x00FF0000) |
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 01ca9f8966..510d1128db 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -26,6 +26,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-46421.patch \
            file://CVE-2025-32050.patch \
            file://CVE-2025-32052.patch \
+           file://CVE-2025-32909.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:25 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64730
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2F24FC71130
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:18 +0000 (UTC)
Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com
 [209.85.214.169])
 by mx.groups.io with SMTP id smtpd.web10.91284.1749571750085435427
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:10 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=bTLaH0jK;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.169,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f169.google.com with SMTP id
 d9443c01a7336-235ea292956so55156035ad.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571749;
 x=1750176549; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=7UDAlDQU+brDhvPccoRU85lRS5WpxShNqHlHAgGNrww=;
        b=bTLaH0jKkVQPSHwAKFtftoabolVQfhe/6++yhMOirWV7PJkwQ7C+s1tXFo0PcPRDqM
         YqxS3yiSZzEJpseHZn0mf23RKo6jG/Z9/sJ4WmaHHfGRCuxF60kn7mbr7c3jzsjWuVn4
         f+6UCUWGiiPZiU9UxElArgkkKED4QmnQ5Bo6tKonyLNh3tf52vQD05h6pv1Fj/tWm3Q/
         Zusgjgu3hEoZJ93UvDc0+pzVxlAoxoVL96cN86mEi15nO8JNhWg9tXg2UvyPuf4OfgqV
         +RujqSc887U4vNZ96LxIL3trwxUtXfnENc0ECscPUTIIMpR5xvQSejrPdnbrT0ByxJ5i
         x6vw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571749; x=1750176549;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=7UDAlDQU+brDhvPccoRU85lRS5WpxShNqHlHAgGNrww=;
        b=u2PeMMAuLz4zK/rHF3ugmFSGX0llizN+7U2UDJBm5ch0/9GpsMsuTgPAkydCaiA0o9
         wsQ0DPGUsz41ia/Yy89dC7G9Iq2KBL4R595SgfDSaUav8c7pqPICn2rDcX/vdRmhOopW
         vvnbS04UWf4BO3PvPgQRO9RumbmyFobYbSRBjFLDTEy6o31GVhEi78nGM7Gkld5aKOSm
         jNARfE9tHQmfx+Un6N/74+u/OtzniIXglUH8dDWrk7KC/viIDkviB7iqyp3k62W229wb
         gTZ0Wb+vAo1+LHRy+6btillbukyYEdlqRp4S3FAolvosM0UpVXj/qLn8w4G5jx+HTfRo
         GsJA==
X-Gm-Message-State: AOJu0YyvSghgie6Q5T7jeWVus58pDFFKf3xrX0QzoC0Wz18hTX+OY1H8
	d6qJVETyhC952aT3U4+a6A5S+GmXVRC1iWex2WxMwSHdY2r9gphxOVwMLWsz6CoHvewJyEBHf2N
	h+Ygs
X-Gm-Gg: ASbGncsHd+X8Z0mMk5WQfIrFAB7rVumpzVZ1wkzLfw4oXrJUg5Cfn53H8G+aFuqpULj
	XZPcD4KBwkQX4RQzez2a66jx7EyEvB4GI2o92YtdnTyB0vq7Ark3lMs8j8YY5Anxua9npX7rnPq
	sRARhqEy5FNlXjeBZxNWvljuM0hoZxZvfm9KPZjGM0U+7Ngs549cyAIQdcpDsaZa/6b4+RWJt/U
	D2JCjwHJpWAJcshhGp/O5j4TGvaOhI8j1o43Mdxq5P1xXaQZAbGDWzrOeJw38pJb1I995ibosAT
	S2DbFDMtTtDNVUkBCSYKlLyGSwWSXM59+zMiUXXope4JHLJgCgg+HA==
X-Google-Smtp-Source: 
 AGHT+IHIxMkU5rYtXcgEZx1g5J2UxU2VgldpcLsPBfmO6h/67eRGzr8hILK19rK8SopXfmuLDkQ7eA==
X-Received: by 2002:a17:903:2291:b0:234:8c52:1f9b with SMTP id
 d9443c01a7336-23601dcf407mr269162215ad.43.1749571749215;
        Tue, 10 Jun 2025 09:09:09 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.08
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:08 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 12/32] libsoup-2.4: fix CVE-2025-32910
Date: Tue, 10 Jun 2025 09:08:25 -0700
Message-ID: 
 <1ecca7b624a7f33513d5e585bedec6438acef3e8.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218381

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/432

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup-2.4/CVE-2025-32910-1.patch        | 32 +++++++
 .../libsoup-2.4/CVE-2025-32910-2.patch        | 94 +++++++++++++++++++
 .../libsoup-2.4/CVE-2025-32910-3.patch        | 28 ++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  3 +
 4 files changed, 157 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-3.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch
new file mode 100644
index 0000000000..c1dc6860f2
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch
@@ -0,0 +1,32 @@
+From a7e711d0f162c6edc8acad2a96981d4890784ea3 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 12 May 2025 17:02:55 +0800
+Subject: [PATCH] auth-digest: Handle missing realm/nonce in authenticate
+ header
+
+CVE: CVE-2025-32910
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417/diffs?commit_id=e40df6d48a1cbab56f5d15016cc861a503423cfe]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-auth-digest.c |  3 +++
+ 1 files changed, 3 insertions(+)
+
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index e8ba990..0ab3499 100644
+--- a/libsoup/soup-auth-digest.c
++++ b/libsoup/soup-auth-digest.c
+@@ -142,6 +142,9 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+ 	guint qop_options;
+ 	gboolean ok = TRUE;
+ 
++	 if (!soup_auth_get_realm (auth))
++		return FALSE;
++
+ 	g_free (priv->domain);
+ 	g_free (priv->nonce);
+ 	g_free (priv->opaque);
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch
new file mode 100644
index 0000000000..019a35e3be
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch
@@ -0,0 +1,94 @@
+From eccfca1074fc485a0b60dfb9c8385429a226bf73 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Fri, 16 May 2025 13:19:38 +0800
+Subject: [PATCH] auth-digest: Handle missing nonce
+
+CVE: CVE-2025-32910
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417/diffs?commit_id=405a8a34597a44bd58c4759e7d5e23f02c3b556a]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-auth-digest.c | 45 ++++++++++++++++++++++++++++----------
+ 1 files changed, 28 insertions(+), 10 deletions(-)
+
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index 0ab3499..10a8591 100644
+--- a/libsoup/soup-auth-digest.c
++++ b/libsoup/soup-auth-digest.c
+@@ -132,6 +132,19 @@ soup_auth_digest_get_qop (SoupAuthDigestQop qop)
+ 	return g_string_free (out, FALSE);
+ }
+ 
++static gboolean
++validate_params (SoupAuthDigest *auth_digest)
++{
++	SoupAuthDigestPrivate *priv = soup_auth_digest_get_instance_private (auth_digest);
++
++	if (priv->qop || priv->algorithm == SOUP_AUTH_DIGEST_ALGORITHM_MD5_SESS) {
++		if (!priv->nonce)
++			return FALSE;
++	}
++
++	return TRUE;
++}
++
+ static gboolean
+ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+ 			 GHashTable *auth_params)
+@@ -169,17 +182,22 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+ 	if (priv->algorithm == -1)
+ 		ok = FALSE;
+ 
+-	stale = g_hash_table_lookup (auth_params, "stale");
+-	if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
+-		recompute_hex_a1 (priv);
+-	else {
+-		g_free (priv->user);
+-		priv->user = NULL;
+-		g_free (priv->cnonce);
+-		priv->cnonce = NULL;
+-		memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
+-		memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
+-        }
++	if (!validate_params (auth_digest))
++		ok = FALSE;
++
++	if (ok) {
++		stale = g_hash_table_lookup (auth_params, "stale");
++		if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
++			recompute_hex_a1 (priv);
++		else {
++			g_free (priv->user);
++			priv->user = NULL;
++			g_free (priv->cnonce);
++			priv->cnonce = NULL;
++			memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
++			memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
++		}
++	}
+ 
+ 	return ok;
+ }
+@@ -359,6 +377,8 @@ soup_auth_digest_compute_response (const char        *method,
+ 	if (qop) {
+ 		char tmp[9];
+ 
++		g_assert (cnonce);
++
+ 		g_snprintf (tmp, 9, "%.8x", nc);
+ 		g_checksum_update (checksum, (guchar *)tmp, strlen (tmp));
+ 		g_checksum_update (checksum, (guchar *)":", 1);
+@@ -422,6 +442,9 @@ soup_auth_digest_get_authorization (SoupAuth *auth, SoupMessage *msg)
+ 	g_return_val_if_fail (uri != NULL, NULL);
+ 	url = soup_uri_to_string (uri, TRUE);
+ 
++	g_assert (priv->nonce);
++	g_assert (!priv->qop || priv->cnonce);
++
+ 	soup_auth_digest_compute_response (msg->method, url, priv->hex_a1,
+ 					   priv->qop, priv->nonce,
+ 					   priv->cnonce, priv->nc,
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-3.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-3.patch
new file mode 100644
index 0000000000..bdf4d64ca3
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-3.patch
@@ -0,0 +1,28 @@
+From 74c95d54fe42041fe161cb74c76d942ffd37a5dd Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Fri, 16 May 2025 13:21:43 +0800
+Subject: [PATCH] auth-digest: Fix leak
+
+CVE: CVE-2025-32910
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417/diffs?commit_id=ea16eeacb052e423eb5c3b0b705e5eab34b13832]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-auth-digest.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index 10a8591..6d965d2 100644
+--- a/libsoup/soup-auth-digest.c
++++ b/libsoup/soup-auth-digest.c
+@@ -66,6 +66,7 @@ soup_auth_digest_finalize (GObject *object)
+ 	g_free (priv->nonce);
+ 	g_free (priv->domain);
+ 	g_free (priv->cnonce);
++	g_free (priv->opaque);
+ 
+ 	memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
+ 	memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 510d1128db..b8b7bc1df7 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -27,6 +27,9 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32050.patch \
            file://CVE-2025-32052.patch \
            file://CVE-2025-32909.patch \
+           file://CVE-2025-32910-1.patch \
+           file://CVE-2025-32910-2.patch \
+           file://CVE-2025-32910-3.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:26 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64728
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 34E51C71133
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:18 +0000 (UTC)
Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com
 [209.85.214.180])
 by mx.groups.io with SMTP id smtpd.web11.90693.1749571751867906419
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:11 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Y4bRK9qV;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.180,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f180.google.com with SMTP id
 d9443c01a7336-234bfe37cccso69386795ad.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571751;
 x=1750176551; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ulyPRkqJFmH/+0nwf2xZL8tBX+nGqX6zrsIY6xCf+JE=;
        b=Y4bRK9qVtKJjcjdNPu4W9JtyUsJKbP1sj4yO6aEu/V/7BQVBvRxgKuj9JzxGDWp+dm
         G1HURnnO/mvaP6g52oJvcsQOHrlv7wIyyoHA4juzP+CxvJkIgHk7ESqakuk/TWlBPEor
         CfdrgI1cJh9WOJazk3TJH4jwtsRCGJ18PSDzccgBKnGErd4lOlVm9rnyBLxFc7R9b9OV
         KfQQEp61tNsDxXHNZi1ip91+X+VM6hHpwHxzOucQpUbUWRM/b8vp5FrEBI+bt2G7cm85
         sHN+TTkD1D/AMUzkyYFl8oNuFAgF06Z3IntT6uEIpCqwZ1HnKSg2G/hvUs4JJBeDpqoM
         rc7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571751; x=1750176551;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ulyPRkqJFmH/+0nwf2xZL8tBX+nGqX6zrsIY6xCf+JE=;
        b=AQxtW9HGpePX3T51jgaDEY57Mlf/3CymzXFdwz3LQ+ecieqbg5FDXpkCD6+vKSpaJj
         e8n5XoKzHghqr/+G7PFDlSZXcLQadBkFdkuAAe4vjqjMS5hd1K/V1sHsAAkmeBUwvN3i
         VRPd+Od7QIGIXwD1E4yV0x9kDTrPQ0YuvwKEaBP/nla9H8gteT6JVYeccgObl2/yUPPj
         bmlRvWvQCOahCEo4f6Q+a2bSLhjTdRYxU9rprNr7MiEA7Xrvw1B7q2b0GIsMbX42P0FZ
         rkzBB2QEMCJ7mMSonIWEr5xDTuU1/uWrltXrdv+4LZwD8TY0xiokhjlViiXKj4f3jnWf
         G6ZQ==
X-Gm-Message-State: AOJu0Yz9liOSJQoHeb4dcNMmoov0JhyrPX64yYyKGnl/pMv5uG+opjwd
	mF2NH+pDP8bDPkcx73CySo26kDNA2y+GFSVvREvGbwYtKJvTivDyrAoaQcMGBQAT1hTMz2WL7ro
	eubJl
X-Gm-Gg: ASbGncsw9KzBu3nKWkZ0DxWM+JXVNoOCfSssiSxo/XdEuUYFQykCaFsMSaibDj1f3j9
	Iz1dIIO+EeKnOFLDjMn6Got6KAAG0aTZNf7UtpmbovXxOCFeJ1a0N/VOa0ZW8ksamxeXa98zEI3
	oX7QzBqlPmS746moCy45dt7bHAuL7LIOxPx6JhEDGbDydhC11z+rWuARPsTpCeJuDxdoATqIFgM
	aK33okDb4hPiGCaqfvaEjugoDvkSDNvf0Iyk5i5ORytdB0k8cbfUKW/3KkoT6raYy7YXGuMP+o5
	iRnG8tUGHzy4vzGYGvxSAF6PP3fhyMEFJBGOuQaXYee1/VNhPppgZA==
X-Google-Smtp-Source: 
 AGHT+IFYQUv84UGPitLAdv0da5khbTts2TSlI4zdOa3I77xK3hTjh5NNcXlYlLEYHCixkoCwRYlbMA==
X-Received: by 2002:a17:902:e890:b0:234:e7bb:963b with SMTP id
 d9443c01a7336-23601d24722mr237017105ad.16.1749571751046;
        Tue, 10 Jun 2025 09:09:11 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.10
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:10 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 13/32] libsoup-2.4: fix CVE-2025-32912
Date: Tue, 10 Jun 2025 09:08:26 -0700
Message-ID: 
 <d1f3c8a62388133acd5df33ec857e06cc23ab9d0.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218382

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/434

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-32912.patch  | 32 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912.patch
new file mode 100644
index 0000000000..b3ce9d8bc3
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912.patch
@@ -0,0 +1,32 @@
+From 0984dddb11daf14fdf5ca24077cd0ebda796439a Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Fri, 16 May 2025 13:25:32 +0800
+Subject: [PATCH] auth-digest: Handle missing nonce
+
+CVE: CVE-2025-32912
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992?merge_request_iid=434
+https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-auth-digest.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index 6d965d2..f1621ec 100644
+--- a/libsoup/soup-auth-digest.c
++++ b/libsoup/soup-auth-digest.c
+@@ -156,7 +156,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+ 	guint qop_options;
+ 	gboolean ok = TRUE;
+ 
+-	 if (!soup_auth_get_realm (auth))
++	if (!soup_auth_get_realm (auth) || !g_hash_table_lookup (auth_params, "nonce"))
+ 		return FALSE;
+ 
+ 	g_free (priv->domain);
+
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index b8b7bc1df7..ed36d7c12b 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -30,6 +30,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32910-1.patch \
            file://CVE-2025-32910-2.patch \
            file://CVE-2025-32910-3.patch \
+           file://CVE-2025-32912.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:27 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64727
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1FBBFC677C4
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:18 +0000 (UTC)
Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com
 [209.85.214.172])
 by mx.groups.io with SMTP id smtpd.web10.91290.1749571754955601544
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:15 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=n4ECDFy0;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.172,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f172.google.com with SMTP id
 d9443c01a7336-234c5b57557so52717365ad.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571754;
 x=1750176554; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=sFlBW4I2YZkIwab4d70x9ZLwMIZn2StQ6yHnwqhjRDg=;
        b=n4ECDFy05DVI/qquJ3/QXCyBQjaRYvWhRZ/EYukJxiJxrWorqxGRjr/Kj1ygkOC4+g
         akWnJ2eqOh3WKJjC/RCo44pE4gDGd44ZOLvOhPRziMF+/ae0xMXJtrWiS/x2HMABpp6g
         GDLN4n/YwiZAcHFR2diGqm8he6o/LVu1T3XkEHGFWlOuoTrvKPWd8/p/PhjL6NjRRRED
         ochI5G41Q5NhQxO2lktSHX3J+INxuyehANOPFz/yp/BJEP+dlwY6Bc0qpGKazJnA/W6c
         f51AKVzwR6Q8nut9yb8dJe8fnjfKJ0z2j96w0gVSL4vy6U0DwCxJXNh9qxvR8lBK8b49
         vJhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571754; x=1750176554;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=sFlBW4I2YZkIwab4d70x9ZLwMIZn2StQ6yHnwqhjRDg=;
        b=eQlqPaqZ1a8cNtGMsrQox/r2HyDeU12JvTnhovJg2MyJ+I1LCNtoD+7kuunRjpFcd9
         dFvbP1QgaBgKlzuZC9mTcQvSkgu6sgbTIBnNP9eDg7MefuzDF+NLQnV5qHcx5hBwfeDP
         aC7Oincz7d8Z5K9SLQPpFJjaMybN/lmWYbNhKLi7FxyV8EqmxyJNfDBbP71wh3t9GCtG
         ThNa7S1W+Y7SGuljGabIm3k0MeAQBsBJS7V0AdTWK0otYiRbgXVB0zj1NZEGjYbm1ebR
         pQUv4nTPK4JotSrvi6paGIZA1pHJahTTlB6wqyYsNIRgTzITzChfj50ESwCeSSmGy3sL
         92Jg==
X-Gm-Message-State: AOJu0YzsWWIOCt7cQAna/G/5Da1V/9ccqZqQ9iw8EGn2Z02FsC+PnRzE
	DLbfz7Jh6ObOjjjKNASCVyhlywd2CqBXM5cbr0h/pUaXvciMrJsuM5VpDFc6Ewo/KLW8pWkeIvG
	Pui1O
X-Gm-Gg: ASbGncvK4AEBAJpNy1GBzGjAO/tw8OBpMJ10NmXGZ4Dnj54KFEMqe24pWZhSraarwjD
	CNFPf/K4l3aStkxFG6QtKtdHRYblos2SbKsz4ZDJGmTQKvkruuWQUWKZfcXriJiKwEVawfD6tKn
	Z5E1SftiA4ALoxvy+ggPcvt+qYPmdetQmGD0ZPEsXifo3BofyfgeE+OiIwXDjq8ZYdnrGiXx+1y
	zYFOPEjE6e6JOwAbezL6JuHj6Rjya3cuzB6oY6xH9Fa6jieSKAV8PZLP78p8e7UUP+Qi2RzUyhE
	JdYFnvOQ8TdTH4uXhbLxN7nkiCkdMqmd1LzxognkyhzTEr1UQyd7TA==
X-Google-Smtp-Source: 
 AGHT+IFOs0LcVM3UZb3jf9DRyTTCsat+93a6B9KqYbOUWOvV2Jt8a+EgCU4jROeTQq+k4b6jMlkmvA==
X-Received: by 2002:a17:903:3c23:b0:235:c9a7:d5fb with SMTP id
 d9443c01a7336-23601d021a1mr250611185ad.16.1749571754040;
        Tue, 10 Jun 2025 09:09:14 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.13
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:13 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 14/32] libsoup-2.4: fix CVE-2024-52531
Date: Tue, 10 Jun 2025 09:08:27 -0700
Message-ID: 
 <34e9c7cfd832ed03b71fc4c23d82e853ff8c1711.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218383

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/423

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup-2.4/CVE-2024-52531-1.patch        |  39 +++++
 .../libsoup-2.4/CVE-2024-52531-2.patch        | 133 ++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |   2 +
 3 files changed, 174 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-1.patch
new file mode 100644
index 0000000000..9de0310c8d
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-1.patch
@@ -0,0 +1,39 @@
+From 8331e681c85c3b1893d8d5193783f631bfc07acb Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Fri, 16 May 2025 13:42:08 +0800
+Subject: [PATCH] tests: Add test for passing invalid UTF-8 to
+ soup_header_parse_semi_param_list()
+
+CVE: CVE-2024-52531
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/diffs?commit_id=825fda3425546847b42ad5270544e9388ff349fe]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ tests/header-parsing-test.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index b811115..cfcc003 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -836,6 +836,17 @@ static struct ParamListTest {
+ 	    { "filename", "t\xC3\xA9st.txt" },
+ 	  },
+ 	},
++
++/* This tests invalid UTF-8 data which *should* never be passed here but it was designed to be robust against it. */
++	{ TRUE,
++	  "invalid*=\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; filename*=iso-8859-1''\x69\x27\x27\x93\x93\x93\x93\xff\x61\x61\x61\x61\x61\x61\x61\x62\x63\x64\x65\x0a; foo",
++	   {
++		{ "filename", "i''\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" },
++		{ "invalid", "\302\223\302\223\302\223\302\223\303\277aaaaaaabcde" },
++		{ "foo", NULL },
++	   },
++	}
++
+ };
+ static const int num_paramlisttests = G_N_ELEMENTS (paramlisttests);
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch
new file mode 100644
index 0000000000..740c28c016
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch
@@ -0,0 +1,133 @@
+From 12523a592f1216450d18706bcf6c16e0f1ab0ce0 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Fri, 16 May 2025 13:52:37 +0800
+Subject: [PATCH] headers: Be more robust against invalid input when
+ parsing params
+
+If you pass invalid input to a function such as soup_header_parse_param_list_strict()
+it can cause an overflow if it decodes the input to UTF-8.
+
+This should never happen with valid UTF-8 input which libsoup's client API
+ensures, however it's server API does not currently.
+
+CVE: CVE-2024-52531
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/diffs?commit_id=a35222dd0bfab2ac97c10e86b95f762456628283]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-headers.c | 45 +++++++++++++++++++++---------------------
+ 1 file changed, 23 insertions(+), 22 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index 67905b2..39e8d34 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -642,8 +642,9 @@ soup_header_contains (const char *header, const char *token)
+ }
+ 
+ static void
+-decode_quoted_string (char *quoted_string)
++decode_quoted_string_inplace (GString *quoted_gstring)
+ {
++	char *quoted_string = quoted_gstring->str;
+ 	char *src, *dst;
+ 
+ 	src = quoted_string + 1;
+@@ -657,10 +658,11 @@ decode_quoted_string (char *quoted_string)
+ }
+ 
+ static gboolean
+-decode_rfc5987 (char *encoded_string)
++decode_rfc5987_inplace (GString *encoded_gstring)
+ {
+ 	char *q, *decoded;
+ 	gboolean iso_8859_1 = FALSE;
++	const char *encoded_string = encoded_gstring->str;
+ 
+ 	q = strchr (encoded_string, '\'');
+ 	if (!q)
+@@ -689,14 +691,7 @@ decode_rfc5987 (char *encoded_string)
+ 		decoded = utf8;
+ 	}
+ 
+-	/* If encoded_string was UTF-8, then each 3-character %-escape
+-	 * will be converted to a single byte, and so decoded is
+-	 * shorter than encoded_string. If encoded_string was
+-	 * iso-8859-1, then each 3-character %-escape will be
+-	 * converted into at most 2 bytes in UTF-8, and so it's still
+-	 * shorter.
+-	 */
+-	strcpy (encoded_string, decoded);
++	g_string_assign (encoded_gstring, decoded);
+ 	g_free (decoded);
+ 	return TRUE;
+ }
+@@ -706,15 +701,16 @@ parse_param_list (const char *header, char delim, gboolean strict)
+ {
+ 	GHashTable *params;
+ 	GSList *list, *iter;
+-	char *item, *eq, *name_end, *value;
+-	gboolean override, duplicated;
+ 
+ 	params = g_hash_table_new_full (soup_str_case_hash, 
+ 					soup_str_case_equal,
+-					g_free, NULL);
++					g_free, g_free);
+ 
+ 	list = parse_list (header, delim);
+ 	for (iter = list; iter; iter = iter->next) {
++ 		char *item, *eq, *name_end;
++		gboolean override, duplicated;
++		GString *parsed_value = NULL;
+ 		item = iter->data;
+ 		override = FALSE;
+ 
+@@ -729,19 +725,19 @@ parse_param_list (const char *header, char delim, gboolean strict)
+ 
+ 			*name_end = '\0';
+ 
+-			value = (char *)skip_lws (eq + 1);
++			parsed_value = g_string_new ((char *)skip_lws (eq + 1));
+ 
+ 			if (name_end[-1] == '*' && name_end > item + 1) {
+ 				name_end[-1] = '\0';
+-				if (!decode_rfc5987 (value)) {
++				if (!decode_rfc5987_inplace (parsed_value)) {
++					g_string_free (parsed_value, TRUE);
+ 					g_free (item);
+ 					continue;
+ 				}
+ 				override = TRUE;
+-			} else if (*value == '"')
+-				decode_quoted_string (value);
+-		} else
+-			value = NULL;
++			} else if (parsed_value->str[0] == '"')
++				decode_quoted_string_inplace (parsed_value);
++			}
+ 
+ 		duplicated = g_hash_table_lookup_extended (params, item, NULL, NULL);
+ 
+@@ -749,11 +745,16 @@ parse_param_list (const char *header, char delim, gboolean strict)
+ 			soup_header_free_param_list (params);
+ 			params = NULL;
+ 			g_slist_foreach (iter, (GFunc)g_free, NULL);
++			if (parsed_value)
++				g_string_free (parsed_value, TRUE);
+ 			break;
+-		} else if (override || !duplicated)
+-			g_hash_table_replace (params, item, value);
+-		else
++		} else if (override || !duplicated) {
++			g_hash_table_replace (params, item, parsed_value ? g_string_free (parsed_value, FALSE) : NULL);
++		} else {
++			if (parsed_value)
++				g_string_free (parsed_value, TRUE);
+ 			g_free (item);
++		}
+ 	}
+ 
+ 	g_slist_free (list);
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index ed36d7c12b..089a032a4f 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -31,6 +31,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32910-2.patch \
            file://CVE-2025-32910-3.patch \
            file://CVE-2025-32912.patch \
+           file://CVE-2024-52531-1.patch \
+           file://CVE-2024-52531-2.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:28 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64729
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2621BC5B552
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:18 +0000 (UTC)
Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com
 [209.85.214.178])
 by mx.groups.io with SMTP id smtpd.web11.90697.1749571757717516495
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:17 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Kil/t8XS;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f178.google.com with SMTP id
 d9443c01a7336-2363616a1a6so10797445ad.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571757;
 x=1750176557; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=lLWHkZaHATddijG9uFAmr7uoZK9u4i/XA0k1abwS1YM=;
        b=Kil/t8XSL/GzzBbGamVlFq4gTmP6Az1ayIZ8J7mV6q19JPg/dELlRcfLzbeFtRjVuA
         pP0GKkgdKSlgQO5F2ipdMNOmve3p+UQJRJUMuB5bbtJ3G/po6LuWf7ZkphZccB+bJBH3
         oRMwvqrSPElaCJzQdzAJxYBpcGE4HWnIfZ1ZQWegXISwIf8AO1B8/rwKKPFNhutsjrq8
         gxBA2zG1VwhkW/+bUQCdZyrdTxsqxFy+RMkEP0KCreYzhil8d2+CMNBqpBGPwXnUHcTc
         1DOEseqd9YtyKmYRpr/z62yg4M542TBODbCKyLlwBkOn3WgDS+6hFGKuSCUNvGFA3mj8
         1MSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571757; x=1750176557;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=lLWHkZaHATddijG9uFAmr7uoZK9u4i/XA0k1abwS1YM=;
        b=izThnNtD3uPWi5DalLzbrwnyf9deBDQB4aMPqtWmHHcq/0sy/ZO4BZo4w7AAXHZHfB
         c0c26rF3XXg+dbDrGmDbeW5dZAK/fVNxtvxRn6nyW3pkfzujqBQVze68HWS4ZpAjl7za
         s+Zrj/zedBjBNHN1ZDd0ngxjKM1RiZ2Fu1mebdsieDSjZmEW9MY1dmGlQhad/g1fet9K
         1ilbJZhCIMrbhw4IqJoHv6yPWg6FIztlD8JsxlfSxjlL003f+9KKFh3O+vSkeEzYD9FQ
         xHp3/7jFIp5eVDztu2CZ8Fa9ab66tM7UsAS9nnbxvDM13xe5o8YgqZnWWVLeDm6yqMgt
         L7Xw==
X-Gm-Message-State: AOJu0Yy3fg0Nhe9P+y+Q04JsVBy4jq02vfyw+0PI2mGeoHZ2k5DZ8ysc
	HXPuO7dtP3O1ydm3jxt4NNvu3ANhq0wLcoFsR5LVIUxM0q/r4eAQlSw1oEIV241BbcB4Rb+5fR+
	s+0Pb
X-Gm-Gg: ASbGnctRrH38TuWRP86XqULqiM5apvJtOc0OtEJLuFE28GWD+fSbDZM6je+PmzgR0r0
	rAYDtuBLExhMCRwOXT8FOtYHVDjpkulWsBAd1JYPsDnTovs6Z7gErZ5zyyeRTmzIeUTzNxqD5au
	Zo6QwbICGsmyL+7WijuO6R2KvgIMIcJH+OBXQWTq3YAY++wNUeLo2LqR6/B35T+Y9Rtp2a6aWyp
	lApbZLrx/QmSARAmPMq2++3vj0r2mKtriJ95V18ZTqCz363Z3nAB+1MNVBFzj0poxPJGyQJaDVP
	EWQBvCp081ESQmIUxeAueCdYGoIu8JjV9uP4kIs4bfpsuG53foIFSw==
X-Google-Smtp-Source: 
 AGHT+IHQHkkI9SU2+6fqaQUpbU6jdHlUAsBlHlSGP9pP/zRY0TiTpjf8beC9p19Q2OqT/q/jD/Soxg==
X-Received: by 2002:a17:903:41c9:b0:235:6e7:8df2 with SMTP id
 d9443c01a7336-23601d975acmr247006965ad.41.1749571756871;
        Tue, 10 Jun 2025 09:09:16 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.16
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:16 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 15/32] libsoup-2.4: fix CVE-2025-4476
Date: Tue, 10 Jun 2025 09:08:28 -0700
Message-ID: 
 <d5fa3329cc58713c3476559b61b0797ace819fbd.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218384

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/440

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-4476.patch   | 38 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch
new file mode 100644
index 0000000000..874f62e7ad
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch
@@ -0,0 +1,38 @@
+From 52a0f9234d384b9dab368835b22e5a5a01542168 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Fri, 16 May 2025 14:16:10 +0800
+Subject: [PATCH] auth-digest: fix crash in
+ soup_auth_digest_get_protection_space()
+
+We need to validate the Domain parameter in the WWW-Authenticate header.
+
+Unfortunately this crash only occurs when listening on default ports 80
+and 443, so there's no good way to test for this. The test would require
+running as root.
+
+Fixes #440
+
+CVE: CVE-2025-4476
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c?merge_request_iid=457]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-auth-digest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index f1621ec..a2dc560 100644
+--- a/libsoup/soup-auth-digest.c
++++ b/libsoup/soup-auth-digest.c
+@@ -229,7 +229,7 @@ soup_auth_digest_get_protection_space (SoupAuth *auth, SoupURI *source_uri)
+ 			uri = soup_uri_new (d);
+ 			if (uri && uri->scheme == source_uri->scheme &&
+ 			    uri->port == source_uri->port &&
+-			    !strcmp (uri->host, source_uri->host))
++			    !g_strcmp0 (uri->host, source_uri->host))
+ 				dir = g_strdup (uri->path);
+ 			else
+ 				dir = NULL;
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 089a032a4f..45add2e3e0 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -33,6 +33,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32912.patch \
            file://CVE-2024-52531-1.patch \
            file://CVE-2024-52531-2.patch \
+           file://CVE-2025-4476.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:29 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64732
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2DBDEC5B552
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:28 +0000 (UTC)
Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com
 [209.85.214.179])
 by mx.groups.io with SMTP id smtpd.web11.90700.1749571759885762009
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:19 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=WiuprsbO;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f179.google.com with SMTP id
 d9443c01a7336-23633a6ac50so19517395ad.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571759;
 x=1750176559; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=1WoZ4RfQg4gV5gVgO94rocGcbQ/pvYDFH0pNOWS+Htc=;
        b=WiuprsbO5qDCCWP/vnSFYoxmpfXeTUSXRPcoSbpS4lf67MGqQSh+up7iZI+47J0d/h
         hgOiRJsYJKFQx+FQtIf8hvPDtJxuZi8AHJTYEYdYbN7me+6/bPJcjM1tOW/5BCR/FzCb
         dSsF3VC/iv0bEiNnGJCjGYnk7osOPIEanfVTVifm9BDUtD0g09Z4LjaNwQRJCbMrRn2n
         D2W3XTz1+gL1g8pY9K74Gyl5r4cfRJ7jIBHVWTMQ9y7H6MdlsVjj4ul012NQCBV6pEmA
         52H/saFa6jT8pgimThU/tl5/XTWH+Rsu1ZcZuyQQjpDIzyi2IDWwU5+xaKvTXUBlx00k
         Qekg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571759; x=1750176559;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=1WoZ4RfQg4gV5gVgO94rocGcbQ/pvYDFH0pNOWS+Htc=;
        b=VVrdHjObU67ozvPUNdsp1qLK2EzUW8zEnaDidwQJFmB+/y16umBB98nJGOoOXqjz5C
         x8+dNWKUyu8fBzsdqEPs/VEaepxOjm4xwn2gfOW4tzl+jS2hKpBGK90tSyzYfAxAxo6W
         uXziU2f++jL4AFLmnZaYia5q8pw1eMGhjxtL1bfyhTlViEnu793GOObfzvCkcqRleohy
         WT6vTOF3+zftodUBGeE8MYQw6GCNOm9T9atKaOR49ATSIFCxQ1b3ZuQb9bHHwMZwhY52
         qNOjVv/FmAIQe4TTo7mugmU97kXxxYQzuNNuAGGP+jvSI3KKorOwPPrYWMYBuPENiRl4
         KUDw==
X-Gm-Message-State: AOJu0YyPC6zVstAJ5RymBFb5trmnM966P31dDIYfnwbsWSt3xPBhS9Gz
	9rIeeIGSPg+ppeHpUMUcSMRQR8SQRzkvNq0UzAADZQ4r0NMscsbfDgCcusRWqlwZSD4kxt9qton
	w+HhZ
X-Gm-Gg: ASbGncuLZEJaWP9Jt7uISE5fYyMrcAvmgLUPP9D26ZtRfkjcUg+oF/4FqPrIOdlhf/N
	g8iqjGfLjKaEtE/VvykqGwprjQ2FLaaiktCHN96ujDr7vLPedXrBRkOPoWuzqBtBKaykkHArmAV
	LsTZxizwt1JopWO3xobED8c+qZrMEtmfq3pCDW2a95bPMGR7oxfN35pOG1ysbfADXIxw16LKkxA
	FeYIXNMcn6VHcEL6paH5GokKnIu2T6DAo3efa8Qk51Uua6CKU88c8DFw0Neu4naAHU0RcTBdPjt
	+yiXr9gi1vs5zN/jRBi+6Qp9JsZNOzDgMaTCul43fWKfHhmaUmt/VliIOsqc+JFg
X-Google-Smtp-Source: 
 AGHT+IEgqpfpaN8CzWWgKrpjuc6x74D5OyGwkHkhTBsDq49f1im4fjIDyNp0c/MdMXuVBXhPjEYBnw==
X-Received: by 2002:a17:903:166e:b0:235:779:edfe with SMTP id
 d9443c01a7336-23640d23c11mr6850385ad.43.1749571758613;
        Tue, 10 Jun 2025 09:09:18 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.17
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:18 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 16/32] libsoup: upgrade 3.6.4 -> 3.6.5
Date: Tue, 10 Jun 2025 09:08:29 -0700
Message-ID: 
 <a5585378dd9a2ecd8261958d02c34ecce1be5c0f.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218385

From: Changqing Li <changqing.li@windriver.com>

Changes in libsoup from 3.6.4 to 3.6.5:

* session: Strip authentication credentials on cross-origin redirects [Patrick Griffis]
* build: Use pkg-config instead of krb5-config for the gssapi dependency [Patrick Griffis]
* http1: When using chunked encoding report an error in case of unexpected stream end [Andrzej Surdej]
* http2: When a message has no content still respect its Content-Type [Patrick Griffis]
* http2: Revert manual window size management temporarily, as it could stall [Patrick Griffis]
* sniffer: Fix potential overflows [Patrick Griffis]
* hsts: Fix minor leak [Patrick Griffis]
* headers: Fix a few parsing edge cases that could be an out of bound read [Patrick Griffis]
* connection: Avoid ever calling disconnect twice [Patrick Griffis]
* auth-digest: Fix handling when a nonce isn't present [Patrick Griffis]
* cookies: Limit max size of max-age, path, and domain attributes to 1024 bytes [Patrick Griffis]
* cookies: Limit max size of name and value to 4096 bytes [Patrick Griffis]
* docs: Remove references to old libsoup domain [Simon McVittie]

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/766e17528251c9b696a6076300ac61adc95536ac

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/{libsoup_3.6.4.bb => libsoup_3.6.5.bb}              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/libsoup/{libsoup_3.6.4.bb => libsoup_3.6.5.bb} (96%)

diff --git a/meta/recipes-support/libsoup/libsoup_3.6.4.bb b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
similarity index 96%
rename from meta/recipes-support/libsoup/libsoup_3.6.4.bb
rename to meta/recipes-support/libsoup/libsoup_3.6.5.bb
index 4d50e1353e..fbe9a79b0f 100644
--- a/meta/recipes-support/libsoup/libsoup_3.6.4.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
@@ -12,7 +12,7 @@ DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl nghttp2"
 SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
 
 SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz"
-SRC_URI[sha256sum] = "9b54c76f5276b05bebcaf2b6c2a141a188fc7bb1d0624eda259dac13a6665c8a"
+SRC_URI[sha256sum] = "6891765aac3e949017945c3eaebd8cc8216df772456dc9f460976fbdb7ada234"
 
 PROVIDES = "libsoup-3.0"
 CVE_PRODUCT = "libsoup"

From patchwork Tue Jun 10 16:08:30 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64734
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 493E7C71133
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:28 +0000 (UTC)
Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com
 [209.85.214.170])
 by mx.groups.io with SMTP id smtpd.web10.91292.1749571760969159346
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:21 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=sFx12xnc;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.170,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f170.google.com with SMTP id
 d9443c01a7336-23539a1a421so48838615ad.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571760;
 x=1750176560; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=+vTiFRdKUWuCtYNZHnN30+AS7DonWsESrsq2Z2Cc6r4=;
        b=sFx12xncXLUN126ayip+dUeKqyFUidNVSOXNHLbFAKczLPUcOl7Cy8pFotxw9cNxFu
         TfGMv+tCyx484fxKzxUOYMDsc1f4HU0N/NZp0p/ErHC15XSc7caCwWna0s76W0dHR7E1
         LzLiWN0zZUT8SC54G+j5TpeVUekpX67TqndmwcE7ZDhJJk2QXvZZrEuhYPsxb0zqNBPT
         WLfLVH5DDP9w1Ianq4RZ5kcCtjLcfVqD0s1C89CoXx0JBuxcSiWKuQAylEfTSyWoQDpO
         tsTqiRn92foPvFm9X2IAI12kHAZaBty8Z5RgxWLWzvgF6BplyvtsUb0E2wIwQEeK8sJt
         gxcQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571760; x=1750176560;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=+vTiFRdKUWuCtYNZHnN30+AS7DonWsESrsq2Z2Cc6r4=;
        b=YCcSbwtYvIHZoYoJuYOTgdwg2i+5GMbCMtHW8HfmvBacSCA6nhSQ2ha1JYikfIZH64
         v1964Aq3rD0lX6mu7IpBeDPEJmtRTL8UcOnCgK3Qh2NzriYAyAa4WbGc6EjlfziOOZlB
         CcpQo/tpKMvabsFtK6ItlK/SMFf0Iq37ExqX+VI+vAd29Fae4leILGrP8kD1dw+enC0I
         2MWsRI1J4xEIy4bb5EtYHXffcADHZ0hGKZtY2HoODKRUMWmT3JKMOHOzm/puMcoffwYi
         6ke43HS8XcVSw+NBXP/j1Z7iEDDbkuKfpythYRD5yJSCxatDuDhIuLRfRgPG1jvTiiUX
         NOLQ==
X-Gm-Message-State: AOJu0YyeMeZqdpTcS/rpkfhnIqyCAUsr/R2AZG24ICloe+GhZm/iB6n5
	CRd9Ig6eMmQZMNa/u5JPt66YLqYC0ZhGUzq7LVrYI5Ld/bHAYiGhe61CioHtFjEl8h5iOZtGOHX
	C/F72
X-Gm-Gg: ASbGncsHkvLZRvmphlKzSH0FXzZv5ZKWxM0rMo7k9P+T651JkvuOSZD4+Y/NHSDEBtq
	YaMn81DMNV+TvGMk9Z+bWMUS/s+Cu98Sotk6cNZ/xhwofZt8hpG+appXzIJOqPPSAlbGnHTjSTS
	VvxzapPXe3J8CwQhB4v/miWdzCE9POh0TuD2iPdCgnnHzD/8Ev6chpbrOHg0VWV3pZCT2ya2e0L
	q92dtx58H5CDMdFe0MRN36sU0+W6zn6kzn4/3P7UsaXe9WYgaDx4l8GY9y9jV3SsGpntEUcuW68
	GkrvKQALf2cybdLtowusCBo7SyZE9eeTourlWq7vVT5FRPVP7AK6i+1Oz16nyTko
X-Google-Smtp-Source: 
 AGHT+IFaHDPCLIAp06jPUDKOdUEm/FA1AM3K/tSZ2w5JEk2ktIHmwEJa/RYkO4cyfpLlliQJiOBU2w==
X-Received: by 2002:a17:903:188:b0:234:ef42:5d65 with SMTP id
 d9443c01a7336-23601dec50bmr231043945ad.52.1749571760086;
        Tue, 10 Jun 2025 09:09:20 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.19
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:19 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 17/32] libsoup-2.4: fix CVE-2025-32907
Date: Tue, 10 Jun 2025 09:08:30 -0700
Message-ID: 
 <771a05a7f65c391b0e2ad01e509f63d14fd0a7f2.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218386

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/428

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-32907.patch  | 39 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  1 +
 2 files changed, 40 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch
new file mode 100644
index 0000000000..41dd3ff3f4
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch
@@ -0,0 +1,39 @@
+From 8158b4084dcba2a233dfcb7359c53ab2840148f7 Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 15 Apr 2025 12:17:39 +0200
+Subject: [PATCH 1/2] soup-message-headers: Correct merge of ranges
+
+It had been skipping every second range, which generated an array
+of a lot of insane ranges, causing large memory usage by the server.
+
+Closes #428
+
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>
+
+CVE: CVE-2025-32907
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/diffs?commit_id=9bb92f7a685e31e10e9e8221d0342280432ce836]
+
+Test part not applied since test codes use some functions not in this
+version
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-message-headers.c |   1 +
+ 1 files changed, 1 insertions(+)
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index 78b2455..00b9763 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -1024,6 +1024,7 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders  *hdrs,
+ 			if (cur->start <= prev->end) {
+ 				prev->end = MAX (prev->end, cur->end);
+ 				g_array_remove_index (array, i);
++				i--;
+ 			}
+ 		}
+ 	}
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 45add2e3e0..b771805723 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -34,6 +34,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2024-52531-1.patch \
            file://CVE-2024-52531-2.patch \
            file://CVE-2025-4476.patch \
+           file://CVE-2025-32907.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:31 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64736
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 57D16C71131
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:28 +0000 (UTC)
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com
 [209.85.214.182])
 by mx.groups.io with SMTP id smtpd.web11.90701.1749571762444742795
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:22 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=qdiWQU0R;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f182.google.com with SMTP id
 d9443c01a7336-2352400344aso49617115ad.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571762;
 x=1750176562; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=5IjQZv52TY9VtUziikhiqHANvkYzYbCC+qu8MzTn7g4=;
        b=qdiWQU0RZzHn6kQ37r9yF83RpQSvON4Y3HJg2JOGcJYpu5nqLBTdSRJlfTDV+dwxh1
         uDS8RYEfKBdx80782KYI+ERWdjxnWQU+2dL0sbsLlkzdvDr+uHOihI4ffwbVnkCoWtfP
         I0smLro9ZPn1EMQc1IDhPo+q1TjPaU1iMkmzht/X8vvnVAHPaaC60xO0TZi5At6CxD5l
         EXurF3N0RM0qc7y+EJdeLtOw8R4QL2N3f1duiJlEEMCk71pHcMF1qv1/sHg1Tu5cmN7X
         /RGBABLMyuQ4L1zdMLjLVu93iUu/MGL3s60Vxv/cQW2irm0q8az5/Gt4sk1ZcV0NEL2I
         ot0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571762; x=1750176562;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=5IjQZv52TY9VtUziikhiqHANvkYzYbCC+qu8MzTn7g4=;
        b=hZdvKldvWQuniHbXEYBt/bKP8nF++eIMJNmzn01/9tunLXmOWeoWgRSFhRteHjsiZR
         KxTJ/Avaf0DqlRECFoQVttzri4KBEIRdoMEJBBhmrRlW7X0y3wz2SKJcGHnE5hhOX+ou
         AeVjqqRayzxUnp9kWiv9nD1RkIA+ts3fMC5bCB0CmaTtnx/RPya0K50+xhtq6MAtsXSf
         CL32JVXJQsKmg8WphudZ/Vt7dVQiW4e7K/cf3HAnm6vPTQRQE98z46/ujX7cuOEOqWTS
         DTr/JTsJUAy0PyqNFkT4kruCZ7uGQwVBNRZxUY5kif2gJF1Z2IYApJRPemefOnzNY6jC
         FHVQ==
X-Gm-Message-State: AOJu0Yxqhdt8tBfW62nKRKUmJBIZUjgsBLOLzhifJNX6DXwiCxh1BlDI
	W+ai2lCXGn/WdTD2hxd2bb6KkWkaFMKZpWzGvItgQFBZks3umMpCWAWisIFHmMhAartwn+i1+99
	HeuhS
X-Gm-Gg: ASbGncsWwv/WjGUSzswaV0N0N2oeWOYtVw3LShMMgme/P18q9Xk/Gvcg2Ii2anmm0KE
	3npz6L5CEx/sMFtuIW7uQ7wlxSV+SY6uux8p3IVWIZkQw26SJryZ8JhztYKeyptyhaPV1PN6n02
	/TKVXIhFwddYCRV8FU1i3rcDQX1SoNxxS+XiZluS6rEgVmFW28S0O5rbNCG5dq7nXzlzI86n+Xt
	+jFW8NLC9IAw7/9VCozTZq5yqYXvgwvveqWcVVKFkoY52P/b2uEW0u1uIjckmQwAH6R6mEal/ul
	C9YzJlvrUD0i09dlb/jOVhjlKrJ6L3W+7CQqYPxdhgQ95KnQk7h46g==
X-Google-Smtp-Source: 
 AGHT+IF+066rmwGy8fS1Pel5XrVnYGYmijomXFp+vVVw1sJ4PL9jNJ24LemYFiON5quVOVme+MgQUw==
X-Received: by 2002:a17:903:1d2:b0:224:76f:9e4a with SMTP id
 d9443c01a7336-23640c86807mr6475565ad.14.1749571761629;
        Tue, 10 Jun 2025 09:09:21 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.20
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:21 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 18/32] libsoup-2.4: fix CVE-2025-4948
Date: Tue, 10 Jun 2025 09:08:31 -0700
Message-ID: 
 <080c655c5a4590c55e8cc7d0e7a90676a3ed78ab.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218387

From: Changqing Li <changqing.li@windriver.com>

Refer:
http://gitlab.gnome.org/GNOME/libsoup/-/issues/449

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-4948.patch   | 38 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4948.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4948.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4948.patch
new file mode 100644
index 0000000000..b15b8c763d
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4948.patch
@@ -0,0 +1,38 @@
+From dfdc9b3cc73e6fe88cc12792ba00e14642572339 Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Thu, 15 May 2025 17:49:11 +0200
+Subject: [PATCH] soup-multipart: Verify boundary limits for multipart body
+
+It could happen that the boundary started at a place which resulted into
+a negative number, which in an unsigned integer is a very large value.
+Check the body size is not a negative value before setting it.
+
+Closes https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
+
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/463>
+
+CVE: CVE-2025-4948
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/463/diffs?commit_id=f2f28afe0b3b2b3009ab67d6874457ec6bac70c0]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-multipart.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
+index dd93973..ce2fc10 100644
+--- a/libsoup/soup-multipart.c
++++ b/libsoup/soup-multipart.c
+@@ -214,7 +214,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers,
+ 		 */
+ 		part_body = soup_buffer_new_subbuffer (flattened,
+ 						       split - flattened->data,
+-						       end - 2 - split);
++						       end - 2 >= split ? end - 2 - split : 0);
+ 		g_ptr_array_add (multipart->bodies, part_body);
+ 
+ 		start = end;
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index b771805723..911d95901e 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -35,6 +35,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2024-52531-2.patch \
            file://CVE-2025-4476.patch \
            file://CVE-2025-32907.patch \
+           file://CVE-2025-4948.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:32 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64731
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2DC22C677C4
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:28 +0000 (UTC)
Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com
 [209.85.214.181])
 by mx.groups.io with SMTP id smtpd.web10.91293.1749571765066974713
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:25 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=vvqHijHK;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f181.google.com with SMTP id
 d9443c01a7336-234fcadde3eso66503225ad.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571764;
 x=1750176564; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=OmUduIBM+HbdREk56fWYnEa2ynKE99Oi0P5HZ69BRb8=;
        b=vvqHijHKIvap0XVEZI+HlAzsdfoajUdNXv3S1ROyCz0pFNkGUjZJEBBGYyG1+DdjoS
         87iLjX3ryOdWvzhfXYZ/aZX9n2yxj8K748PEr+6ORPAcVp/2r2frnPDFw/V+Lp/cnP6H
         r95Kb7IyobPVmzBZtXFHi9vNNdZXsLVO0HJ8mBLGbkdo2c87jJOYQS0B56OdWSfedE2R
         ySo1pTfJW/0N9wYGdONC2k1/ybhtAfl6FyOuXPBZqdmA3lTytGJyUCHCDdMqZVO6ozSC
         jpjq7A1shcMy62PnACkspeQpDvQNUw97hmpRXxz87ovhdUvBVX6p5NF6HsKz7SuW2LRe
         6xwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571764; x=1750176564;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=OmUduIBM+HbdREk56fWYnEa2ynKE99Oi0P5HZ69BRb8=;
        b=oc/s3eiwiBmiv+mi14kEz/j/IdHXvZY7p/gKShkTcWhnHvSI8qT9kEvSAvyNAy1iCc
         hmWfTmOxRMplv781dthIAW6r8LXo4uAYQG32tppvufB95vfG+WoWM8SWhHEUYO65qCfG
         6F7iWp3klhR6EhGvVGs4DaLRpUE1Z1NPcCu/Dn8jxdG7cYBHuc/JDCFqQwuxJBE+GtSf
         jr3U7kmCJ+fm6ij8veUVA2k3xe7TzbM9SD6vSLqu7UHiAtellNBk6pDf4xgLOoDwlbU3
         WWyWKJW6/qi0O52TTo+snWQa5LQIGUMULgrNxs4oYp6aE/xdc4758GJAD5h9+OayzjBh
         nynw==
X-Gm-Message-State: AOJu0YzSRUkGcThMJBLtuOgU5lCw3DESuuERKcbtoG0BHcZyOW9XPC1c
	5bhD4VhL32MJJB2/ygC1olZZn5+dX6hSF6FTWHPchHySyBFQ9DRfOU2E8pyALI6ZUE1qjiGF8ZL
	AThC0
X-Gm-Gg: ASbGncvYxmmMMduHqxpC5D5lWGAczhrQvlzepVL5XmL6xfHAXpbs8wiUShe6ISx8/GO
	WPA1Jfr0QuZZFDV3J8PLGN4GqhRz3jEcQQ4zzvn44bots5l2CvmdCQDRvUAZmFGj9nc2gcadYun
	GOMCe9K4rj8TFxNdRiKPoWt5bdUS7dS5QOK99zqmKFbG4dDu9JmLduL0Yeco7gXiGbIKAOtRJVm
	ooSNdWPwx8Czq7q41Ikps+b1yNq7pf7aiIAk+X0Bt2rAIBWJ88Pv2ho0ZK8lcLIrWkJS0/FRHRN
	hKABwetJaxscL8SKAcHSSXE88Z8IAUGCDdQXDEyCXJrRn0z+4f/DeA==
X-Google-Smtp-Source: 
 AGHT+IGsZiNxm6o7CY7Fi9Mm86a2+ggshTRwhSvY3o7Omaf/ek9J/xr+NI2yJ//XoG+wDOxplVuGPg==
X-Received: by 2002:a17:902:ccd2:b0:235:779:ede3 with SMTP id
 d9443c01a7336-23601dc0173mr270264175ad.41.1749571763210;
        Tue, 10 Jun 2025 09:09:23 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.22
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:22 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 19/32] libsoup-2.4: fix CVE-2025-4969
Date: Tue, 10 Jun 2025 09:08:32 -0700
Message-ID: 
 <e6f07ad948254c445bc9f5c94211148c8b7b7a68.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218388

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/447

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-4969.patch   | 37 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch
new file mode 100644
index 0000000000..7bc3e8da99
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch
@@ -0,0 +1,37 @@
+From a7d0c58608ed830bedfb6b92aea11e00feb55aa9 Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Mon, 19 May 2025 17:48:27 +0200
+Subject: [PATCH] soup-multipart: Verify array bounds before accessing its
+ members
+
+The boundary could be at a place which, calculated, pointed
+before the beginning of the array. Check the bounds, to avoid
+read out of the array bounds.
+
+Closes https://gitlab.gnome.org/GNOME/libsoup/-/issues/447
+
+CVE: CVE-2025-4969
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/467/diffs?commit_id=b5b4dd10d4810f0c87b4eaffe88504f06e502f33]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-multipart.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
+index ce2fc10..a29cdf0 100644
+--- a/libsoup/soup-multipart.c
++++ b/libsoup/soup-multipart.c
+@@ -108,7 +108,7 @@ find_boundary (const char *start, const char *end,
+ 			continue;
+ 
+ 		/* Check that it's at start of line */
+-		if (!(b == start || (b[-1] == '\n' && b[-2] == '\r')))
++		if (!(b == start || (b - start >= 2 && b[-1] == '\n' && b[-2] == '\r')))
+ 			continue;
+ 
+ 		/* Check for "--" or "\r\n" after boundary */
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 911d95901e..e005e7200e 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -36,6 +36,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-4476.patch \
            file://CVE-2025-32907.patch \
            file://CVE-2025-4948.patch \
+           file://CVE-2025-4969.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 

From patchwork Tue Jun 10 16:08:33 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64735
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3CBE5C5B543
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:28 +0000 (UTC)
Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com
 [209.85.214.173])
 by mx.groups.io with SMTP id smtpd.web11.90704.1749571765634621497
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:25 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=GJt04poh;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f173.google.com with SMTP id
 d9443c01a7336-2353a2bc210so49232205ad.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571765;
 x=1750176565; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=cxhnCTXfGyGeMr9FOCqVtabOlvCxnqhzGzPbUzmBc1g=;
        b=GJt04pohMuBomdIBdlhczw/TuumaTMSPw3VAWv29ES7k1XeTAPRzPxRrs41TUMTWe2
         Mr3st49SEo76DQdOtQKwnLWAZpJDiM/N24oZXKLWpBDmTn3iOJJIHfu/bKTnLPG2Evll
         +5i68BOneIq6gwgzVVmNq2xuMDXchLBET2mqPu98qhaBR1NmwnNK0Cm+vMOMupDgcwAU
         ycor8iXWwedjSbwJH1g1CNT9ZoW1FTd6ANqJRyOj8O6QY9aJMb2Q4FZHm1WlqekC7uMK
         PHy0XmQKFeykt0W4dWCUlgToAvSDo5OeWo9Y4g/tyT1V3Kxrkv3lDR7+yIJGkSKLZRMS
         C4XQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571765; x=1750176565;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=cxhnCTXfGyGeMr9FOCqVtabOlvCxnqhzGzPbUzmBc1g=;
        b=MGStH7l2P1Ec0MmwJjnchj5w+KbXSOSGNxLG8tJTiAWnrhcgYwDOoXqHY1g5rs+jgJ
         u/0waYD8WNF0NDOS/sr5+9awRJdpTmLXfDWGvzua/p8Rf3aV06c6HflcYjEXYsqf+S6x
         X9DDFzpK4SpXXiNWpXWXal8vbFv0SySSpzH582HbDO24Q9Lze4YWs4Ad2AgHNYW+5Jfn
         hmM5Ii80v5vXpjdlcY2jklGM6fCzgH1TZcphAktMAf5YdF5dmHgXEyeHAlab1zX23LSu
         OHZLqXU0g18919z7rGB2WZIVMe+z+GwdjAQs2+PSRoDjTZfh5WF5lDm7G+cYU8ePq/5V
         VDJw==
X-Gm-Message-State: AOJu0YyqjB9fN3ySONRgCOkoKdECVzO8JIketvw+srASyZEyGiPHx8+F
	x+A8z4y3z5lh5/oIX8YmFPqxKCK4tC6UcmwhnnOy6iKF3AUr9sMKrQGJsVCnvgayfywwJBC/Dal
	JX0Xw
X-Gm-Gg: ASbGncvHRlk+KZhkKdHbXhTpOkzRjxV466nB4oRUpnkwWCgt+WgLNocRgVoBWwMF1R/
	hlW+sLiV5OxtS+UtGDsbZRiHLT3I4Ms7lUzwCSV261pHYf1z4Ggg1JPKHEXcQSzeLU4efcouQ9W
	8/kuUIY5gyaCtCnpaTtpc+2KX/vFwyrxWGPrHipJ2XcYNBsD6urhYyoiIL4v96Buo6Kt08fhiG0
	AjXk5oDbNmz3fZdeW9WIQX1D6w1699IiTzQwKdCXQT2W6+UmsyoAaUoElqolfod4T5utrxUZEYV
	1PKvsfAOgKp1nx3a9zWkqLriAfRH5CNLDE5dJ/o9okt23a9XdWRbcA==
X-Google-Smtp-Source: 
 AGHT+IE5uo9/pkN3WF9SM948OZcxq/FikltIEJr4NQqK5Ap0Y4KyT9+Xf67U5SfeqExVtE7Ss1TWRQ==
X-Received: by 2002:a17:902:f651:b0:235:225d:30a2 with SMTP id
 d9443c01a7336-23601dc467dmr263818305ad.48.1749571764644;
        Tue, 10 Jun 2025 09:09:24 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.24
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:24 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 20/32] libsoup: fix CVE-2025-32914
Date: Tue, 10 Jun 2025 09:08:33 -0700
Message-ID: 
 <323ee2ba9008eb1bdcd1082ca2a8952e30a8e333.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218389

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/436

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup/CVE-2025-32914.patch      | 112 ++++++++++++++++++
 meta/recipes-support/libsoup/libsoup_3.6.5.bb |   3 +-
 2 files changed, 114 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32914.patch

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32914.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32914.patch
new file mode 100644
index 0000000000..c899347ebf
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32914.patch
@@ -0,0 +1,112 @@
+From 020d19f22b7e55f44febd17e237982665323e0bc Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 15 Apr 2025 09:03:00 +0200
+Subject: [PATCH] multipart: Fix read out of buffer bounds under
+ soup_multipart_new_from_message()
+
+This is CVE-2025-32914, special crafted input can cause read out of buffer bounds
+of the body argument.
+
+Closes #436
+
+CVE: CVE-2025-32914
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/450/diffs?commit_id=5bfcf8157597f2d327050114fb37ff600004dbcf]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-multipart.c |  2 +-
+ tests/multipart-test.c   | 58 ++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 59 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
+index 2421c91..102ce37 100644
+--- a/libsoup/soup-multipart.c
++++ b/libsoup/soup-multipart.c
+@@ -173,7 +173,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers,
+ 			return NULL;
+ 		}
+ 
+-		split = strstr (start, "\r\n\r\n");
++		split = g_strstr_len (start, body_end - start, "\r\n\r\n");
+ 		if (!split || split > end) {
+ 			soup_multipart_free (multipart);
+ 			return NULL;
+diff --git a/tests/multipart-test.c b/tests/multipart-test.c
+index 2c0e7e9..f5b9868 100644
+--- a/tests/multipart-test.c
++++ b/tests/multipart-test.c
+@@ -471,6 +471,62 @@ test_multipart (gconstpointer data)
+ 	loop = NULL;
+ }
+ 
++static void
++test_multipart_bounds_good (void)
++{
++	#define TEXT "line1\r\nline2"
++	SoupMultipart *multipart;
++	SoupMessageHeaders *headers, *set_headers = NULL;
++	GBytes *bytes, *set_bytes = NULL;
++	const char *raw_data = "--123\r\nContent-Type: text/plain;\r\n\r\n" TEXT "\r\n--123--\r\n";
++	gboolean success;
++
++	headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
++	soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
++
++	bytes = g_bytes_new (raw_data, strlen (raw_data));
++
++	multipart = soup_multipart_new_from_message (headers, bytes);
++
++	g_assert_nonnull (multipart);
++	g_assert_cmpint (soup_multipart_get_length (multipart), ==, 1);
++	success = soup_multipart_get_part (multipart, 0, &set_headers, &set_bytes);
++	g_assert_true (success);
++	g_assert_nonnull (set_headers);
++	g_assert_nonnull (set_bytes);
++	g_assert_cmpint (strlen (TEXT), ==, g_bytes_get_size (set_bytes));
++	g_assert_cmpstr ("text/plain", ==, soup_message_headers_get_content_type (set_headers, NULL));
++	g_assert_cmpmem (TEXT, strlen (TEXT), g_bytes_get_data (set_bytes, NULL), g_bytes_get_size (set_bytes));
++
++	soup_message_headers_unref (headers);
++	g_bytes_unref (bytes);
++
++	soup_multipart_free (multipart);
++
++	#undef TEXT
++}
++
++static void
++test_multipart_bounds_bad (void)
++{
++	SoupMultipart *multipart;
++	SoupMessageHeaders *headers;
++	GBytes *bytes;
++	const char *raw_data = "--123\r\nContent-Type: text/plain;\r\nline1\r\nline2\r\n--123--\r\n";
++
++	headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
++	soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
++
++	bytes = g_bytes_new (raw_data, strlen (raw_data));
++
++	/* it did read out of raw_data/bytes bounds */
++	multipart = soup_multipart_new_from_message (headers, bytes);
++	g_assert_null (multipart);
++
++	soup_message_headers_unref (headers);
++	g_bytes_unref (bytes);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -498,6 +554,8 @@ main (int argc, char **argv)
+ 	g_test_add_data_func ("/multipart/sync", GINT_TO_POINTER (SYNC_MULTIPART), test_multipart);
+ 	g_test_add_data_func ("/multipart/async", GINT_TO_POINTER (ASYNC_MULTIPART), test_multipart);
+ 	g_test_add_data_func ("/multipart/async-small-reads", GINT_TO_POINTER (ASYNC_MULTIPART_SMALL_READS), test_multipart);
++	g_test_add_func ("/multipart/bounds-good", test_multipart_bounds_good);
++	g_test_add_func ("/multipart/bounds-bad", test_multipart_bounds_bad);
+ 
+ 	ret = g_test_run ();
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.6.5.bb b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
index fbe9a79b0f..2faf50c223 100644
--- a/meta/recipes-support/libsoup/libsoup_3.6.5.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
@@ -11,7 +11,8 @@ DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl nghttp2"
 
 SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
 
-SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz"
+SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
+           file://CVE-2025-32914.patch"
 SRC_URI[sha256sum] = "6891765aac3e949017945c3eaebd8cc8216df772456dc9f460976fbdb7ada234"
 
 PROVIDES = "libsoup-3.0"

From patchwork Tue Jun 10 16:08:34 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64733
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 43D64C71130
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:28 +0000 (UTC)
Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com
 [209.85.214.170])
 by mx.groups.io with SMTP id smtpd.web10.91294.1749571767063396065
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:27 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=uuj9UYGH;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.170,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f170.google.com with SMTP id
 d9443c01a7336-235a3dd4f0dso39154005ad.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571766;
 x=1750176566; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=dfARp/cjMYY+cmOQVPMhHspBTdM62bixLhapwQ6Vbxg=;
        b=uuj9UYGH2haNzRTgXKwpg7qlPP1Z8E9vvlbxfKHv2+oaZpaJcuAfxkfEIOXUvCcaZX
         yxDHSKT6nlX7ttxmmKqyFsDpyWI/x0yLMgx0+WXOY/GIZcECKQ67Wnqu+4QEfk7J2f7B
         g2iarxAXliHu58ev3vvwT9damtGFv2lnMwubzSh6WssCdSefnpEzCSP+9yNcriRBTijj
         k0YjF39kDR1kdqrXKpGMODGT5eo2wH2DJkADQQxErY70by0VnBLN0a3BrGWIGfcoYRNW
         toJNEyMt5qjt/PiiNTmUFRHsdzoeoqnWFYRQ9qzxMbZgiDZouBovKHl18Fcb5drXEgMc
         nVVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571766; x=1750176566;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=dfARp/cjMYY+cmOQVPMhHspBTdM62bixLhapwQ6Vbxg=;
        b=F7p3B2uY52WoLcuUZqWaLmLKwVXkGzCR5YsjN9mcQeYYbi4OBWA1RPFQvCy+7sfpVC
         ShHJiwtZ1MmF6D7l11vwpzCt5xs36v+JCMF68HC6capMNsvzH+alCyyVHTS54IYTGVTD
         HV+4nCfDz6Ht82BbA947n3l2NEUVrMRElmjbK7rMQGeQFkQDRDBTYaG23uAlYVZFklUy
         OetaY3mjmPQVKen8CP7LChd6+Cs6BlC/LS/tDX09cNw8cRzcrt3eLondCHuP0suZejlF
         ROSUMrASxj9YzABdShq8HlaL1x/KNWD/MQpaFzgPrpgzUaELmidNF0bvBSSANjiI1Awl
         rWpg==
X-Gm-Message-State: AOJu0YwqOY/TIFEcmRjsotRMOU8pRECo9yJbtaq0Ig6ifUpB6ipa6kJ8
	TZcHiVjQXh0oblcCdzb0D4r7OvE8EU9E490vclm1eA+BpQobkyLuFIaXLzx/j/jAry8RgcQV2Hc
	3J7qk
X-Gm-Gg: ASbGncsIZ4CW/rnyyHaEEzoG9QCg1XhnpVeXhc84DLLHx0rSc9UBOgefT04eK3cvDk8
	nduufUeHJcD9AqLB1IrLqvJnsoS1VVv0S7S2f+7Mn0hp7TqvV9/MDTmnNhLFkDmjutQhq5JNyYb
	jNa9wizB1RLbn7PrjgtcQjDXYrjPHfTBhmMYfmb0PGKWPxPGEzgi03/XcukQJxuCtPbuZO1Pb8M
	OnMbUUW3ymPlzNIkqiin6JuUmWUUmVHZpaRLG+fvBa+oWZAIyH9DGnOwo16CFsSaOuRPuhoohxI
	cycRay0glP77nh35F+cqXoTJiTvNGew/rxpbSyJjy8o4q3SXKCSjRA==
X-Google-Smtp-Source: 
 AGHT+IHz1ZbqDsMU2M/rI8VEDQXjc/O7UJNp27zs0CTd9NpIKyj6sFAOGqh0WXqYdWxojqBto8/Qfw==
X-Received: by 2002:a17:902:cec6:b0:235:6e1:3edf with SMTP id
 d9443c01a7336-23640cce164mr6335425ad.34.1749571766072;
        Tue, 10 Jun 2025 09:09:26 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.25
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:25 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 21/32] libsoup: fix CVE-2025-4476
Date: Tue, 10 Jun 2025 09:08:34 -0700
Message-ID: 
 <0b93d8cedfd102fcd723786b975a5cf684c2b0e8.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218390

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/440

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup/CVE-2025-4476.patch       | 39 +++++++++++++++++++
 meta/recipes-support/libsoup/libsoup_3.6.5.bb |  3 +-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch
new file mode 100644
index 0000000000..d0b1f12709
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch
@@ -0,0 +1,39 @@
+From 71d33e37139fee6216ad2bf4e926f987076a6cff Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Thu, 8 May 2025 09:27:01 -0500
+Subject: [PATCH] auth-digest: fix crash in
+ soup_auth_digest_get_protection_space()
+
+We need to validate the Domain parameter in the WWW-Authenticate header.
+
+Unfortunately this crash only occurs when listening on default ports 80
+and 443, so there's no good way to test for this. The test would require
+running as root.
+
+Fixes #440
+
+CVE: CVE-2025-4476
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/457/diffs?commit_id=e64c221f9c7d09b48b610c5626b3b8c400f0907c]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.c
+---
+ libsoup/auth/soup-auth-digest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index d8bb291..292f204 100644
+--- a/libsoup/auth/soup-auth-digest.c
++++ b/libsoup/auth/soup-auth-digest.c
+@@ -220,7 +220,7 @@ soup_auth_digest_get_protection_space (SoupAuth *auth, GUri *source_uri)
+ 			if (uri &&
+                             g_strcmp0 (g_uri_get_scheme (uri), g_uri_get_scheme (source_uri)) == 0 &&
+ 			    g_uri_get_port (uri) == g_uri_get_port (source_uri) &&
+-			    !strcmp (g_uri_get_host (uri), g_uri_get_host (source_uri)))
++			    !g_strcmp0 (g_uri_get_host (uri), g_uri_get_host (source_uri)))
+ 				dir = g_strdup (g_uri_get_path (uri));
+ 			else
+ 				dir = NULL;
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.6.5.bb b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
index 2faf50c223..2bed009e0a 100644
--- a/meta/recipes-support/libsoup/libsoup_3.6.5.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
@@ -12,7 +12,8 @@ DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl nghttp2"
 SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
 
 SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
-           file://CVE-2025-32914.patch"
+           file://CVE-2025-32914.patch \
+           file://CVE-2025-4476.patch"
 SRC_URI[sha256sum] = "6891765aac3e949017945c3eaebd8cc8216df772456dc9f460976fbdb7ada234"
 
 PROVIDES = "libsoup-3.0"

From patchwork Tue Jun 10 16:08:35 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64738
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 50309C5B543
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:38 +0000 (UTC)
Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com
 [209.85.214.177])
 by mx.groups.io with SMTP id smtpd.web10.91295.1749571768766793676
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:28 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=3Wqziu40;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f177.google.com with SMTP id
 d9443c01a7336-235a3dd4f0dso39154315ad.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571768;
 x=1750176568; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=iuLpLpkuw2tvTmp3ZciH1Kw+Drrs4lUluF2gpcGvh7w=;
        b=3Wqziu40BX8OI3UP3wg1ZTQlzKqo9wtkBfiUoRV4VIoWKgAn5yJwXh6wQ81Jeq19+C
         L/LWYZ89b0wE+V5+0X/hvautFTCKO7r6fssXueHYdKTbymOK1qOwyHar4ZZLqUDBpaW5
         CsNc++QAtYDx4g0/Y4MpLL4AbO+Da8xEFhOz5DsN1AMRi8fxQFnowp+GVZny/4qlShSz
         dJYThCs2Ceky0mrQg/SP5mOk51nppNGL6jdcXG9ThGVBODTGxrQbWBTSiWRtOMVlUrml
         pEeeYEBWdoqLKtpqpYLub1UshKmOfv+RX0UijZBrjYUcX1y/cqfF3OwYFchwEV4g60cm
         gj/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571768; x=1750176568;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=iuLpLpkuw2tvTmp3ZciH1Kw+Drrs4lUluF2gpcGvh7w=;
        b=EKzzzg1SW5bpBVCo7mhVDsYePQySukKks2AIifh8pYuZ9rHD/BuI/pzaaptRTh7lbH
         zjihT8JVWPnuPhn55IR/XuPHX8awIQ6ocB51tReHJIibEXHuR5jAEJ1+qhVe3pHIemRN
         PJvu+oSinvPCxgMZ1OSKLDImS4FLgfUZbS3iDklAHfwHLlUUTfyEz63RONtozNra7RUB
         gmtPXQNPrvC0iK/vbpFmLiIaSI/6gT/lQnImgcTnBM3A02RgMdF/BkfEPCfzf3l/lIT3
         cW25BHjkQgjdjj5QMGk3eJWPdwwkFpoJNo0H2XkC9B8pdjTyHjhUVIiRnwYL9U7Dqwel
         x+vg==
X-Gm-Message-State: AOJu0YwpLIaE8JM0ey3V6AeYPmArxUOIShMh+yhQFemYgsZU8mjqfBFu
	sotCg8fVc4yCVoxcEQo5JHnu3Vfj3skrqd6licRsRYpcbgv/cC/DgygZ+fVTnmn4fpn9UBaRbCY
	V/g9Y
X-Gm-Gg: ASbGncvvz8owqzryUZXW3bDnGeXxYXaCX5zXRsJka4vpKzw825MMZLwv/Ws2eubr1sX
	U3sB1z64/jDeAmvrzTV3ZEsR2dj/fv/rggX0VSYNGBE4rxmY4qQH0Ylj/LFckJv4uVhz/o5VjoL
	VCj8Z9AkLAohGyhdVvznxAwoABni9JtfSqv1zM4MHrgbjkQp5dEJdkNyhAtchO1/HYPmmhFUn88
	6fWMwX8E0Z2iKFvo8T9U1BVjabGpW4sDvHrHIuiVztJkqFnx4mvzbjILJgHE9lzNPqxq/MwRt1H
	PlxFloVJ8Ij/IXSmC0cTl7GYIWXf1D65BQg50myiy9wW85XA8XiS8w==
X-Google-Smtp-Source: 
 AGHT+IHsfCFugYGBYanglV5ctkQx2iRpobCIJp30fs3VAK7YutLC6J0pLBC0r64GwpN19SeHqUPnxA==
X-Received: by 2002:a17:903:19c6:b0:231:9902:1519 with SMTP id
 d9443c01a7336-23640cf0948mr6030535ad.39.1749571767687;
        Tue, 10 Jun 2025 09:09:27 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.27
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:27 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 22/32] libsoup: fix CVE-2025-32907
Date: Tue, 10 Jun 2025 09:08:35 -0700
Message-ID: 
 <fd541857dddeb8cf1da03c50a1087b65deb728ed.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:38 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218391

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/429

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup/CVE-2025-32907-1.patch    | 200 ++++++++++++++++++
 .../libsoup/libsoup/CVE-2025-32907-2.patch    |  68 ++++++
 meta/recipes-support/libsoup/libsoup_3.6.5.bb |   4 +-
 3 files changed, 271 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32907-1.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32907-1.patch
new file mode 100644
index 0000000000..41b7d276a4
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32907-1.patch
@@ -0,0 +1,200 @@
+From 7507b0713c2f02af1cd561ebb99477e0a099419d Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 15 Apr 2025 12:17:39 +0200
+Subject: [PATCH 1/2] soup-message-headers: Correct merge of ranges
+
+It had been skipping every second range, which generated an array
+of a lot of insane ranges, causing large memory usage by the server.
+
+Closes #428
+
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>
+
+CVE: CVE-2025-32907
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-message-headers.c |   1 +
+ tests/meson.build              |   1 +
+ tests/server-mem-limit-test.c  | 144 +++++++++++++++++++++++++++++++++
+ 3 files changed, 146 insertions(+)
+ create mode 100644 tests/server-mem-limit-test.c
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index ee7a3cb..f101d4b 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -1244,6 +1244,7 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders  *hdrs,
+ 			if (cur->start <= prev->end) {
+ 				prev->end = MAX (prev->end, cur->end);
+ 				g_array_remove_index (array, i);
++				i--;
+ 			}
+ 		}
+ 	}
+diff --git a/tests/meson.build b/tests/meson.build
+index ee118a0..8e7b51d 100644
+--- a/tests/meson.build
++++ b/tests/meson.build
+@@ -102,6 +102,7 @@ tests = [
+   {'name': 'samesite'},
+   {'name': 'session'},
+   {'name': 'server-auth'},
++  {'name': 'server-mem-limit'},
+   {'name': 'server'},
+   {'name': 'sniffing',
+     'depends': [test_resources],
+diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c
+new file mode 100644
+index 0000000..98f1c40
+--- /dev/null
++++ b/tests/server-mem-limit-test.c
+@@ -0,0 +1,144 @@
++/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
++/*
++ * Copyright (C) 2025 Red Hat <www.redhat.com>
++ */
++
++#include "test-utils.h"
++
++#include <sys/resource.h>
++
++/*
++ This test limits memory usage to trigger too large buffer allocation crash.
++ As restoring the limits back to what it was does not always work, it's split
++ out of the server-test.c test with copied minimal server code.
++ */
++
++typedef struct {
++	SoupServer *server;
++	GUri *base_uri, *ssl_base_uri;
++	GSList *handlers;
++} ServerData;
++
++static void
++server_setup_nohandler (ServerData *sd, gconstpointer test_data)
++{
++	sd->server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
++	sd->base_uri = soup_test_server_get_uri (sd->server, "http", NULL);
++	if (tls_available)
++		sd->ssl_base_uri = soup_test_server_get_uri (sd->server, "https", NULL);
++}
++
++static void
++server_add_handler (ServerData         *sd,
++		    const char         *path,
++		    SoupServerCallback  callback,
++		    gpointer            user_data,
++		    GDestroyNotify      destroy)
++{
++	soup_server_add_handler (sd->server, path, callback, user_data, destroy);
++	sd->handlers = g_slist_prepend (sd->handlers, g_strdup (path));
++}
++
++static void
++server_setup (ServerData *sd, gconstpointer test_data)
++{
++	server_setup_nohandler (sd, test_data);
++}
++
++static void
++server_teardown (ServerData *sd, gconstpointer test_data)
++{
++	GSList *iter;
++
++	for (iter = sd->handlers; iter; iter = iter->next)
++		soup_server_remove_handler (sd->server, iter->data);
++	g_slist_free_full (sd->handlers, g_free);
++
++	g_clear_pointer (&sd->server, soup_test_server_quit_unref);
++	g_clear_pointer (&sd->base_uri, g_uri_unref);
++	g_clear_pointer (&sd->ssl_base_uri, g_uri_unref);
++}
++
++static void
++server_file_callback (SoupServer        *server,
++		      SoupServerMessage *msg,
++		      const char        *path,
++		      GHashTable        *query,
++		      gpointer           data)
++{
++	void *mem;
++
++	g_assert_cmpstr (path, ==, "/file");
++	g_assert_cmpstr (soup_server_message_get_method (msg), ==, SOUP_METHOD_GET);
++
++	mem = g_malloc0 (sizeof (char) * 1024 * 1024);
++	/* fedora-scan CI claims a warning about possibly leaked `mem` variable, thus use
++	   the copy and free it explicitly, to workaround the false positive; the g_steal_pointer()
++	   did not help for the malloc-ed memory */
++	soup_server_message_set_response (msg, "application/octet-stream", SOUP_MEMORY_COPY, mem, sizeof (char) * 1024 *1024);
++	soup_server_message_set_status (msg, SOUP_STATUS_OK, NULL);
++	g_free (mem);
++}
++
++static void
++do_ranges_overlaps_test (ServerData *sd, gconstpointer test_data)
++{
++	SoupSession *session;
++	SoupMessage *msg;
++	GString *range;
++	GUri *uri;
++	const char *chunk = ",0,0,0,0,0,0,0,0,0,0,0";
++
++	g_test_bug ("428");
++
++	#ifdef G_OS_WIN32
++	g_test_skip ("Cannot run under windows");
++	return;
++	#endif
++
++	range = g_string_sized_new (99 * 1024);
++	g_string_append (range, "bytes=1024");
++	while (range->len < 99 * 1024)
++		g_string_append (range, chunk);
++
++	session = soup_test_session_new (NULL);
++	server_add_handler (sd, "/file", server_file_callback, NULL, NULL);
++
++	uri = g_uri_parse_relative (sd->base_uri, "/file", SOUP_HTTP_URI_FLAGS, NULL);
++
++	msg = soup_message_new_from_uri ("GET", uri);
++	soup_message_headers_append (soup_message_get_request_headers (msg), "Range", range->str);
++
++	soup_test_session_send_message (session, msg);
++
++	soup_test_assert_message_status (msg, SOUP_STATUS_PARTIAL_CONTENT);
++
++	g_object_unref (msg);
++
++	g_string_free (range, TRUE);
++	g_uri_unref (uri);
++
++	soup_test_session_abort_unref (session);
++}
++
++int
++main (int argc, char **argv)
++{
++	int ret;
++
++	test_init (argc, argv, NULL);
++
++	#ifndef G_OS_WIN32
++	struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 };
++	/* limit memory usage, to trigger too large memory allocation abort */
++	g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0);
++	#endif
++
++	g_test_add ("/server-mem/range-overlaps", ServerData, NULL,
++		    server_setup, do_ranges_overlaps_test, server_teardown);
++
++	ret = g_test_run ();
++
++	test_cleanup ();
++	return ret;
++}
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch
new file mode 100644
index 0000000000..9c838a55af
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32907-2.patch
@@ -0,0 +1,68 @@
+From f31dfc357ffdd8d18d3593a06cd4acb888eaba70 Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 13 May 2025 14:20:46 +0200
+Subject: [PATCH 2/2] server-mem-limit-test: Limit memory usage only when not
+ built witha sanitizer
+
+A build with -Db_sanitize=address crashes with failed mmap(), which is done
+inside libasan. The test requires 20.0TB of virtual memory when running with
+the sanitizer, which is beyond unsigned integer limits and may not trigger
+the bug anyway.
+
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>
+
+CVE: CVE-2025-32907
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ meson.build                   |  4 ++++
+ tests/server-mem-limit-test.c | 13 +++++++++----
+ 2 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index d4110da..74323ea 100644
+--- a/meson.build
++++ b/meson.build
+@@ -357,6 +357,10 @@ configinc = include_directories('.')
+ 
+ prefix = get_option('prefix')
+ 
++if get_option('b_sanitize') != 'none'
++  cdata.set_quoted('B_SANITIZE_OPTION', get_option('b_sanitize'))
++endif
++
+ cdata.set_quoted('PACKAGE_VERSION', soup_version)
+ cdata.set_quoted('LOCALEDIR', join_paths(prefix, get_option('localedir')))
+ cdata.set_quoted('GETTEXT_PACKAGE', libsoup_api_name)
+diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c
+index 98f1c40..65dc875 100644
+--- a/tests/server-mem-limit-test.c
++++ b/tests/server-mem-limit-test.c
+@@ -126,14 +126,19 @@ main (int argc, char **argv)
+ {
+ 	int ret;
+ 
+-	test_init (argc, argv, NULL);
+-
+-	#ifndef G_OS_WIN32
+-	struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 };
++	/* a build with an address sanitizer may crash on mmap() with the limit,
++	   thus skip the limit set in such case, even it may not necessarily
++	   trigger the bug if it regresses */
++	#if !defined(G_OS_WIN32) && !defined(B_SANITIZE_OPTION)
++	struct rlimit new_rlimit = { 1024UL * 1024UL * 1024UL * 2UL, 1024UL * 1024UL * 1024UL * 2UL };
+ 	/* limit memory usage, to trigger too large memory allocation abort */
+ 	g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0);
++	#else
++	g_message ("server-mem-limit-test: Running without memory limit");
+ 	#endif
+ 
++	test_init (argc, argv, NULL);
++
+ 	g_test_add ("/server-mem/range-overlaps", ServerData, NULL,
+ 		    server_setup, do_ranges_overlaps_test, server_teardown);
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.6.5.bb b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
index 2bed009e0a..3cd4342bd4 100644
--- a/meta/recipes-support/libsoup/libsoup_3.6.5.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
@@ -13,7 +13,9 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
 
 SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32914.patch \
-           file://CVE-2025-4476.patch"
+           file://CVE-2025-4476.patch \
+           file://CVE-2025-32907-1.patch \
+           file://CVE-2025-32907-2.patch"
 SRC_URI[sha256sum] = "6891765aac3e949017945c3eaebd8cc8216df772456dc9f460976fbdb7ada234"
 
 PROVIDES = "libsoup-3.0"

From patchwork Tue Jun 10 16:08:36 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64740
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6A46BC71133
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:38 +0000 (UTC)
Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com
 [209.85.215.178])
 by mx.groups.io with SMTP id smtpd.web11.90706.1749571769940290230
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:30 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=PBvhl6zc;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f178.google.com with SMTP id
 41be03b00d2f7-879d2e419b9so4935115a12.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571769;
 x=1750176569; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=mZ67EFYr/BX4qNgDEdZ8MOxk1Co4uh4BfsmAbmUCefQ=;
        b=PBvhl6zcheEkFt8CUJA5b0O4OLcBPMSM0eXdAoAcsLelA82YYvLY/G/g9iPrg4uhrG
         yTl7i/XN4K86kdTJVwpgGYOiFvFkuGoUg5JDCn1l4Jhone1RcOXxMkZe4kNBFKjXdjps
         +8T2SYc7T9nmElF8VWs3N2QLk3BIOasVu8e3501CxkNA3qopaYuG7jtKIFY1CRlE8v7Y
         ar858l+J/VJuOm5hG8ys+7OD6gLYHa+oOO1fkhQ9r+WjoA7bIdYbNto6z+EhRE7MhMCg
         0Ce6gi5RaV4V2X9jy/5VsX5WH4Rbljpk16wgM6EHI4aKAiG8V45XRyMdl8vr29yYFZus
         Ch/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571769; x=1750176569;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=mZ67EFYr/BX4qNgDEdZ8MOxk1Co4uh4BfsmAbmUCefQ=;
        b=ucGfXGzArBwrp0GkfAe6nhOMUYvRnoJem36ClZUhcyJGt9KEzm4lvgHXD981asW13X
         rnP9XHOnEjT7u5yCiiLES9H+KGKt3AHLhW28wrrzA/FhLo/N/i1nfznUnj26UiIHk1t4
         ueYSY+XhfxkrAZYv8v5+UETzHuXUuwF3WNsSQvBcW/x1NyRmqw6b/Xguu8FLmveKgeAD
         0qibLvGw6ceyBJgqC7hKsZo1ox+AfbDeh+iDamnUH2x7BGPAis1inPkHbcodZUrjkE9m
         IOBjoaLzsjGCGU92xiG1LIWr+6Vnb/9rEDRdotWcdwqux09oRxNHfd6/wVA1riveZ1k2
         tE+w==
X-Gm-Message-State: AOJu0YzZHUire8xyfVUm8Z+dJjdwcYco/R28DC+qkGSEC+LlBhIJ3VIe
	hGOJlpEmAPV6SEkYxuII6sBxEZlLVf09hGJKpJh1TgnbryON367keIYQGVGY/EfhDIHAXaOwJKS
	B7562
X-Gm-Gg: ASbGncuzw4GDOOW3zAVZh8OU/8uoZZ3133NFVG7R95GFo374eLFYLlPgoZpJfAMp/Rd
	gN1zoqnOy6c71TMZgWe0RHBtiXLh59FuKTftNaDbTCUTImtyILrKDxNeHfycMuusAlJ5pZ++oGl
	gZn56iSzZ2J7iGbHcllDe5A/OWoMRl9sC6DJvzx5IPbqGqdDQPxqSaKHgHbLOk1Ek/Bx5NNRiVt
	B2qJFiS+QuSWIQrYE00xegp1vGJ9Ao+cIV0eytTqPeWcQu9p4eyrrrZ/liMpyzunG5NVcMS/CC1
	nBzyIDKTha2kpzkZIxCFu5kM/D2nOojMBt7z1UX2sImfsyX9qWSMHQ==
X-Google-Smtp-Source: 
 AGHT+IGOtrahOvXA+6+Y8MLdtZmu94np4MyxCb4hctYAeC1yIQw0wEwa6DaJYuA4foK5n96mITqDzQ==
X-Received: by 2002:a17:90b:6c4:b0:311:c5d9:2c70 with SMTP id
 98e67ed59e1d1-313af139e4emr207710a91.15.1749571769063;
        Tue, 10 Jun 2025 09:09:29 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.28
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:28 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 23/32] libsoup: fix CVE-2025-32908
Date: Tue, 10 Jun 2025 09:08:36 -0700
Message-ID: 
 <6605a2b1f00e70e0756f73febc73ef01967ecb2a.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:38 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218392

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/429

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup/CVE-2025-32908-1.patch    | 89 +++++++++++++++++++
 .../libsoup/libsoup/CVE-2025-32908-2.patch    | 53 +++++++++++
 meta/recipes-support/libsoup/libsoup_3.6.5.bb |  4 +-
 3 files changed, 145 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32908-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32908-2.patch

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32908-1.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32908-1.patch
new file mode 100644
index 0000000000..8ad0e16d45
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32908-1.patch
@@ -0,0 +1,89 @@
+From 56b8eb061a02c4e99644d6f1e62e601d0d814beb Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 15 Apr 2025 09:59:05 +0200
+Subject: [PATCH 1/2] soup-server-http2: Check validity of the constructed
+ connection URI
+
+The HTTP/2 pseudo-headers can contain invalid values, which the GUri rejects
+and returns NULL, but the soup-server did not check the validity and could
+abort the server itself later in the code.
+
+Closes #429
+
+CVE: CVE-2025-32908
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/451/diffs?commit_id=a792b23ab87cacbf4dd9462bf7b675fa678efbae]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ .../http2/soup-server-message-io-http2.c      |  4 +++
+ tests/http2-test.c                            | 28 +++++++++++++++++++
+ 2 files changed, 32 insertions(+)
+
+diff --git a/libsoup/server/http2/soup-server-message-io-http2.c b/libsoup/server/http2/soup-server-message-io-http2.c
+index 943ecfd..f1fe2d5 100644
+--- a/libsoup/server/http2/soup-server-message-io-http2.c
++++ b/libsoup/server/http2/soup-server-message-io-http2.c
+@@ -771,9 +771,13 @@ on_frame_recv_callback (nghttp2_session     *session,
+                 char *uri_string;
+                 GUri *uri;
+ 
++		if (msg_io->scheme == NULL || msg_io->authority == NULL || msg_io->path == NULL)
++			return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+                 uri_string = g_strdup_printf ("%s://%s%s", msg_io->scheme, msg_io->authority, msg_io->path);
+                 uri = g_uri_parse (uri_string, SOUP_HTTP_URI_FLAGS, NULL);
+                 g_free (uri_string);
++		if (uri == NULL)
++			return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+                 soup_server_message_set_uri (msg_io->msg, uri);
+                 g_uri_unref (uri);
+ 
+diff --git a/tests/http2-test.c b/tests/http2-test.c
+index ef097f4..df86d9b 100644
+--- a/tests/http2-test.c
++++ b/tests/http2-test.c
+@@ -1241,6 +1241,30 @@ do_connection_closed_test (Test *test, gconstpointer data)
+         g_uri_unref (uri);
+ }
+ 
++static void
++do_broken_pseudo_header_test (Test *test, gconstpointer data)
++{
++	char *path;
++	SoupMessage *msg;
++	GUri *uri;
++	GBytes *body = NULL;
++	GError *error = NULL;
++
++	uri = g_uri_parse_relative (base_uri, "/ag", SOUP_HTTP_URI_FLAGS, NULL);
++
++	/* an ugly cheat to construct a broken URI, which can be sent from other libs */
++	path = (char *) g_uri_get_path (uri);
++	path[1] = '%';
++
++	msg = soup_message_new_from_uri (SOUP_METHOD_GET, uri);
++	body = soup_test_session_async_send (test->session, msg, NULL, &error);
++	g_assert_error (error, G_IO_ERROR, G_IO_ERROR_PARTIAL_INPUT);
++	g_assert_null (body);
++	g_clear_error (&error);
++	g_object_unref (msg);
++	g_uri_unref (uri);
++}
++
+ static gboolean
+ unpause_message (SoupServerMessage *msg)
+ {
+@@ -1549,6 +1573,10 @@ main (int argc, char **argv)
+                     setup_session,
+                     do_connection_closed_test,
+                     teardown_session);
++        g_test_add ("/http2/broken-pseudo-header", Test, NULL,
++                    setup_session,
++                    do_broken_pseudo_header_test,
++                    teardown_session);
+ 
+ 	ret = g_test_run ();
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32908-2.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32908-2.patch
new file mode 100644
index 0000000000..b53c7efb7b
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32908-2.patch
@@ -0,0 +1,53 @@
+From aad0dcf22ee9fdfefa6b72055268240cceccfe4c Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Mon, 28 Apr 2025 10:55:42 +0200
+Subject: [PATCH 2/2] soup-server-http2: Correct check of the validity of the
+ constructed connection URI
+
+RFC 5740: the CONNECT has unset the "scheme" and "path", thus allow them unset.
+
+The commit a792b23ab87cacbf4dd9462bf7b675fa678efbae also missed to decrement
+the `io->in_callback` in the early returns.
+
+Related to #429
+
+CVE: CVE-2025-32908
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/453/diffs?commit_id=527428a033df573ef4558ce1106e080fd9ec5c71]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ .../server/http2/soup-server-message-io-http2.c   | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/libsoup/server/http2/soup-server-message-io-http2.c b/libsoup/server/http2/soup-server-message-io-http2.c
+index f1fe2d5..913afb4 100644
+--- a/libsoup/server/http2/soup-server-message-io-http2.c
++++ b/libsoup/server/http2/soup-server-message-io-http2.c
+@@ -771,13 +771,18 @@ on_frame_recv_callback (nghttp2_session     *session,
+                 char *uri_string;
+                 GUri *uri;
+ 
+-		if (msg_io->scheme == NULL || msg_io->authority == NULL || msg_io->path == NULL)
+-			return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+-                uri_string = g_strdup_printf ("%s://%s%s", msg_io->scheme, msg_io->authority, msg_io->path);
++                if (msg_io->authority == NULL) {
++                        io->in_callback--;
++                        return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
++                }
++                /* RFC 5740: the CONNECT has unset the "scheme" and "path", but the GUri requires the scheme, thus let it be "(null)" */
++                uri_string = g_strdup_printf ("%s://%s%s", msg_io->scheme, msg_io->authority, msg_io->path == NULL ? "" : msg_io->path);
+                 uri = g_uri_parse (uri_string, SOUP_HTTP_URI_FLAGS, NULL);
+                 g_free (uri_string);
+-		if (uri == NULL)
+-			return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
++                if (uri == NULL) {
++                        io->in_callback--;
++                        return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
++                }
+                 soup_server_message_set_uri (msg_io->msg, uri);
+                 g_uri_unref (uri);
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.6.5.bb b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
index 3cd4342bd4..a8c0546677 100644
--- a/meta/recipes-support/libsoup/libsoup_3.6.5.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
@@ -15,7 +15,9 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32914.patch \
            file://CVE-2025-4476.patch \
            file://CVE-2025-32907-1.patch \
-           file://CVE-2025-32907-2.patch"
+           file://CVE-2025-32907-2.patch \
+           file://CVE-2025-32908-1.patch \
+           file://CVE-2025-32908-2.patch"
 SRC_URI[sha256sum] = "6891765aac3e949017945c3eaebd8cc8216df772456dc9f460976fbdb7ada234"
 
 PROVIDES = "libsoup-3.0"

From patchwork Tue Jun 10 16:08:37 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64741
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 79E7BC71131
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:38 +0000 (UTC)
Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com
 [209.85.214.173])
 by mx.groups.io with SMTP id smtpd.web10.91296.1749571771427490042
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:31 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=ppgO8x28;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f173.google.com with SMTP id
 d9443c01a7336-235e1d710d8so69460445ad.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571771;
 x=1750176571; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=T/NWhtedr2ui5juI9R4moO5S9IXnbZWo8PnQCgSnTAU=;
        b=ppgO8x28K4cMYWgg+/0P28jeDzRQZl7lfnliCTR4AwII9UvH2y7ngk4maeq558RL3A
         r8no8ncy0AVLLsBt8qOe4+9n9fTC5AVL43u5Z6OQjCPAwdsGPKDVliJzUsewJ/46KLt+
         Tzwfr5TG0yMZXQcciEabxzUvsxbx++KFRaY5wgUkxP7J5KyhI4L2C3uuWv5KDLSItSIY
         PPwPoe44wEwSr//pRTCFOMjubdMQglBnuwuv51tzxR1xNnmJFj7gJhaf1vlDgtOiIxuF
         thUwLGOz77DMORco/KnMRGCJBNIbp25gcBfWGwM5lgoOoRtr1aQ2heYYBA844UQZX4p1
         Ogbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571771; x=1750176571;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=T/NWhtedr2ui5juI9R4moO5S9IXnbZWo8PnQCgSnTAU=;
        b=MUeXPRy+QzzUnhQoTVK5xt0NApeoQxx5WIb+sWhnKaC5JLleHHA8M23jMmWqoqsSXb
         37PTq5Mptb4Q5p2kLQdi6Eo79HA4wsuLx1QqJdArXYNxIdINCiynPMwMeBkxJCSgbHGa
         1kGYDIrczSHDwX7mPAnaI8gfWl1LuHvoCc4H0ebV4iLj/Tpacu1ukYe1CtvQmIf+JRru
         42CZDI+xKCPe0SIycerfficGCQdNQMx/X6VSESAnH5HPv7XEk9agyXGHziqt7y3dOAuR
         i6n/xgnso3IdkhF3MRGBZQoIcTVIfKO3OP+Qx2h3qCbjDz/y6fCB6pVLDxE/rkyA5tCC
         KBGw==
X-Gm-Message-State: AOJu0YzU7cdKu6nbElDUSzNWcWhZ6X50WnSKSZmllNk+FVWuK8new5tI
	cKITJSHB87x6eFUOTzBzbxG1ToEfnoVofkJj1RncVi7bWcoqiGkvqzjpJUBTAWnELGiqdNJur/+
	3cMM/
X-Gm-Gg: ASbGncvVIOpbEcF3UASzb0vUvzFP6hmNJHjn1/iGT03fgnZ3tVeeZku+SCMQLa9U5m0
	9RGMagvmL/wjQamfeceB9X3MBClf88GKEp7w2eZCOktNpX9/a03K7Q17jfIph6po9J0jP2S/DNc
	Dj1CMdlumKipgwp5GgdieuZ5mtOrBKlrQsUb06w+extuUi+9Y6u2+U3Ithr7tTcumI2+LT+xiUn
	yaijlTD+/Yw+UYyWNAvIesuXVQbNoVbJ/W2d8O/4tCBzL73ZvPnQJriCsZtUofuUlkLpxSPSUO2
	jR5LhNHNjtmzGySCKJResR/etGqGgMRcRXulQEdRYuNbPRmcw4LGOw==
X-Google-Smtp-Source: 
 AGHT+IHCoo7oo3/2OJwCqxFQ26+318iSkC2qdFCYiOPY0pJZK+uh7Ovvwu5XRDz2qf22FlKQgpcwLg==
X-Received: by 2002:a17:903:fb0:b0:234:e8db:432d with SMTP id
 d9443c01a7336-23640d22976mr5390135ad.39.1749571770692;
        Tue, 10 Jun 2025 09:09:30 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.30
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:30 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 24/32] libsoup: fix CVE-2025-4948
Date: Tue, 10 Jun 2025 09:08:37 -0700
Message-ID: 
 <c6a014352ae480d90b84ca26653654814a7bda52.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:38 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218393

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/449

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup/CVE-2025-4948.patch       | 97 +++++++++++++++++++
 meta/recipes-support/libsoup/libsoup_3.6.5.bb |  4 +-
 2 files changed, 100 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4948.patch

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-4948.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-4948.patch
new file mode 100644
index 0000000000..e0e7b7a44f
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-4948.patch
@@ -0,0 +1,97 @@
+From 0076a5ef3f2a3d11805438e7fd90775f8c40569e Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Thu, 15 May 2025 17:49:11 +0200
+Subject: [PATCH] soup-multipart: Verify boundary limits for multipart body
+
+It could happen that the boundary started at a place which resulted into
+a negative number, which in an unsigned integer is a very large value.
+Check the body size is not a negative value before setting it.
+
+Closes https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
+
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/463>
+
+CVE: CVE-2025-4948
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/463/diffs?commit_id=f2f28afe0b3b2b3009ab67d6874457ec6bac70c0]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-multipart.c |  2 +-
+ tests/multipart-test.c   | 40 ++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 41 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
+index 102ce37..a587fe7 100644
+--- a/libsoup/soup-multipart.c
++++ b/libsoup/soup-multipart.c
+@@ -204,7 +204,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers,
+ 		 */
+ 		part_body = g_bytes_new_from_bytes (body, // FIXME
+ 						    split - body_data,
+-						    end - 2 - split);
++						    end - 2 >= split ? end - 2 - split : 0);
+ 		g_ptr_array_add (multipart->bodies, part_body);
+ 
+ 		start = end;
+diff --git a/tests/multipart-test.c b/tests/multipart-test.c
+index f5b9868..92b673e 100644
+--- a/tests/multipart-test.c
++++ b/tests/multipart-test.c
+@@ -527,6 +527,45 @@ test_multipart_bounds_bad (void)
+ 	g_bytes_unref (bytes);
+ }
+ 
++static void
++test_multipart_too_large (void)
++{
++	const char *raw_body =
++		"-------------------\r\n"
++		"-\n"
++		"Cont\"\r\n"
++		"Content-Tynt----e:n\x8erQK\r\n"
++		"Content-Disposition:   name=  form-; name=\"file\"; filename=\"ype:i/  -d; ----\xae\r\n"
++		"Content-Typimag\x01/png--\\\n"
++		"\r\n"
++		"---:\n\r\n"
++		"\r\n"
++		"-------------------------------------\r\n"
++		"---------\r\n"
++		"----------------------";
++	GBytes *body;
++	GHashTable *params;
++	SoupMessageHeaders *headers;
++	SoupMultipart *multipart;
++
++	params = g_hash_table_new (g_str_hash, g_str_equal);
++	g_hash_table_insert (params, (gpointer) "boundary", (gpointer) "-----------------");
++	headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
++	soup_message_headers_set_content_type (headers, "multipart/form-data", params);
++	g_hash_table_unref (params);
++
++	body = g_bytes_new_static (raw_body, strlen (raw_body));
++	multipart = soup_multipart_new_from_message (headers, body);
++	soup_message_headers_unref (headers);
++	g_bytes_unref (body);
++
++	g_assert_nonnull (multipart);
++	g_assert_cmpint (soup_multipart_get_length (multipart), ==, 1);
++	g_assert_true (soup_multipart_get_part (multipart, 0, &headers, &body));
++	g_assert_cmpint (g_bytes_get_size (body), ==, 0);
++	soup_multipart_free (multipart);
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -556,6 +595,7 @@ main (int argc, char **argv)
+ 	g_test_add_data_func ("/multipart/async-small-reads", GINT_TO_POINTER (ASYNC_MULTIPART_SMALL_READS), test_multipart);
+ 	g_test_add_func ("/multipart/bounds-good", test_multipart_bounds_good);
+ 	g_test_add_func ("/multipart/bounds-bad", test_multipart_bounds_bad);
++	g_test_add_func ("/multipart/too-large", test_multipart_too_large);
+ 
+ 	ret = g_test_run ();
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.6.5.bb b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
index a8c0546677..772e21e09b 100644
--- a/meta/recipes-support/libsoup/libsoup_3.6.5.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
@@ -17,7 +17,9 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32907-1.patch \
            file://CVE-2025-32907-2.patch \
            file://CVE-2025-32908-1.patch \
-           file://CVE-2025-32908-2.patch"
+           file://CVE-2025-32908-2.patch \
+           file://CVE-2025-4948.patch \
+"
 SRC_URI[sha256sum] = "6891765aac3e949017945c3eaebd8cc8216df772456dc9f460976fbdb7ada234"
 
 PROVIDES = "libsoup-3.0"

From patchwork Tue Jun 10 16:08:38 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64737
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 50354C677C4
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:38 +0000 (UTC)
Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com
 [209.85.214.173])
 by mx.groups.io with SMTP id smtpd.web10.91297.1749571772757520099
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:32 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=xCKkeziC;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f173.google.com with SMTP id
 d9443c01a7336-235ae05d224so48519335ad.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571772;
 x=1750176572; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Sv8AAU08tnJxIqGKu6TasaB5g9Nuzbg/Zwdg7aAj2wg=;
        b=xCKkeziCEYjtlDy+DH1vBX1WBQbSuihIcsgcEp5ljyPq8sEN7OpJPe0ZHmAsZBKcjc
         oAIttxij+G2d/bTWRHiJkjZ3dK+jdEU+UZMNwwMsT1Hn+YZUzVYKdG2MxKRlj2dY9bvE
         ce3p2fUvLRiJnczgMDU5yNcmOCkFWiSnxNwnD4dQL3uRRXIx3aMuOI/7u3wU3knJKY/s
         nP1Q3xfFr0FdGefOO9KxQ5HDX2ijEOXLonrb2bd0n5Bo9Z7Ju7Hn8paclgSq1KcHg+DJ
         Ed8pmg7DaXrsHyY1egb/gGwpFllTkFhgStXdCEe7Oem2jC/J0cyt7eq75zbDYEs1Rkhu
         LEBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571772; x=1750176572;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Sv8AAU08tnJxIqGKu6TasaB5g9Nuzbg/Zwdg7aAj2wg=;
        b=YxajaSLzqloQ6qS51T5SvTaLaAeTvsRZ+7xKMSre73t5AHQSYGo+vdZMRzXmQolhbC
         fJMp7k8OP51Vjau586Z78vomy97pFle+CxqqPADz3QR6lFvdCOl9+kfgirZUW3dAU/Qq
         gTgdu7ouRtQamO3N3iOktE/VyQOPQ7p7kd0S60hdxgwNxwYdrQDnzfVozKZTloyQbuHh
         10s6ZvmHQJr4atVsFSi/tM+hhZJFN/1ODqXE8hpJeagHT0SWcponWuqAtfGiIaeyWIds
         aD2VWt7HnmnkV5SZY1YZz9paUMayPdkvPY2RMlduWTBY32HKTLPqlBy1m7xVKFxuBy4o
         BwbQ==
X-Gm-Message-State: AOJu0Yz7S4G7Ztb1SyMOcc3xYbBygu0mGSqDbYzBNOngIG7NWP8EAw1r
	2CbEZLEV8vpqp2FLnIQXcqmW1c3kjSsn8J3pIFJSALa3cnQBWlvnu2IatZ6Ii95CiphaswURsQR
	Twz2H
X-Gm-Gg: ASbGncvgfaXv7EMk4+YZhBsGM50bhzUytJdbR1mVtO3l+jZVXAYIExQ5Ly+LzNlcoHW
	GWBSyGZPkOSopsK/3x8rL0NMIM8ppHlcMKbzZFdy3v82TkytUhqKEPWUNt4UR/4Ccnmtlw1kBBW
	UyFfbQluO9zIlRkv4l4aR4fxiuTPTlrayMIWxayQFEZMNMyx1+W5/+909Frj0xtsQ4EYjxOITz3
	QwjjDPlVANCHBRJrPFhc66KKYCyqmmQnK84tKt6FO1ch05MZVBZdq25iK911XOQ4OR4t9pbOm+F
	VZHg57B/EfnsP0W4TuvpmTSjtK3YAO1Z5IGQtN6J20Tjm6vrzJ+Dag==
X-Google-Smtp-Source: 
 AGHT+IGS/tOonaeDfEjJTZM8+2c8wd2sWesOYh9yAxLadozHb29HJTemIjP9E1K00vDLd+CFx5zNNQ==
X-Received: by 2002:a17:902:e742:b0:22e:457d:3989 with SMTP id
 d9443c01a7336-23641526179mr511245ad.0.1749571771974;
        Tue, 10 Jun 2025 09:09:31 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.31
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:31 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 25/32] libsoup: fix CVE-2025-4969
Date: Tue, 10 Jun 2025 09:08:38 -0700
Message-ID: 
 <2fd6621812f62acc2bbce47db9e9dc96349d8e3e.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:38 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218394

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/447

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup/CVE-2025-4969.patch       | 78 +++++++++++++++++++
 meta/recipes-support/libsoup/libsoup_3.6.5.bb |  1 +
 2 files changed, 79 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4969.patch

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-4969.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-4969.patch
new file mode 100644
index 0000000000..97702a3d08
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-4969.patch
@@ -0,0 +1,78 @@
+From e8ef88ed86929c9a0dc343a4c7d29a8f2bcf400f Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Mon, 19 May 2025 17:48:27 +0200
+Subject: [PATCH] soup-multipart: Verify array bounds before accessing its
+ members
+
+The boundary could be at a place which, calculated, pointed
+before the beginning of the array. Check the bounds, to avoid
+read out of the array bounds.
+
+Closes https://gitlab.gnome.org/GNOME/libsoup/-/issues/447
+
+CVE: CVE-2025-4969
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/467/commits]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-multipart.c |  2 +-
+ tests/multipart-test.c   | 22 ++++++++++++++++++++++
+ 2 files changed, 23 insertions(+), 1 deletion(-)
+
+diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
+index a587fe7..27257e4 100644
+--- a/libsoup/soup-multipart.c
++++ b/libsoup/soup-multipart.c
+@@ -104,7 +104,7 @@ find_boundary (const char *start, const char *end,
+ 			continue;
+ 
+ 		/* Check that it's at start of line */
+-		if (!(b == start || (b[-1] == '\n' && b[-2] == '\r')))
++		if (!(b == start || (b - start >= 2 && b[-1] == '\n' && b[-2] == '\r')))
+ 			continue;
+ 
+ 		/* Check for "--" or "\r\n" after boundary */
+diff --git a/tests/multipart-test.c b/tests/multipart-test.c
+index 92b673e..3792563 100644
+--- a/tests/multipart-test.c
++++ b/tests/multipart-test.c
+@@ -527,6 +527,27 @@ test_multipart_bounds_bad (void)
+ 	g_bytes_unref (bytes);
+ }
+ 
++static void
++test_multipart_bounds_bad_2 (void)
++{
++	SoupMultipart *multipart;
++	SoupMessageHeaders *headers;
++	GBytes *bytes;
++	const char *raw_data = "\n--123\r\nline\r\n--123--\r";
++
++	headers = soup_message_headers_new (SOUP_MESSAGE_HEADERS_MULTIPART);
++	soup_message_headers_append (headers, "Content-Type", "multipart/mixed; boundary=\"123\"");
++
++	bytes = g_bytes_new (raw_data, strlen (raw_data));
++
++	multipart = soup_multipart_new_from_message (headers, bytes);
++	g_assert_nonnull (multipart);
++
++	soup_multipart_free (multipart);
++	soup_message_headers_unref (headers);
++	g_bytes_unref (bytes);
++}
++
+ static void
+ test_multipart_too_large (void)
+ {
+@@ -595,6 +616,7 @@ main (int argc, char **argv)
+ 	g_test_add_data_func ("/multipart/async-small-reads", GINT_TO_POINTER (ASYNC_MULTIPART_SMALL_READS), test_multipart);
+ 	g_test_add_func ("/multipart/bounds-good", test_multipart_bounds_good);
+ 	g_test_add_func ("/multipart/bounds-bad", test_multipart_bounds_bad);
++	g_test_add_func ("/multipart/bounds-bad-2", test_multipart_bounds_bad_2);
+ 	g_test_add_func ("/multipart/too-large", test_multipart_too_large);
+ 
+ 	ret = g_test_run ();
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.6.5.bb b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
index 772e21e09b..457a30ec70 100644
--- a/meta/recipes-support/libsoup/libsoup_3.6.5.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
@@ -19,6 +19,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32908-1.patch \
            file://CVE-2025-32908-2.patch \
            file://CVE-2025-4948.patch \
+           file://CVE-2025-4969.patch \
 "
 SRC_URI[sha256sum] = "6891765aac3e949017945c3eaebd8cc8216df772456dc9f460976fbdb7ada234"
 

From patchwork Tue Jun 10 16:08:39 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64742
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 588ECC5B552
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:38 +0000 (UTC)
Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com
 [209.85.214.177])
 by mx.groups.io with SMTP id smtpd.web10.91298.1749571774699701210
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:34 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=M6HWX3wT;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f177.google.com with SMTP id
 d9443c01a7336-23539a1a421so48841535ad.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571774;
 x=1750176574; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=mtoq2I6+ZsUHlDaAZ0PL3VR3j98t19iNV5RfhPl2ziM=;
        b=M6HWX3wTy/QCsNemhslXL1tjIpKUmJqVNPFAcS8dXdqXBGS9iN/HL/9+KEH/MXfVLn
         lIP9ckkOHxXPO0kvjoX2dORO9R8YCq3ZeuiWVo16NA7fxboC5mcJoc7WBCyIiGLSsEBR
         Sk18pVWGK5+6+0yEI8/GPJpPiv/8gIdj1xoXUdACvJyIV0fy7oSSoGFxyWnzJumk0w4l
         DvtERYHi54MCcocC6tjZRGOyLBOz8MFmR1I3BORqwMUVn3ahfw7LmI21eHzcSdZZbxtK
         UdXePao3m/y9aDnnHHxu59JZe3HY2cQo09ZxDicExUfDQYj+pybAFWrt0rBaZA7GC7xE
         KHSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571774; x=1750176574;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=mtoq2I6+ZsUHlDaAZ0PL3VR3j98t19iNV5RfhPl2ziM=;
        b=IRecgV7CyClnQADrwPQK2UnIT1SzzR3npALeyOQXnC/Vmgnavs7IgD2LhqDcv02AIY
         AMKXYX/781Dzwy09ffjPeltcjFtLYUsxvj5yArgGBfq9iMERocbRIR3LTMp7oKPV5/q+
         cgBwGWyBwWYuUcjmZWMiEyx21hEyEPrhsHeoQSThc7MJiGgKKV7mHDD54NRE2r8RQeDb
         aszAD5v/xYSr573FY5npAbabFoQuArBjzRL/eJlmzAlKWHLmhVrWB/lTbKvpMV2KRepf
         6gzqdqd+PrLSHiU7B7pv8TH+nRPLHC0PuoPMEq0OAnkaEp5/TGT258swLI32/4bUrP3y
         6QBw==
X-Gm-Message-State: AOJu0YzIoOADumUlsBpdEgoHnMvDWvGTrI0wkwAQRe/u/aDMh7nXw2R7
	pKdsWvLAzui7Llib4EcjainDUXNflpuVv4r7CcRI0tXRFFjnhPfn1VyCSEyz1cMPB6M0srYlJji
	YJx7m
X-Gm-Gg: ASbGncvcvUFMNgaQajn5Pj6aNjLvBQiiou4TDr+8iPzJP+r1C8Kha6LtvaegkC+bF2j
	oYH/rXDMIy6hkTcIXBp+jh8HhpOe/nPiEkHEXGiDU1FgkuNruwluBQeX2hXgFe0G8BwL7/uBONi
	9u+AR1nrpcKmNfEYKWLs1apx7J7eDO5FvD9cxLV1yToWxSh3nKE1RklcGWOCQ6Dsm/pW37uc1Sv
	wfm5aA0AWoC+pkllQsmt80+rhYhiE37UElyX8uEzGZaYhF+2Yc0caPwLb4lKpJci8U5/Cdnn8Ye
	+irdMvcWVBNObivh/DdvIjgCh0u5rEaC/K2Tp9uYi/O05whZJhnwnmz+pKLnZt8t
X-Google-Smtp-Source: 
 AGHT+IEmUmbtv4W6xMTtqk3DaZhIjpFyDBfOMyF1KHMOXvj76H8k3DtDMsd3jUsBxrI1JtdGf57ADg==
X-Received: by 2002:a17:902:f647:b0:235:737:7ba with SMTP id
 d9443c01a7336-23601debd8fmr298435825ad.44.1749571773544;
        Tue, 10 Jun 2025 09:09:33 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.32
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:33 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 26/32] binutils: Fix CVE-2025-1181
Date: Tue, 10 Jun 2025 09:08:39 -0700
Message-ID: 
 <8b9484767f49a558c442668ad9b8e86d6800819b.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:38 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218395

From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>

PR 32641 [https://sourceware.org/bugzilla/show_bug.cgi?id=32641]
PR 32643 [https://sourceware.org/bugzilla/show_bug.cgi?id=32643]

Upstream-Status: Backport
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=18cc11a2771d9e40180485da9a4fb660c03efac3
&& https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=931494c9a89558acb36a03a340c01726545eef24]

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.44.inc                |   2 +
 .../binutils/0016-CVE-2025-1181-1.patch       | 141 ++++++++
 .../binutils/0017-CVE-2025-1181-2.patch       | 337 ++++++++++++++++++
 3 files changed, 480 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0016-CVE-2025-1181-1.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0017-CVE-2025-1181-2.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc
index ae9ec9efa4..f3085ce2ef 100644
--- a/meta/recipes-devtools/binutils/binutils-2.44.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.44.inc
@@ -38,5 +38,7 @@ SRC_URI = "\
      file://0015-CVE-2025-1178.patch \
      file://CVE-2025-1180.patch \
      file://CVE-2025-1182.patch \
+     file://0016-CVE-2025-1181-1.patch \
+     file://0017-CVE-2025-1181-2.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0016-CVE-2025-1181-1.patch b/meta/recipes-devtools/binutils/binutils/0016-CVE-2025-1181-1.patch
new file mode 100644
index 0000000000..d3709c7a4f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0016-CVE-2025-1181-1.patch
@@ -0,0 +1,141 @@
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 14:31:10 +0000
+
+Prevent illegal memory access when checking relocs in a corrupt ELF binary.
+
+PR 32641
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=18cc11a2771d9e40180485da9a4fb660c03efac3]
+CVE: CVE-2025-1181
+
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+
+diff --git a/bfd/elf-bfd.h b/bfd/elf-bfd.h
+index 785a37dd7fd..d2bf8e5cbae 100644
+--- a/bfd/elf-bfd.h
++++ b/bfd/elf-bfd.h
+@@ -3150,6 +3150,9 @@ extern bool _bfd_elf_link_mmap_section_contents
+ extern void _bfd_elf_link_munmap_section_contents
+   (asection *);
+ 
++extern struct elf_link_hash_entry * _bfd_elf_get_link_hash_entry
++  (struct elf_link_hash_entry **, unsigned int, Elf_Internal_Shdr *);
++
+ /* Large common section.  */
+ extern asection _bfd_elf_large_com_section;
+ 
+diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
+index 32db254ba6c..2d82c6583c3 100644
+--- a/bfd/elf64-x86-64.c
++++ b/bfd/elf64-x86-64.c
+@@ -1744,7 +1744,7 @@ elf_x86_64_convert_load_reloc (bfd *abfd,
+   bool to_reloc_pc32;
+   bool abs_symbol;
+   bool local_ref;
+-  asection *tsec;
++  asection *tsec = NULL;
+   bfd_signed_vma raddend;
+   unsigned int opcode;
+   unsigned int modrm;
+@@ -1910,6 +1910,9 @@ elf_x86_64_convert_load_reloc (bfd *abfd,
+ 	return true;
+     }
+ 
++  if (tsec == NULL)
++    return false;
++
+   /* Don't convert GOTPCREL relocation against large section.  */
+   if (elf_section_data (tsec) !=  NULL
+       && (elf_section_flags (tsec) & SHF_X86_64_LARGE) != 0)
+@@ -2206,10 +2209,7 @@ elf_x86_64_scan_relocs (bfd *abfd, struct bfd_link_info *info,
+       else
+ 	{
+ 	  isym = NULL;
+-	  h = sym_hashes[r_symndx - symtab_hdr->sh_info];
+-	  while (h->root.type == bfd_link_hash_indirect
+-		 || h->root.type == bfd_link_hash_warning)
+-	    h = (struct elf_link_hash_entry *) h->root.u.i.link;
++	  h = _bfd_elf_get_link_hash_entry (sym_hashes, r_symndx, symtab_hdr);
+ 	}
+ 
+       /* Check invalid x32 relocations.  */
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index 1f1263007c0..eafbd133ff5 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -96,6 +96,27 @@ _bfd_elf_link_keep_memory (struct bfd_link_info *info)
+   return true;
+ }
+ 
++struct elf_link_hash_entry *
++_bfd_elf_get_link_hash_entry (struct elf_link_hash_entry **  sym_hashes,
++			      unsigned int                   symndx,
++			      Elf_Internal_Shdr *            symtab_hdr)
++{
++  if (symndx < symtab_hdr->sh_info)
++    return NULL;
++
++  struct elf_link_hash_entry *h = sym_hashes[symndx - symtab_hdr->sh_info];
++
++  /* The hash might be empty.  See PR 32641 for an example of this.  */
++  if (h == NULL)
++    return NULL;
++
++  while (h->root.type == bfd_link_hash_indirect
++	 || h->root.type == bfd_link_hash_warning)
++    h = (struct elf_link_hash_entry *) h->root.u.i.link;
++
++  return h;
++}
++
+ static struct elf_link_hash_entry *
+ get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
+ {
+@@ -108,6 +129,9 @@ get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
+     {
+       h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
+ 
++      if (h == NULL)
++	return NULL;
++
+       while (h->root.type == bfd_link_hash_indirect
+ 	     || h->root.type == bfd_link_hash_warning)
+ 	h = (struct elf_link_hash_entry *) h->root.u.i.link;
+diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
+index 8e5a005fd36..832a5495eb1 100644
+--- a/bfd/elfxx-x86.c
++++ b/bfd/elfxx-x86.c
+@@ -973,15 +973,7 @@ _bfd_x86_elf_check_relocs (bfd *abfd,
+ 	  goto error_return;
+ 	}
+ 
+-      if (r_symndx < symtab_hdr->sh_info)
+-	h = NULL;
+-      else
+-	{
+-	  h = sym_hashes[r_symndx - symtab_hdr->sh_info];
+-	  while (h->root.type == bfd_link_hash_indirect
+-		 || h->root.type == bfd_link_hash_warning)
+-	    h = (struct elf_link_hash_entry *) h->root.u.i.link;
+-	}
++      h = _bfd_elf_get_link_hash_entry (sym_hashes, r_symndx, symtab_hdr);
+ 
+       if (X86_NEED_DYNAMIC_RELOC_TYPE_P (is_x86_64, r_type)
+ 	  && NEED_DYNAMIC_RELOCATION_P (is_x86_64, info, true, h, sec,
+@@ -1209,10 +1201,12 @@ _bfd_x86_elf_link_relax_section (bfd *abfd ATTRIBUTE_UNUSED,
+       else
+ 	{
+ 	  /* Get H and SEC for GENERATE_DYNAMIC_RELOCATION_P below.  */
+-	  h = sym_hashes[r_symndx - symtab_hdr->sh_info];
+-	  while (h->root.type == bfd_link_hash_indirect
+-		 || h->root.type == bfd_link_hash_warning)
+-	    h = (struct elf_link_hash_entry *) h->root.u.i.link;
++	  h = _bfd_elf_get_link_hash_entry (sym_hashes, r_symndx, symtab_hdr);
++	  if (h == NULL)
++	    {
++	      /* FIXMEL: Issue an error message ?  */
++	      continue;
++	    }
+ 
+ 	  if (h->root.type == bfd_link_hash_defined
+ 	      || h->root.type == bfd_link_hash_defweak)
diff --git a/meta/recipes-devtools/binutils/binutils/0017-CVE-2025-1181-2.patch b/meta/recipes-devtools/binutils/binutils/0017-CVE-2025-1181-2.patch
new file mode 100644
index 0000000000..5af743582f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0017-CVE-2025-1181-2.patch
@@ -0,0 +1,337 @@
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 15:43:04 +0000
+
+Add even more checks for corrupt input when processing
+relocations for ELF files.
+
+PR 32643
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=931494c9a89558acb36a03a340c01726545eef24]
+CVE: CVE-2025-1181
+
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index fd423d61..91cd7c28 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -96,15 +96,17 @@
+   return true;
+ }
+ 
+-struct elf_link_hash_entry *
+-_bfd_elf_get_link_hash_entry (struct elf_link_hash_entry **  sym_hashes,
+-			      unsigned int                   symndx,
+-			      Elf_Internal_Shdr *            symtab_hdr)
++static struct elf_link_hash_entry *
++get_link_hash_entry (struct elf_link_hash_entry **  sym_hashes,
++		     unsigned int                   symndx,
++		     unsigned int                   ext_sym_start)
+ {
+-  if (symndx < symtab_hdr->sh_info)
++  if (sym_hashes == NULL
++      /* Guard against corrupt input.  See PR 32636 for an example.  */
++      || symndx < ext_sym_start)
+     return NULL;
+ 
+-  struct elf_link_hash_entry *h = sym_hashes[symndx - symtab_hdr->sh_info];
++  struct elf_link_hash_entry *h = sym_hashes[symndx - ext_sym_start];
+ 
+   /* The hash might be empty.  See PR 32641 for an example of this.  */
+   if (h == NULL)
+@@ -117,27 +119,28 @@
+   return h;
+ }
+ 
+-static struct elf_link_hash_entry *
+-get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
++struct elf_link_hash_entry *
++_bfd_elf_get_link_hash_entry (struct elf_link_hash_entry **  sym_hashes,
++			      unsigned int                   symndx,
++			      Elf_Internal_Shdr *            symtab_hdr)
+ {
+-  struct elf_link_hash_entry *h = NULL;
+-
+-  if ((r_symndx >= cookie->locsymcount
+-       || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
+-      /* Guard against corrupt input.  See PR 32636 for an example.  */
+-      && r_symndx >= cookie->extsymoff)
+-    {
+-      h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
++  if (symtab_hdr == NULL)
++    return NULL;
+ 
+-      if (h == NULL)
+-	return NULL;
++  return get_link_hash_entry (sym_hashes, symndx, symtab_hdr->sh_info);
++}
+ 
+-      while (h->root.type == bfd_link_hash_indirect
+-	     || h->root.type == bfd_link_hash_warning)
+-	h = (struct elf_link_hash_entry *) h->root.u.i.link;
+-    }
++static struct elf_link_hash_entry *
++get_ext_sym_hash_from_cookie (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
++{
++  if (cookie == NULL || cookie->sym_hashes == NULL)
++    return NULL;
++  
++  if (r_symndx >= cookie->locsymcount
++      || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
++    return get_link_hash_entry (cookie->sym_hashes, r_symndx, cookie->extsymoff);
+ 
+-  return h;
++  return NULL;
+ }
+ 
+ asection *
+@@ -147,7 +150,7 @@
+ {
+   struct elf_link_hash_entry *h;
+ 
+-  h = get_ext_sym_hash (cookie, r_symndx);
++  h = get_ext_sym_hash_from_cookie (cookie, r_symndx);
+   
+   if (h != NULL)
+     {
+@@ -9105,7 +9108,6 @@
+ 		  size_t symidx,
+ 		  bfd_vma val)
+ {
+-  struct elf_link_hash_entry **sym_hashes;
+   struct elf_link_hash_entry *h;
+   size_t extsymoff = locsymcount;
+ 
+@@ -9128,12 +9130,12 @@
+ 
+   /* It is a global symbol: set its link type
+      to "defined" and give it a value.  */
+-
+-  sym_hashes = elf_sym_hashes (bfd_with_globals);
+-  h = sym_hashes [symidx - extsymoff];
+-  while (h->root.type == bfd_link_hash_indirect
+-	 || h->root.type == bfd_link_hash_warning)
+-    h = (struct elf_link_hash_entry *) h->root.u.i.link;
++  h = get_link_hash_entry (elf_sym_hashes (bfd_with_globals), symidx, extsymoff);
++  if (h == NULL)
++    {
++      /* FIXMEL What should we do ?  */
++      return;
++    }
+   h->root.type = bfd_link_hash_defined;
+   h->root.u.def.value = val;
+   h->root.u.def.section = bfd_abs_section_ptr;
+@@ -11611,10 +11613,19 @@
+ 	      || (elf_bad_symtab (input_bfd)
+ 		  && flinfo->sections[symndx] == NULL))
+ 	    {
+-	      struct elf_link_hash_entry *h = sym_hashes[symndx - extsymoff];
+-	      while (h->root.type == bfd_link_hash_indirect
+-		     || h->root.type == bfd_link_hash_warning)
+-		h = (struct elf_link_hash_entry *) h->root.u.i.link;
++	      struct elf_link_hash_entry *h;
++
++	      h = get_link_hash_entry (sym_hashes, symndx, extsymoff);
++	      if (h == NULL)
++		{
++		  _bfd_error_handler
++		    /* xgettext:c-format */
++		    (_("error: %pB: unable to create group section symbol"),
++		     input_bfd);
++		  bfd_set_error (bfd_error_bad_value);
++		  return false;
++		}	      
++
+ 	      /* Arrange for symbol to be output.  */
+ 	      h->indx = -2;
+ 	      elf_section_data (osec)->this_hdr.sh_info = -2;
+@@ -11749,7 +11760,7 @@
+ 		  || (elf_bad_symtab (input_bfd)
+ 		      && flinfo->sections[r_symndx] == NULL))
+ 		{
+-		  h = sym_hashes[r_symndx - extsymoff];
++		  h = get_link_hash_entry (sym_hashes, r_symndx, extsymoff);
+ 
+ 		  /* Badly formatted input files can contain relocs that
+ 		     reference non-existant symbols.  Check here so that
+@@ -11758,17 +11769,13 @@
+ 		    {
+ 		      _bfd_error_handler
+ 			/* xgettext:c-format */
+-			(_("error: %pB contains a reloc (%#" PRIx64 ") for section %pA "
++			(_("error: %pB contains a reloc (%#" PRIx64 ") for section '%pA' "
+ 			   "that references a non-existent global symbol"),
+ 			 input_bfd, (uint64_t) rel->r_info, o);
+ 		      bfd_set_error (bfd_error_bad_value);
+ 		      return false;
+ 		    }
+ 
+-		  while (h->root.type == bfd_link_hash_indirect
+-			 || h->root.type == bfd_link_hash_warning)
+-		    h = (struct elf_link_hash_entry *) h->root.u.i.link;
+-
+ 		  s_type = h->type;
+ 
+ 		  /* If a plugin symbol is referenced from a non-IR file,
+@@ -11984,7 +11991,6 @@
+ 			  && flinfo->sections[r_symndx] == NULL))
+ 		    {
+ 		      struct elf_link_hash_entry *rh;
+-		      unsigned long indx;
+ 
+ 		      /* This is a reloc against a global symbol.  We
+ 			 have not yet output all the local symbols, so
+@@ -11993,15 +11999,16 @@
+ 			 reloc to point to the global hash table entry
+ 			 for this symbol.  The symbol index is then
+ 			 set at the end of bfd_elf_final_link.  */
+-		      indx = r_symndx - extsymoff;
+-		      rh = elf_sym_hashes (input_bfd)[indx];
+-		      while (rh->root.type == bfd_link_hash_indirect
+-			     || rh->root.type == bfd_link_hash_warning)
+-			rh = (struct elf_link_hash_entry *) rh->root.u.i.link;
+-
+-		      /* Setting the index to -2 tells
+-			 elf_link_output_extsym that this symbol is
+-			 used by a reloc.  */
++		      rh = get_link_hash_entry (elf_sym_hashes (input_bfd),
++						r_symndx, extsymoff);
++		      if (rh == NULL)
++			{
++			  /* FIXME: Generate an error ?  */
++			  continue;
++			}
++
++		      /* Setting the index to -2 tells elf_link_output_extsym
++			 that this symbol is used by a reloc.  */
+ 		      BFD_ASSERT (rh->indx < 0);
+ 		      rh->indx = -2;
+ 		      *rel_hash = rh;
+@@ -13965,25 +13972,21 @@
+ 		       struct elf_link_hash_entry *h,
+ 		       Elf_Internal_Sym *sym)
+ {
+-  if (h != NULL)
++  if (h == NULL)
++    return bfd_section_from_elf_index (sec->owner, sym->st_shndx);
++
++  switch (h->root.type)
+     {
+-      switch (h->root.type)
+-	{
+-	case bfd_link_hash_defined:
+-	case bfd_link_hash_defweak:
+-	  return h->root.u.def.section;
++    case bfd_link_hash_defined:
++    case bfd_link_hash_defweak:
++      return h->root.u.def.section;
+ 
+-	case bfd_link_hash_common:
+-	  return h->root.u.c.p->section;
++    case bfd_link_hash_common:
++      return h->root.u.c.p->section;
+ 
+-	default:
+-	  break;
+-	}
++    default:
++      return NULL;
+     }
+-  else
+-    return bfd_section_from_elf_index (sec->owner, sym->st_shndx);
+-
+-  return NULL;
+ }
+ 
+ /* Return the debug definition section.  */
+@@ -14032,46 +14035,49 @@
+   if (r_symndx == STN_UNDEF)
+     return NULL;
+ 
+-  h = get_ext_sym_hash (cookie, r_symndx);
++  h = get_ext_sym_hash_from_cookie (cookie, r_symndx);
++  if (h == NULL)
++    {
++      /* A corrup tinput file can lead to a situation where the index
++	 does not reference either a local or an external symbol.  */
++      if (r_symndx >= cookie->locsymcount)
++	return NULL;
+ 
+-  if (h != NULL)
++      return (*gc_mark_hook) (sec, info, cookie->rel, NULL,
++			      &cookie->locsyms[r_symndx]);
++    }
++
++  bool was_marked = h->mark;
++
++  h->mark = 1;
++  /* Keep all aliases of the symbol too.  If an object symbol
++     needs to be copied into .dynbss then all of its aliases
++     should be present as dynamic symbols, not just the one used
++     on the copy relocation.  */
++  hw = h;
++  while (hw->is_weakalias)
+     {
+-      bool was_marked;
++      hw = hw->u.alias;
++      hw->mark = 1;
++    }
+ 
+-      was_marked = h->mark;
+-      h->mark = 1;
+-      /* Keep all aliases of the symbol too.  If an object symbol
+-	 needs to be copied into .dynbss then all of its aliases
+-	 should be present as dynamic symbols, not just the one used
+-	 on the copy relocation.  */
+-      hw = h;
+-      while (hw->is_weakalias)
+-	{
+-	  hw = hw->u.alias;
+-	  hw->mark = 1;
+-	}
++  if (!was_marked && h->start_stop && !h->root.ldscript_def)
++    {
++      if (info->start_stop_gc)
++	return NULL;
+ 
+-      if (!was_marked && h->start_stop && !h->root.ldscript_def)
++      /* To work around a glibc bug, mark XXX input sections
++	 when there is a reference to __start_XXX or __stop_XXX
++	 symbols.  */
++      else if (start_stop != NULL)
+ 	{
+-	  if (info->start_stop_gc)
+-	    return NULL;
+-
+-	  /* To work around a glibc bug, mark XXX input sections
+-	     when there is a reference to __start_XXX or __stop_XXX
+-	     symbols.  */
+-	  else if (start_stop != NULL)
+-	    {
+-	      asection *s = h->u2.start_stop_section;
+-	      *start_stop = true;
+-	      return s;
+-	    }
++	  asection *s = h->u2.start_stop_section;
++	  *start_stop = true;
++	  return s;
+ 	}
+-
+-      return (*gc_mark_hook) (sec, info, cookie->rel, h, NULL);
+     }
+ 
+-  return (*gc_mark_hook) (sec, info, cookie->rel, NULL,
+-			  &cookie->locsyms[r_symndx]);
++  return (*gc_mark_hook) (sec, info, cookie->rel, h, NULL);
+ }
+ 
+ /* COOKIE->rel describes a relocation against section SEC, which is
+@@ -15094,7 +15100,7 @@
+ 
+       struct elf_link_hash_entry *h;
+ 
+-      h = get_ext_sym_hash (rcookie, r_symndx);
++      h = get_ext_sym_hash_from_cookie (rcookie, r_symndx);
+ 
+       if (h != NULL)
+ 	{

From patchwork Tue Jun 10 16:08:40 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64739
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 600CBC71130
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:38 +0000 (UTC)
Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com
 [209.85.214.173])
 by mx.groups.io with SMTP id smtpd.web10.91299.1749571776542856220
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:36 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=cShrr3z3;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f173.google.com with SMTP id
 d9443c01a7336-2350fc2591dso46564505ad.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571776;
 x=1750176576; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=HayCgZf4sNMo7NJKVEia12br6manhwGtRwY37WDqDNc=;
        b=cShrr3z3FJeLoev2w1KDekUCyrfupKHs9KD4shbTpzx4op3vpukxKt2HKrK6At/fqU
         f/iORzHHC3Wm53MVkwn9hM7fFcL3Q3Fma3vKX/Ls6dXGz+nLbrRiyv/JYfvrz+8HvQd9
         Fof2APw2MsdKThEyROMuFcOHwSB3UVm4NinlrPilsUPvlz2fLdhP7px6//wyB+UxMpUs
         +JgiLhWGBYti9jCoXfxHcb9tpwYg5xV0HHWvWSM71LYKaVrTf8DCJJVEerH4S7ge4SBH
         ZSVi3bckpjVYPgG1lqNkYB2v3vGuxnq8xD9+ZUOd0D/pPY7VAOx2dHa8pWRnpvhk7MOL
         m1wQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571776; x=1750176576;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=HayCgZf4sNMo7NJKVEia12br6manhwGtRwY37WDqDNc=;
        b=WqI4CHOVW/ptTQ8W2xM6RThRbh1YsiupqHCMtUkrtO+VTbfa5MMQPi5b+dJrYwfb9Q
         btqPbe8ZrJDiYpTU1iYmfTf7sPvUFEGBiXlUmPtlKfcHNgwOUaI1H8PJNRZ4lD6pDnbQ
         Ud1BcFKi5LmEERb9FPn+FNozR4asDKyn3lxYKFo8ajKzYIIjgdGDvI9Mg+m+FkXWinMb
         eUIwXIozRiRADh4zO+28ye7en2NkJNPYJDtOsGp5jTeU/XAEi0YoiJn78JC7vmCd1gkc
         ZwWLLmB36Gq6DH97MRuu/OStVUoEj6YzrofnlJWEkGBY/QPNtvSOl9+iKtZd7gz2I1XF
         Dvuw==
X-Gm-Message-State: AOJu0YyP5iL/8Ql8298CXhatluXBe3Y/w0T3JSCqhn+MosVQqLcuOOx5
	/RJ9tb+2xyjMSGiDCeknoB6f6ZMH1UmICo530Krx2RPMU95RLccOTCH7LzUbDvVvntPHCbF/CmE
	TRb5/
X-Gm-Gg: ASbGncuwpxFTjOclKw6ZzrHAkDFbYLlqYLIKumHV+z78rTU5KhN0y6UfVYcRYCCTzgH
	vUEIVn8Q/GDQ2AsD6UAInoYN+viV46ElMjCxmpoRg+rRTL+lD18FZgKMBsaWiUUaPzW2Y6A4OPj
	f7eLWQaI8AYA9lvoUbfi6Ps1+vZZHCSb/Wyv9RiqmnCNulpYYGxEQ3FCuEBLTXOKBZB634X1adi
	VEq7zRqiSs1k96nq4KXYR2+t3miJWYeHEq1weUR41xeoLP2Ch3UDgv9TnD8T5JpvdU7lagRGpwY
	5DrCRGmIAl1cznjN16GY+DWNOJ3Dkqp4/jgplcFdGvNaxPSaoZEtrw==
X-Google-Smtp-Source: 
 AGHT+IE+/oFPJGDP+BPKVtVbddD7IRSL6YmQ6TQDBsIV2Tp3qdXObyLlJte/aB3woqLqIyGjwmVq0g==
X-Received: by 2002:a17:902:c407:b0:232:59b:5923 with SMTP id
 d9443c01a7336-23635c648aemr73096195ad.23.1749571775696;
        Tue, 10 Jun 2025 09:09:35 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.35
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:35 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 27/32] binutils: Fix CVE-2025-5244
Date: Tue, 10 Jun 2025 09:08:40 -0700
Message-ID: 
 <81e5831ea48e9d1e4b37e4ef6af11d382d7f1df8.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:38 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218396

From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>

PR32858 ld segfault on fuzzed object
We missed one place where it is necessary to check for empty groups.

Backport a patch from upstream to fix CVE-2025-5244
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d1458933830456e54223d9fc61f0d9b3a19256f5]

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.44.inc                |  1 +
 .../binutils/0016-CVE-2025-5244.patch         | 25 +++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0016-CVE-2025-5244.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc
index f3085ce2ef..0b8a298be0 100644
--- a/meta/recipes-devtools/binutils/binutils-2.44.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.44.inc
@@ -40,5 +40,6 @@ SRC_URI = "\
      file://CVE-2025-1182.patch \
      file://0016-CVE-2025-1181-1.patch \
      file://0017-CVE-2025-1181-2.patch \
+     file://0016-CVE-2025-5244.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0016-CVE-2025-5244.patch b/meta/recipes-devtools/binutils/binutils/0016-CVE-2025-5244.patch
new file mode 100644
index 0000000000..e8855a4b4b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0016-CVE-2025-5244.patch
@@ -0,0 +1,25 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 10 Apr 2025 19:41:49 +0930
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d1458933830456e54223d9fc61f0d9b3a19256f5]
+CVE: CVE-2025-5244
+
+PR32858 ld segfault on fuzzed object
+We missed one place where it is necessary to check for empty groups.
+
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index a76e8e38da7..549b7b7dd92 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -14408,7 +14408,8 @@ elf_gc_sweep (bfd *abfd, struct bfd_link_info *info)
+ 	  if (o->flags & SEC_GROUP)
+ 	    {
+ 	      asection *first = elf_next_in_group (o);
+-	      o->gc_mark = first->gc_mark;
++	      if (first != NULL)
++		o->gc_mark = first->gc_mark;
+ 	    }
+ 
+ 	  if (o->gc_mark)

From patchwork Tue Jun 10 16:08:41 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64743
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6B910C5B543
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:48 +0000 (UTC)
Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com
 [209.85.214.179])
 by mx.groups.io with SMTP id smtpd.web10.91301.1749571778444246589
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:38 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=UDrYDz6O;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f179.google.com with SMTP id
 d9443c01a7336-236377f00a1so10093725ad.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571778;
 x=1750176578; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=WIDnlPWT17Lxw9+OqoUkqtpQpFMOVXjOZj5KIa9gE68=;
        b=UDrYDz6OUKhHRBIA5cM4s6HxB8Hx/+B06WFPWyDTmmS/yaK7GSNNqGzf70qXxcVvDO
         mmeSsreUy7vpKUvWDzBTg1I7jK3/p7WiyGMGB5+8VY2tVQIsWfgax1MAJjinDEKdlmWR
         29n9XXk0zd7z8/eza0hb+IECiCXl0rmEdTWVRHSrQ0RFBnIWWhy5IzeIN4uwBz8bN8nb
         jjfI8fxPfdn+f8eoN+GBNPhTt9nKS8Ykz87NoaQWF1z3uFnJTDTS7cLGZNiv0GZJzWaI
         cQPitOn9Ipc1Cz5hnZH9GCp9iESuKIs9RYMV2igeS8AuePEDPRVTVs+8kcaTwrjV4vJp
         OGmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571778; x=1750176578;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=WIDnlPWT17Lxw9+OqoUkqtpQpFMOVXjOZj5KIa9gE68=;
        b=TJAYL7PWcZ1PZN3O6lxjTnGy3udf747BfJaCOFii7PxXKZouwTimrr5ZR7SIXxqSwO
         uKAYEOnk47VpYDJd3wmZZT+GUKdfyCvi+PfgvvtCT8/qfsaHZiDmVlv2Vut4dlOu76sO
         6fC6tQpxIN9QF2OA+viK1niABRkHW2WLN3d6KZ9FguabhDiMX8bQ9KBqtLnOyX8Jojk6
         uh5gVGFP5SU3/hgyGhL0eJh6oFglvREzJJqnOqm8HnbJnC9KhRs46RCz4T6qOBgNQ0NY
         UcJF6/GPhYQsPNNbcC6nZycgmghReYU2f9eZv9rw6688eFzL3ZKmrhyJMIufwe2J+iUf
         wtLA==
X-Gm-Message-State: AOJu0Yzp8g3SHuY+96MoYoNXIXHbGtjsPg33VdRRGXsfFkBrjaAc6zE3
	uGILJd0EPUtR4YVethJytJ4dlxpWyng6JWx9HpFY3gE5Ie2X8spE4i9pnnwtSozo5Aw2YGhq+Aj
	Ycg6/
X-Gm-Gg: ASbGnctBnSvmXWqOR6ix0Abeevs3kcVx2MsmA67VxVPhl5DfFhsIbQafMOz68cX37Yy
	PAawdlNBXHUiwMi5yMIj4IwgzR5RIDtB8n7hdzlx2eGhPvdHQAl2bKLLnUseLINVKIUgwEX+hVK
	Pkf/MZh8C1VagPz4kG0st/uyvBzf74UEzv5l3MeSaXy63Kggd+950kZr58aM+og1hoUMWUpkNsU
	pGCl4cwlveYnsTzZSJEdkGLLmzcZ+BthG6q51LPTuFSX2GG8eNfKJf9+E6OxFtVq7hyq2Fm0P6S
	I896QwGYAd0oQKr6YpeeXhY0q9GhRSStqdX1XSrSJ80c2YMfBuKHng==
X-Google-Smtp-Source: 
 AGHT+IH+Jh4iA+uvtfFAgUVe6lwQtZYKz24Ozi7cadoAE/TzVvxQvH2R8yRF6yQh1JYfQCBItnccLg==
X-Received: by 2002:a17:902:dacf:b0:22e:6cc6:cf77 with SMTP id
 d9443c01a7336-23640d066bfmr6421435ad.53.1749571777139;
        Tue, 10 Jun 2025 09:09:37 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.36
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:36 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 28/32] systemd.bbclass: generate preset for
 templates
Date: Tue, 10 Jun 2025 09:08:41 -0700
Message-ID: 
 <ea207dce1f5f8579d8ddde487ac9852f50bfc792.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:48 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218397

From: Patrick Williams <patrick@stwcx.xyz>

There was a regression introduced by the change to use
systemd-systemctl-native rather than a python fake implementation,
which caused template units to not be properly enabled when set in
the SYSTEMD_SERVICE variable.  Through investigation, it seems that
the best way to re-enable template instances is to handle them
explicitly in the systemd.bbclass and enable them with `preset`, like
most units are handled[1,2].

Per the systemd.preset manpage, the format for template units is
different than for regular units[3].  We need to coalesce all the
template instances onto a single line and emit them as an additional
space-deliminated argument.

Ran this against openbmc's phosphor-ipmi-net recipe and generated
the following preset file:
```
$ cat packages-split/phosphor-ipmi-net/usr/lib/systemd/system-preset/98-phosphor-ipmi-net.preset
enable phosphor-ipmi-net@.service eth0
enable phosphor-ipmi-net@.socket eth0
```

[1]: https://lore.kernel.org/openembedded-core/Z2ch.1747051947055246176.oktf@lists.openembedded.org/
[2]: https://lore.kernel.org/openembedded-core/aDdoTVtCmElpURYD@heinlein/
[3]: https://www.freedesktop.org/software/systemd/man/latest/systemd.preset.html

Fixes: 7a580800db39 ("systemd: Build the systemctl executable")
(From OE-Core rev: f33d9b1f434e40a459614d8dc21ce45e11581008)

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-recipe/systemd.bbclass | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/meta/classes-recipe/systemd.bbclass b/meta/classes-recipe/systemd.bbclass
index 4c9f51d33d..12c59647be 100644
--- a/meta/classes-recipe/systemd.bbclass
+++ b/meta/classes-recipe/systemd.bbclass
@@ -224,6 +224,8 @@ python systemd_populate_packages() {
                         service, pkg_systemd, "Also looked for service unit '{0}'.".format(base) if base is not None else ""))
 
     def systemd_create_presets(pkg, action, user):
+        import re
+
         # Check there is at least one service of given type (system/user), don't
         # create empty files.
         needs_preset = False
@@ -239,10 +241,17 @@ python systemd_populate_packages() {
         presetf = oe.path.join(d.getVar("PKGD"), d.getVar("systemd_unitdir"), "%s-preset/98-%s.preset" % (prefix, pkg))
         bb.utils.mkdirhier(os.path.dirname(presetf))
         with open(presetf, 'a') as fd:
+            template_services = {}
             for service in d.getVar('SYSTEMD_SERVICE:%s' % pkg).split():
                 if not systemd_service_exists(service, user, d):
                     continue
-                fd.write("%s %s\n" % (action,service))
+                if '@' in service and '@.' not in service:
+                    (servicename, instance, service_type) = re.split('[@.]', service)
+                    template_services.setdefault(servicename + '@.' + service_type, []).append(instance)
+                else:
+                    fd.write("%s %s\n" % (action,service))
+            for template, instances in template_services.items():
+                fd.write("%s %s %s\n" % (action, template, ' '.join(instances)))
         d.appendVar("FILES:%s" % pkg, ' ' + oe.path.join(d.getVar("systemd_unitdir"), "%s-preset/98-%s.preset" % (prefix, pkg)))
 
     # Run all modifications once when creating package

From patchwork Tue Jun 10 16:08:42 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64744
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 781F4C5B552
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:48 +0000 (UTC)
Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com
 [209.85.216.41])
 by mx.groups.io with SMTP id smtpd.web10.91303.1749571779480594337
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:39 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=zk+Xf+HN;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.41,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f41.google.com with SMTP id
 98e67ed59e1d1-3121aed2435so6089468a91.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571779;
 x=1750176579; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=pXw/fuThC8JVIfyfChfy47qEztM9bbiMlBaYxWH7yaQ=;
        b=zk+Xf+HNpxoWWdoPbB/eHSCM/3NfwSTXmJ759lEnMr+G3cJen307f0VbDBlFxMQZF4
         ZaAt+p+xsM5HEHVwH5JULKBsArsep+aX5FWCmjVFrf89kICTTKSIxqRmbOZywhw/yYpu
         qLfhS1jSPzT4nFpdiTJZINsNEr7B/9/XGJtdyN+cxEF5Z8IhQ1QdeOXjAk9scwcg8u6i
         0lzcBI2O1/vsoARAJgWBxKEOVTqMhSnnDP1umvrrXFdH2BbmUw+gTt9rS/G7Bw+nlMO+
         d1pcdoMOKgwmpF+i7MzgmUhlIS6hXKupKUnXj2CFeM8/JF0A5aWjZsvlPy0ZXZir2fuX
         ejbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571779; x=1750176579;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=pXw/fuThC8JVIfyfChfy47qEztM9bbiMlBaYxWH7yaQ=;
        b=mjVy2AamkRjZ6329vHYnb0Ivyok/l0L9K+VR97cUggzGzwkaQUmGjiJECNH2qTZjNy
         XSPhYCB4PHWrXN21myco3BlZ2Kvlmly8PH4NHI5bC/nmGHie3kv6NFKVpoOXZqkJtYYi
         rNhTIo3A4aVsPpb8ZzbmNjjyadd4eA3P8eES8gWAIG4u6pwLFeW8msTC5NFjfT7Ywwe5
         DHQ757RjurUha0s3oWWlvP5r1LPo8uiJj0XJnOSVwCAzw41oCvz7rRiwiYqbpCrLkmGC
         l+r95ZzPWf2/WCvD+Ixn+3LFLojw5bTRWJzyxOtAEiP9SVsIXPGHrQEavYfueciVjrBJ
         xtiA==
X-Gm-Message-State: AOJu0YznXykhetewHjlQyViVRpVgAdqe/4gC6K3UOKDO4BhiNpbq6m7s
	zK/x+kKN4/dl4MidJdIB3dd3nqoNO6ki5R7GPIeOsoRhdsAXgvL05p2J1F0dtkV7ykVwWJg58Qp
	eeYpL
X-Gm-Gg: ASbGncuudOrNYYVIMLRwQgUWgP673ijIRsICO6Z+Hi1KY6sFOilrHSVssYamOXRUJSI
	Suv4SULP+P3dJ/I1cQiuZlepFa0V8hu0Ks6e9+zZm8STfIoX6qn85P1KacDryUTGFEZYbZpeyZE
	tcKrNP0VXFPYTF1ccnzp+HqF/RFpfescLZ+Yi8ZDIAUBRSWqfDwNwhhCbjamBBEWzZtN3r1aPp2
	LO3Fz/ZnyfD1VMOuUIDObTSgV1wTVAkv+Le1VFkexWbgTj0LeDRtMWYg9Tk9x7k4hhl2215oJlc
	BDyzgb/+pEfVrDLy5ORLHe/3A0UHodl3OiUn6LuRFaG8fJsQ0gI0dg==
X-Google-Smtp-Source: 
 AGHT+IGs9Q6oqkkLuWu0LBf3D8itK0Ab3shLPr6HNu3mO8XQqTWpfwyMSxXc8gKp6DObzttcZtmx4A==
X-Received: by 2002:a17:90b:3fc5:b0:312:1ae9:152b with SMTP id
 98e67ed59e1d1-313af2077admr148495a91.23.1749571778721;
        Tue, 10 Jun 2025 09:09:38 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.38
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:38 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 29/32] python3: remove obsolete deletion of
 non-deterministic .pyc files
Date: Tue, 10 Jun 2025 09:08:42 -0700
Message-ID: 
 <75758dc92003892edc32cccb3c830926b5c4942a.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:48 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218398

From: Ross Burton <ross.burton@arm.com>

These .pyc files were non-deterministic because they used frozensets[1],
but this has been fixed in 3.11 onwards.

[1] https://github.com/python/cpython/issues/81777
[2] https://github.com/python/cpython/commit/51999c960e7fc45feebd629421dec6524a5fc803

(From OE-Core rev: c8c391ed3e0598a3bea7bc0981126d870315063d)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/python/python3_3.13.2.bb | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/meta/recipes-devtools/python/python3_3.13.2.bb b/meta/recipes-devtools/python/python3_3.13.2.bb
index 7c36fd92ed..0f0505c66c 100644
--- a/meta/recipes-devtools/python/python3_3.13.2.bb
+++ b/meta/recipes-devtools/python/python3_3.13.2.bb
@@ -235,20 +235,6 @@ do_install:append() {
                 $sysconfigfile
         cp $sysconfigfile ${D}${libdir}/python-sysconfigdata/_sysconfigdata.py
 
-
-        # Unfortunately the following pyc files are non-deterministc due to 'frozenset'
-        # being written without strict ordering, even with PYTHONHASHSEED = 0
-        # Upstream is discussing ways to solve the issue properly, until then let's
-        # just not install the problematic files.
-        # More info: http://benno.id.au/blog/2013/01/15/python-determinism
-        rm -f ${D}${libdir}/python${PYTHON_MAJMIN}/test/__pycache__/test_range.cpython*
-        rm -f ${D}${libdir}/python${PYTHON_MAJMIN}/test/__pycache__/test_xml_etree.cpython*
-
-        # Similar to the above, we're getting reproducibility issues with 
-        # /usr/lib/python3.10/__pycache__/traceback.cpython-310.pyc
-        # so remove it too
-        rm -f ${D}${libdir}/python${PYTHON_MAJMIN}/__pycache__/traceback.cpython*
-
         # Remove the opt-1.pyc and opt-2.pyc files. They effectively waste space on embedded
         # style targets as they're only used when python is called with the -O or -OO options
         # which is rare.

From patchwork Tue Jun 10 16:08:43 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64747
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8547CC71133
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:48 +0000 (UTC)
Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com
 [209.85.215.180])
 by mx.groups.io with SMTP id smtpd.web11.90709.1749571781166554395
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:41 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=VQoW+j0f;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.180,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f180.google.com with SMTP id
 41be03b00d2f7-b2f11866376so3751264a12.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571780;
 x=1750176580; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=jquuMMcHjzH2VcaYOVUSl3t+iwkojFPjUbIr89Y8qZ8=;
        b=VQoW+j0fqQS/no0ttRR4nbP53ev40qblovUFJuLvR7gPbGSjpSiHuLQ9AzpBRcjrSU
         tTA+eCNwAX3ord18jD+NcMpASL4eS/bJloyobQ1SYDtmTherrsGUsxrW850eL/phZc2G
         B0ovkJw6/z/dNkhwIvwabcuE4i693qVRaalaBPT94tYxw6q/+/l0mSSlgSKhNahzpV9R
         vkU7oQksCnW04+fYGDMukQna4RmK8UlqbnBWp55Ppd1vAED7hPJ0xQ6ngeKTN5pRJOUX
         jlsToYLG9yfDpN6r96YRsZP+NOEXEWKI6CDoTrOajrHEB/x5O870g188huI8gLenKssR
         8X0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571780; x=1750176580;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=jquuMMcHjzH2VcaYOVUSl3t+iwkojFPjUbIr89Y8qZ8=;
        b=R/OMAHb4FMFVOlL0MoNlPfQ/YJx2FDmNZDiJX8iitduhksanMAELeUOQ/NWr5rblDB
         7V3ohRCIZSA3aEhJ/BE5wfReLqxPS4yhwqGWhQnPCPK0QNePmVBuELp/GU0ztEZW2lMi
         5/wq3dYVh1xmoJk6BDpJhZLoAGNhkwES86/d0/P5hWFWyTCait1bTNU6IsGmS49DPqAm
         hQpy2xake3QTwInZKf/up10qYYp9fRP3JxblYpJeZ7jFBzvupldOrHVYV5Rgb6Na/mmq
         5Iva5So5WZyQe0bPH2YzE2WiBk+aez9V7bDiV98gSo9PqFIAks0eJo9rF7pKIeP092Pm
         lgmA==
X-Gm-Message-State: AOJu0YxLT1Z9bdEohIsPsl8qNAKSJX3tUo+I2VXkfKYV1CLpXFDGZKnr
	lcJ8erlZ3/npwMGfXtOhqT77ah9chGBB/xLyY7l/nw0id2ae1ex7Ryk1PED9BhyRZHAG3yY4Trg
	o5TrP
X-Gm-Gg: ASbGncuuvKGI5xwgs0zOd9SwXKRDRQuEw81vVGeeJCvYGE5TNjPf5rKN6cxYzt2dBGF
	XRozd1yYJhCtJba2TIaw6al04qt2FabftqtJHyl3nNewsfhKdRtPbRgRMyAiepRCFkUxDIqXFsN
	aa50GekQBc4nKQfMZ2Jj8Clz6zpKiBclSKUB3viOB/GNptoH4+CIRYRqU8SV3JEfki5lVohq2rI
	rIKg6Nqpl4XyTwx37CzaQwV4fwsyBPLAXr5RWLu60u2sBxHnktjsjYX7rREFqbka5vMOTen/a05
	+pYHYzZCY5rEkmOM4rObJtM0YqvFGGB6ykxtQsPoMbJR/ZwM/KnZ0g==
X-Google-Smtp-Source: 
 AGHT+IHgaOIoC825nd0PmWDobevfin54PqoA9si9CS1ZfGFTADLRg+KGkvmSkZ5POqfJmBIS+iwiJA==
X-Received: by 2002:a17:90b:2252:b0:313:2e69:8002 with SMTP id
 98e67ed59e1d1-313af23d6d3mr158415a91.20.1749571780237;
        Tue, 10 Jun 2025 09:09:40 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.39
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:39 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 30/32] python3: backport the full fix for
 importlib scanning invalid distributions
Date: Tue, 10 Jun 2025 09:08:43 -0700
Message-ID: 
 <1c1b651038e15445c495d87c38beeb92f00d9919.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:48 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218399

From: Ross Burton <ross.burton@arm.com>

Even with our fixes in deterministic_imports.patch the
importlib.metadata package scan was still returning Distribution objects
for empty directories.  This interacts badly with rebuilds when recipes
are changing as when a recipe is removed from the sysroot directories
are not removed[1].

In particular this breaks python3-meson-python-native rebuilds when
Meson upgrades from 1.7 to 1.8: the site-packages directory has an empty
meson-1.7.dist-info/ and populated meson-1.8.dist-info/. Whilst it's
deterministic to return the empty 1.7 first, this breaks pypa/build as
it looks through the distributions in order.

We had discussed this with upstream previously and there's a more
comprehensive fix upstream (actually in importlib_metadata, not cpython)
which ensures that valid distribution objects are listed first.  So we
can drop our patch and replace it with a backport to fix these rebuilds.

[1] oe-core 4f94d929639 ("sstate/staging: Handle directory creation race issue")

(From OE-Core rev: 73de8daa6293403f5b92d313af32882c47bce396)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../python3/deterministic_imports.patch       |  39 -----
 .../python/python3/valid-dists.patch          | 160 ++++++++++++++++++
 .../recipes-devtools/python/python3_3.13.2.bb |   2 +-
 3 files changed, 161 insertions(+), 40 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3/deterministic_imports.patch
 create mode 100644 meta/recipes-devtools/python/python3/valid-dists.patch

diff --git a/meta/recipes-devtools/python/python3/deterministic_imports.patch b/meta/recipes-devtools/python/python3/deterministic_imports.patch
deleted file mode 100644
index 61f136ef42..0000000000
--- a/meta/recipes-devtools/python/python3/deterministic_imports.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 0a02e3b85176a5ce4dd98830bb65dac8596142e9 Mon Sep 17 00:00:00 2001
-From: Richard Purdie <richard.purdie@linuxfoundation.org>
-Date: Fri, 27 May 2022 17:05:44 +0100
-Subject: [PATCH] python3: Ensure stale empty python module directories don't
-
-There are two issues here. Firstly, the modules are accessed in on disk order. This
-means behaviour seen on one system might not reproduce on another and is a real headache.
-
-Secondly, empty directories left behind by previous modules might be looked at. This
-has caused a long string of different issues for us.
-
-As a result, patch this to a behaviour which works for us.
-
-Upstream-Status: Submitted [https://github.com/python/cpython/issues/120492; need to first talk to upstream to see if they'll take one or both fixes]
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
----
- Lib/importlib/metadata/__init__.py | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/Lib/importlib/metadata/__init__.py b/Lib/importlib/metadata/__init__.py
-index 8ce62dd..a6ea6e9 100644
---- a/Lib/importlib/metadata/__init__.py
-+++ b/Lib/importlib/metadata/__init__.py
-@@ -786,7 +786,14 @@ class Lookup:
-         self.infos = FreezableDefaultDict(list)
-         self.eggs = FreezableDefaultDict(list)
- 
--        for child in path.children():
-+        for child in sorted(path.children()):
-+            childpath = pathlib.Path(path.root, child)
-+            try:
-+                if childpath.is_dir() and not any(childpath.iterdir()):
-+                    # Empty directories aren't interesting
-+                    continue
-+            except PermissionError:
-+                continue
-             low = child.lower()
-             if low.endswith((".dist-info", ".egg-info")):
-                 # rpartition is faster than splitext and suitable for this purpose.
diff --git a/meta/recipes-devtools/python/python3/valid-dists.patch b/meta/recipes-devtools/python/python3/valid-dists.patch
new file mode 100644
index 0000000000..1b2c078c21
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/valid-dists.patch
@@ -0,0 +1,160 @@
+From a65c29adc027b3615154cab73aaedd58a6aa23da Mon Sep 17 00:00:00 2001
+From: "Jason R. Coombs" <jaraco@jaraco.com>
+Date: Tue, 23 Jul 2024 08:36:16 -0400
+Subject: [PATCH] Prioritize valid dists to invalid dists when retrieving by
+ name.
+
+Closes python/importlib_metadata#489
+
+Upstream-Status: Backport [https://github.com/python/importlib_metadata/commit/a65c29adc027b3615154cab73aaedd58a6aa23da]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+diff --git i/Lib/importlib/metadata/__init__.py w/Lib/importlib/metadata/__init__.py
+index 8ce62dd864f..085378caabc 100644
+--- i/Lib/importlib/metadata/__init__.py
++++ w/Lib/importlib/metadata/__init__.py
+@@ -21,7 +21,7 @@
+ from . import _meta
+ from ._collections import FreezableDefaultDict, Pair
+ from ._functools import method_cache, pass_none
+-from ._itertools import always_iterable, unique_everseen
++from ._itertools import always_iterable, bucket, unique_everseen
+ from ._meta import PackageMetadata, SimplePath
+ 
+ from contextlib import suppress
+@@ -404,7 +404,7 @@ def from_name(cls, name: str) -> Distribution:
+         if not name:
+             raise ValueError("A distribution name is required.")
+         try:
+-            return next(iter(cls.discover(name=name)))
++            return next(iter(cls._prefer_valid(cls.discover(name=name))))
+         except StopIteration:
+             raise PackageNotFoundError(name)
+ 
+@@ -428,6 +428,16 @@ def discover(
+             resolver(context) for resolver in cls._discover_resolvers()
+         )
+ 
++    @staticmethod
++    def _prefer_valid(dists: Iterable[Distribution]) -> Iterable[Distribution]:
++        """
++        Prefer (move to the front) distributions that have metadata.
++
++        Ref python/importlib_resources#489.
++        """
++        buckets = bucket(dists, lambda dist: bool(dist.metadata))
++        return itertools.chain(buckets[True], buckets[False])
++
+     @staticmethod
+     def at(path: str | os.PathLike[str]) -> Distribution:
+         """Return a Distribution for the indicated metadata path.
+diff --git i/Lib/importlib/metadata/_itertools.py w/Lib/importlib/metadata/_itertools.py
+index d4ca9b9140e..79d37198ce7 100644
+--- i/Lib/importlib/metadata/_itertools.py
++++ w/Lib/importlib/metadata/_itertools.py
+@@ -1,3 +1,4 @@
++from collections import defaultdict, deque
+ from itertools import filterfalse
+ 
+ 
+@@ -71,3 +72,100 @@ def always_iterable(obj, base_type=(str, bytes)):
+         return iter(obj)
+     except TypeError:
+         return iter((obj,))
++
++
++# Copied from more_itertools 10.3
++class bucket:
++    """Wrap *iterable* and return an object that buckets the iterable into
++    child iterables based on a *key* function.
++
++        >>> iterable = ['a1', 'b1', 'c1', 'a2', 'b2', 'c2', 'b3']
++        >>> s = bucket(iterable, key=lambda x: x[0])  # Bucket by 1st character
++        >>> sorted(list(s))  # Get the keys
++        ['a', 'b', 'c']
++        >>> a_iterable = s['a']
++        >>> next(a_iterable)
++        'a1'
++        >>> next(a_iterable)
++        'a2'
++        >>> list(s['b'])
++        ['b1', 'b2', 'b3']
++
++    The original iterable will be advanced and its items will be cached until
++    they are used by the child iterables. This may require significant storage.
++
++    By default, attempting to select a bucket to which no items belong  will
++    exhaust the iterable and cache all values.
++    If you specify a *validator* function, selected buckets will instead be
++    checked against it.
++
++        >>> from itertools import count
++        >>> it = count(1, 2)  # Infinite sequence of odd numbers
++        >>> key = lambda x: x % 10  # Bucket by last digit
++        >>> validator = lambda x: x in {1, 3, 5, 7, 9}  # Odd digits only
++        >>> s = bucket(it, key=key, validator=validator)
++        >>> 2 in s
++        False
++        >>> list(s[2])
++        []
++
++    """
++
++    def __init__(self, iterable, key, validator=None):
++        self._it = iter(iterable)
++        self._key = key
++        self._cache = defaultdict(deque)
++        self._validator = validator or (lambda x: True)
++
++    def __contains__(self, value):
++        if not self._validator(value):
++            return False
++
++        try:
++            item = next(self[value])
++        except StopIteration:
++            return False
++        else:
++            self._cache[value].appendleft(item)
++
++        return True
++
++    def _get_values(self, value):
++        """
++        Helper to yield items from the parent iterator that match *value*.
++        Items that don't match are stored in the local cache as they
++        are encountered.
++        """
++        while True:
++            # If we've cached some items that match the target value, emit
++            # the first one and evict it from the cache.
++            if self._cache[value]:
++                yield self._cache[value].popleft()
++            # Otherwise we need to advance the parent iterator to search for
++            # a matching item, caching the rest.
++            else:
++                while True:
++                    try:
++                        item = next(self._it)
++                    except StopIteration:
++                        return
++                    item_value = self._key(item)
++                    if item_value == value:
++                        yield item
++                        break
++                    elif self._validator(item_value):
++                        self._cache[item_value].append(item)
++
++    def __iter__(self):
++        for item in self._it:
++            item_value = self._key(item)
++            if self._validator(item_value):
++                self._cache[item_value].append(item)
++
++        yield from self._cache.keys()
++
++    def __getitem__(self, value):
++        if not self._validator(value):
++            return iter(())
++
++        return self._get_values(value)
diff --git a/meta/recipes-devtools/python/python3_3.13.2.bb b/meta/recipes-devtools/python/python3_3.13.2.bb
index 0f0505c66c..8e16ce90dc 100644
--- a/meta/recipes-devtools/python/python3_3.13.2.bb
+++ b/meta/recipes-devtools/python/python3_3.13.2.bb
@@ -20,7 +20,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://makerace.patch \
            file://0001-sysconfig.py-use-platlibdir-also-for-purelib.patch \
            file://0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch \
-           file://deterministic_imports.patch \
+           file://valid-dists.patch \
            file://0001-Avoid-shebang-overflow-on-python-config.py.patch \
            file://0001-Update-test_sysconfig-for-posix_user-purelib.patch \
            file://0001-skip-no_stdout_fileno-test-due-to-load-variability.patch \

From patchwork Tue Jun 10 16:08:44 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64745
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6B94AC677C4
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:48 +0000 (UTC)
Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com
 [209.85.216.45])
 by mx.groups.io with SMTP id smtpd.web11.90710.1749571782941812637
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:43 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=a4WKhlg+;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.45,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f45.google.com with SMTP id
 98e67ed59e1d1-3135f3511bcso3054807a91.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571782;
 x=1750176582; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=f+tsYhe4tjn+K8Tvitsa+bkYLWApXmO2atUXQaa1kkU=;
        b=a4WKhlg+vWrKVT1yuIcC1Jn4fIEyGoDmR+Q6+7p1eW5fs13UF3GMwe8KG/+UtxfE9c
         S7cudRX58WVmwhWSyg2SUIyaZQS5RvLUhPeY+mIJzyDTmpKASZvizn79Yo8K6uKD5oG6
         VQwh/D190XPd+og+G1XgYapOsuKn8bW/zhUBkK3+nzdxI3JgA/1n3u3Fx/VQevGqBM+E
         t4bkFdQ4dxzCYbSLmWHSRkuRBKjbNR7bxjEvKKZfb0mCShd69E8OCIiF2ww0SpLRoPUK
         9SwPZdheq5XuruQxk4I/5UEHQILxqETLm/Xz0QzUh7E8t6wB7eBSQ/EZTUAtN5/YeqbY
         R5XA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571782; x=1750176582;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=f+tsYhe4tjn+K8Tvitsa+bkYLWApXmO2atUXQaa1kkU=;
        b=mefMYdE53p44T20IoOzbHAwnfWBamIDBGmQ+PmNMIM6kuipMq+lRi2iBUDFGo2Yc18
         vz7fg0JvytAWSTUCBe/Z6wUjVrvc+XMTm5XyL5MXyJL/iMz63Di6sCRaxQarcbp2RT50
         6yxET+lcAKZFok+ubhlstWPgZtgBeiej7QeDbdRkeQGjoY0LT7+GvkUWdwpALLWbm2Kn
         mUkc9xQ49v1+eesgsFblaqBZJOpFoAFR44s8m+Dkd00uvxggwijHjHG+mGy/KSnDDRAA
         Y0BkIDY7KjijViwJbbeqO6dA+cTKAGJAMBaQbfuukPUhYNaWCH+CbPeFiJdCTcnWCFkq
         Widg==
X-Gm-Message-State: AOJu0Yzlu9MaYVffJH8Wx2l5064r8v2NxLjuVLsyWc1awB8dY5rO4DAm
	dBAMhxRBl9NDJehWlJQSJbYeRWbV8wxL50dpXMxJ40L/sBVho+AFug33F9FuSx9kDQnMLvvvN73
	2e+m2
X-Gm-Gg: ASbGncsD2h9z//tUZAyxDFeS+sRMoZshASbJzszW7/vIjCax3Q/HFRi1uvLxIJnngJJ
	7KpGSEyHo6tHbXpoiiKq1h6GsPLOYO9ZDY9FAjrQvc/ZYerUjedBsF5eFmLBMkrso6lk04xR6dx
	1RXwboYctyqR7I6dxsiz9gf4DbJoNGv0NDnnKTORoKTLLf5FZ8d55MyMc3PYF//khBaxlBghlOw
	ByOAh4FLpizWsKKfXMRTj9k787So2bu2zimyjs0Z1lj0WpJLa+g7BwCbYhJFvz5+qBK0DgyXwIQ
	cGJBcIXsx8pI43haovZY338D0MDPYoHmHqOGZOTzReisfpYhiLUdHA==
X-Google-Smtp-Source: 
 AGHT+IFgpt4T1pNdQab4hQkih2zSc5um8ck1Aa86EgrG0up0yxvDVO60JhgHRnUqazsQIiKAFH7UUA==
X-Received: by 2002:a17:90a:da8c:b0:312:ea46:3e66 with SMTP id
 98e67ed59e1d1-313af17c802mr218163a91.21.1749571781912;
        Tue, 10 Jun 2025 09:09:41 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.41
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:41 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 31/32] python3: upgrade 3.13.2 -> 3.13.3
Date: Tue, 10 Jun 2025 09:08:44 -0700
Message-ID: 
 <6587dc1fc62de79c4599761af59ebd385244cb57.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:48 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218400

From: Trevor Gamblin <tgamblin@baylibre.com>

This adds some security fixes and many new changes to the library.

Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-13-3-final

Modify 0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
to remove 'test_types' from the pgo-wrapper call, since that fails now
under qemu.

Reproducibility looks OK.

ptest results OK:

|== Tests result: SUCCESS ==
|
|29 tests skipped:
|    test.test_asyncio.test_windows_events
|    test.test_asyncio.test_windows_utils test.test_gdb.test_backtrace
|    test.test_gdb.test_cfunction test.test_gdb.test_cfunction_full
|    test.test_gdb.test_misc test.test_gdb.test_pretty_print
|    test_android test_apple test_asdl_parser test_clinic test_devpoll
|    test_free_threading test_generated_cases test_idle test_ioctl
|    test_kqueue test_launcher test_msvcrt test_startfile test_tcl
|    test_tkinter test_ttk test_ttk_textonly test_turtle test_winapi
|    test_winconsoleio test_winreg test_wmi
|
|9 tests skipped (resource denied):
|    test_curses test_peg_generator test_pyrepl test_smtpnet
|    test_socketserver test_urllib2net test_urllibnet test_winsound
|    test_zipfile64
|
|442 tests OK.
|
|Total duration: 2 min 48 sec
|Total tests: run=43,896 skipped=2,268
|Total test files: run=471/480 skipped=29 resource_denied=9
|Result: SUCCESS
|DURATION: 169
|END: /usr/lib/python3/ptest
|2025-05-12T12:34
|STOP: ptest-runner
|TOTAL: 1 FAIL: 0
|root@qemux86-64:~#

(From OE-Core rev: 063d5a5fb2f71b523f378b95167553b28804c3ad)

Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...e-use-qemu-wrapper-when-gathering-profile.patch | 14 +++++++++++---
 .../{python3_3.13.2.bb => python3_3.13.3.bb}       |  2 +-
 2 files changed, 12 insertions(+), 4 deletions(-)
 rename meta/recipes-devtools/python/{python3_3.13.2.bb => python3_3.13.3.bb} (99%)

diff --git a/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch b/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
index 508754286f..39b62f6f26 100644
--- a/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
+++ b/meta/recipes-devtools/python/python3/0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
@@ -1,16 +1,21 @@
-From 701720a5bab5b42fd7520fd9dd95fd2c7e42c186 Mon Sep 17 00:00:00 2001
+From e7a8a7385f561f214054cf95f0a22bfa064eee0b Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Wed, 30 Jan 2019 12:41:04 +0100
 Subject: [PATCH] Makefile.pre: use qemu wrapper when gathering profile data
 
 Upstream-Status: Inappropriate [oe-core specific]
 Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
+Update to remove test_types from the test list, since that fails under
+qemu now.
+
+Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
 ---
  Makefile.pre.in | 3 +--
  1 file changed, 1 insertion(+), 2 deletions(-)
 
 diff --git a/Makefile.pre.in b/Makefile.pre.in
-index f9932dd..be1b9ea 100644
+index 3bd4495f95b..8e8fc60bc76 100644
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
 @@ -751,8 +751,7 @@ profile-run-stamp:
@@ -19,7 +24,10 @@ index f9932dd..be1b9ea 100644
  	# Next, run the profile task to generate the profile information.
 -	@ # FIXME: can't run for a cross build
 -	$(LLVM_PROF_FILE) $(RUNSHARED) ./$(BUILDPYTHON) $(PROFILE_TASK)
-+	./pgo-wrapper ./python -m test.regrtest --pgo test_grammar test_opcodes test_dict test_types
++	./pgo-wrapper ./python -m test.regrtest --pgo test_grammar test_opcodes test_dict
  	$(LLVM_PROF_MERGER)
  	# Remove profile generation binary since we are done with it.
  	$(MAKE) clean-retain-profile
+-- 
+2.39.5
+
diff --git a/meta/recipes-devtools/python/python3_3.13.2.bb b/meta/recipes-devtools/python/python3_3.13.3.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.13.2.bb
rename to meta/recipes-devtools/python/python3_3.13.3.bb
index 8e16ce90dc..6839d28e19 100644
--- a/meta/recipes-devtools/python/python3_3.13.2.bb
+++ b/meta/recipes-devtools/python/python3_3.13.3.bb
@@ -36,7 +36,7 @@ SRC_URI:append:class-native = " \
            file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \
            "
 
-SRC_URI[sha256sum] = "d984bcc57cd67caab26f7def42e523b1c015bbc5dc07836cf4f0b63fa159eb56"
+SRC_URI[sha256sum] = "40f868bcbdeb8149a3149580bb9bfd407b3321cd48f0be631af955ac92c0e041"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"

From patchwork Tue Jun 10 16:08:45 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 64746
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 78342C71131
	for <webhook@archiver.kernel.org>; Tue, 10 Jun 2025 16:09:48 +0000 (UTC)
Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com
 [209.85.214.177])
 by mx.groups.io with SMTP id smtpd.web10.91305.1749571785663797248
 for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:45 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Vfaop3gL;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f177.google.com with SMTP id
 d9443c01a7336-23508d30142so72534205ad.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 10 Jun 2025 09:09:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749571785;
 x=1750176585; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=orK9mKh5vGdQ4vGIX80Z06rz2LiyFdhT4D0QyPoJ6R4=;
        b=Vfaop3gLWkpBAJeLz6bomNouGzAf+mwvQAFBzn02yckf8dby/qKKyVIuTFB5h4JD83
         PRrEkFXr8L+tEOf33w0zeJqaoePeRcAVGqB2aFmT/KmPk0FH6ZAvduLtYkNFaXxekl2A
         Sdq1+v0OFZMYVbplLjy6QicNSDs2BRxTUVdaengXHNeZ/lw45Uq4czBEIMPIbpziVuzA
         uea4GC4sQolJ10WGyCWbfjIfYPC8QcCLACqzut1bO6wKOMte8F2ZrE3irGyRL+f65Hs7
         aBxYsQ3RTIP8/m+FNRm3G8O4Ib+I0qoPO34nW4f3sQBpiF91hcOPcuB4yytZUlSY8d04
         /SDQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1749571785; x=1750176585;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=orK9mKh5vGdQ4vGIX80Z06rz2LiyFdhT4D0QyPoJ6R4=;
        b=MVdt1wOpIRGS+t1ymEIuTzwct4458LA4E6tXkq6C2Jdg6ryr1NJ2jfPHuGcxApXSDk
         /R/StQSNMhQrmytF1rSN+OgShdL+aAV5US4XielqVM1AJpNNdkQKP6HlH9Me/GVQABry
         kjQSnXOHSp2a0oIy2dJdabVwVGmHsSjRpTeP1Ay4fShkVLlrL251HdE7a02rCUKRQWIA
         L28edPaWT193v09NB95ZvzACLHGIVmbaqRTFBmB//lVIjwS/CxPqbZUxjCb9N6yrMh1U
         amwxJidgtwDh9UGeHqCm5I9OxUVvwXd+toj6mI0nvXZTqR3LXAvKSCxNzzuiQObhh4i2
         mL/g==
X-Gm-Message-State: AOJu0YwHGC7RccPXfByzIeVDGpGKDt56nfJuL5VDms2ZvzJ/C2LStWFE
	3xPPsfnpQTqNGPj+R57Ll5XwNlOTjSMylGrC3+/5V5sjulZ9UF0zFLmZBHzuoEOPNQTP9QkdwrW
	aPGMw
X-Gm-Gg: ASbGncsR+XNLQ1q7Gr3WpnYKkY72EmWVRI0idKNHgC32sj9XpnYSYpcVZsg+fxCrz/W
	78kk+fVNs1OoDLgPqUFgiEXDT5as7wEG5EFbi2mlN0+xyb7gsUlH6HsdtE49hGUlqcFrkEjLZju
	4VdVadaVAmUryYid7JBgS999ohv7/CkagMwVfj+TDaEewc7uruKDJ6a+wgkIBIOJlw/Mc7p4Kmn
	NJOf69xJtgIF8a/UqItJu7RtrrTqIuG8sGP34JFb9QroxLaqHqSWjzH0fN6W7k+2LopkjEPuesM
	XQdbkScNbLPRBaZuFh7mXJghuRprPg6TXsCY85xDUohNN4Wye0qGLmsnut9U/QPo
X-Google-Smtp-Source: 
 AGHT+IHb3JlZlzD16bTYsCb0w81RvCVUWJ8/JL7EPpAwqDS/Gfkaxs6pN3C3EpulcP8Ut4DNEObjcw==
X-Received: by 2002:a17:902:d50c:b0:234:de0a:b36e with SMTP id
 d9443c01a7336-23601da6138mr267142335ad.49.1749571784644;
        Tue, 10 Jun 2025 09:09:44 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:7bc4:2c75:fa51:ff16])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-236034056e7sm72597295ad.166.2025.06.10.09.09.44
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Jun 2025 09:09:44 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 32/32] python3: upgrade 3.13.3 -> 3.13.4
Date: Tue, 10 Jun 2025 09:08:45 -0700
Message-ID: 
 <55a9cd748531c75d46f5d6d53af692a38c6b6716.1749571556.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1749571556.git.steve@sakoman.com>
References: <cover.1749571556.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 10 Jun 2025 16:09:48 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/218401

From: Peter Marko <peter.marko@siemens.com>

Refresh patches.

* https://www.python.org/downloads/release/python-3134/
  Security content in this release
  * gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330]
    [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed
    tarfile extraction filters (filter="data" and filter="tar") to be
    bypassed using crafted symlinks and hard links.
  * gh-133767: Fix use-after-free in the “unicode-escape” decoder with a
    non-“strict” error handler.
  * gh-128840: Short-circuit the processing of long IPv6 addresses early
    in ipaddress to prevent excessive memory consumption and a minor
    denial-of-service.

gh-133767 got meawhile CVE-2025-4516 assigned.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...01-Avoid-shebang-overflow-on-python-config.py.patch |  2 +-
 ...config.py-use-prefix-value-from-build-configu.patch |  2 +-
 ...ailing-tests-due-to-load-variability-on-YP-AB.patch |  6 +++---
 ...no_stdout_fileno-test-due-to-load-variability.patch |  2 +-
 ...01-test_active_children-skip-problematic-test.patch |  2 +-
 .../0001-test_readline-skip-limited-history-test.patch | 10 +++++-----
 ...1-test_storlines-skip-due-to-load-variability.patch |  2 +-
 meta/recipes-devtools/python/python3/makerace.patch    |  2 +-
 .../python/{python3_3.13.3.bb => python3_3.13.4.bb}    |  2 +-
 9 files changed, 15 insertions(+), 15 deletions(-)
 rename meta/recipes-devtools/python/{python3_3.13.3.bb => python3_3.13.4.bb} (99%)

diff --git a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
index 81a613c151..eaf5ea5049 100644
--- a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
+++ b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
@@ -19,7 +19,7 @@ diff --git a/Makefile.pre.in b/Makefile.pre.in
 index 9ec3a71..f7d5382 100644
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -2578,6 +2578,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh
+@@ -2585,6 +2585,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh
  	@ # Substitution happens here, as the completely-expanded BINDIR
  	@ # is not available in configure
  	sed -e "s,@EXENAME@,$(EXENAME)," < $(srcdir)/Misc/python-config.in >python-config.py
diff --git a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
index ca72ebc899..ffdf9affd9 100644
--- a/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
+++ b/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
@@ -17,7 +17,7 @@ diff --git a/Lib/sysconfig/__init__.py b/Lib/sysconfig/__init__.py
 index f8e1c7d..0882526 100644
 --- a/Lib/sysconfig/__init__.py
 +++ b/Lib/sysconfig/__init__.py
-@@ -494,6 +494,11 @@ def _init_config_vars():
+@@ -501,6 +501,11 @@ def _init_config_vars():
          _CONFIG_VARS['VPATH'] = sys._vpath
      if os.name == 'posix':
          _init_posix(_CONFIG_VARS)
diff --git a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
index c8537db1fd..8fa794b5e7 100644
--- a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
+++ b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
@@ -26,7 +26,7 @@ diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.
 index 5dae370..23eb971 100644
 --- a/Lib/test/_test_multiprocessing.py
 +++ b/Lib/test/_test_multiprocessing.py
-@@ -688,6 +688,7 @@ class _TestProcess(BaseTestCase):
+@@ -701,6 +701,7 @@ class _TestProcess(BaseTestCase):
          close_queue(q)
  
      @support.requires_resource('walltime')
@@ -34,7 +34,7 @@ index 5dae370..23eb971 100644
      def test_many_processes(self):
          if self.TYPE == 'threads':
              self.skipTest('test not appropriate for {}'.format(self.TYPE))
-@@ -2211,6 +2212,7 @@ class _TestBarrier(BaseTestCase):
+@@ -2232,6 +2233,7 @@ class _TestBarrier(BaseTestCase):
          except threading.BrokenBarrierError:
              results.append(True)
  
@@ -42,7 +42,7 @@ index 5dae370..23eb971 100644
      def test_timeout(self):
          """
          Test wait(timeout)
-@@ -5299,6 +5301,7 @@ class TestWait(unittest.TestCase):
+@@ -5320,6 +5322,7 @@ class TestWait(unittest.TestCase):
          time.sleep(period)
  
      @support.requires_resource('walltime')
diff --git a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
index ea103bc834..9bc8b091cc 100644
--- a/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
+++ b/meta/recipes-devtools/python/python3/0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
@@ -19,7 +19,7 @@ diff --git a/Lib/test/test_builtin.py b/Lib/test/test_builtin.py
 index c5394de..ed17fb6 100644
 --- a/Lib/test/test_builtin.py
 +++ b/Lib/test/test_builtin.py
-@@ -2435,6 +2435,7 @@ class PtyTests(unittest.TestCase):
+@@ -2474,6 +2474,7 @@ class PtyTests(unittest.TestCase):
                           "byte 0xe9 in position 4: ordinal not in "
                           "range(128)")
  
diff --git a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
index 5f60c60b5b..08ac5861b3 100644
--- a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch
@@ -17,7 +17,7 @@ diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.
 index 23eb971..b1295b2 100644
 --- a/Lib/test/_test_multiprocessing.py
 +++ b/Lib/test/_test_multiprocessing.py
-@@ -585,6 +585,7 @@ class _TestProcess(BaseTestCase):
+@@ -594,6 +594,7 @@ class _TestProcess(BaseTestCase):
          self.assertTrue(type(cpus) is int)
          self.assertTrue(cpus >= 1)
  
diff --git a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
index 862a7f5ea7..186623b084 100644
--- a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
@@ -13,12 +13,12 @@ Upstream-Status: Inappropriate [OE-specific]
 
 Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
 ---
- Lib/test/test_readline.py | 2 ++
- 1 file changed, 2 insertions(+)
+ Lib/test/test_readline.py | 3 +++
+ 1 file changed, 3 insertions(+)
 
 --- a/Lib/test/test_readline.py
 +++ b/Lib/test/test_readline.py
-@@ -70,6 +70,7 @@ class TestHistoryManipulation (unittest.
+@@ -71,6 +71,7 @@ class TestHistoryManipulation (unittest.TestCase):
  
      @unittest.skipUnless(hasattr(readline, "append_history_file"),
                           "append_history not available")
@@ -26,7 +26,7 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
      def test_write_read_append(self):
          hfile = tempfile.NamedTemporaryFile(delete=False)
          hfile.close()
-@@ -141,6 +142,7 @@ class TestHistoryManipulation (unittest.
+@@ -142,6 +143,7 @@ class TestHistoryManipulation (unittest.TestCase):
          self.assertEqual(readline.get_history_item(1), "entrée 1")
          self.assertEqual(readline.get_history_item(2), "entrée 22")
  
@@ -34,7 +34,7 @@ Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
      def test_write_read_limited_history(self):
          previous_length = readline.get_history_length()
          self.addCleanup(readline.set_history_length, previous_length)
-@@ -382,6 +384,7 @@ readline.write_history_file(history_file
+@@ -390,6 +392,7 @@ readline.write_history_file(history_file)
          self.assertIn(b"done", output)
  
  
diff --git a/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch b/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
index b4f873fd72..b452c6556f 100644
--- a/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_storlines-skip-due-to-load-variability.patch
@@ -19,7 +19,7 @@ diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py
 index bed0e6d..36602be 100644
 --- a/Lib/test/test_ftplib.py
 +++ b/Lib/test/test_ftplib.py
-@@ -627,6 +627,7 @@ class TestFTPClass(TestCase):
+@@ -630,6 +630,7 @@ class TestFTPClass(TestCase):
              self.client.storbinary('stor', f, rest=r)
              self.assertEqual(self.server.handler_instance.rest, str(r))
  
diff --git a/meta/recipes-devtools/python/python3/makerace.patch b/meta/recipes-devtools/python/python3/makerace.patch
index b115a6fa65..bf73135e09 100644
--- a/meta/recipes-devtools/python/python3/makerace.patch
+++ b/meta/recipes-devtools/python/python3/makerace.patch
@@ -20,7 +20,7 @@ diff --git a/Makefile.pre.in b/Makefile.pre.in
 index be1b9ea..9ec3a71 100644
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -2485,7 +2485,7 @@ COMPILEALL_OPTS=-j0
+@@ -2492,7 +2492,7 @@ COMPILEALL_OPTS=-j0
  TEST_MODULES=@TEST_MODULES@
  
  .PHONY: libinstall
diff --git a/meta/recipes-devtools/python/python3_3.13.3.bb b/meta/recipes-devtools/python/python3_3.13.4.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.13.3.bb
rename to meta/recipes-devtools/python/python3_3.13.4.bb
index 6839d28e19..5d904d6207 100644
--- a/meta/recipes-devtools/python/python3_3.13.3.bb
+++ b/meta/recipes-devtools/python/python3_3.13.4.bb
@@ -36,7 +36,7 @@ SRC_URI:append:class-native = " \
            file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \
            "
 
-SRC_URI[sha256sum] = "40f868bcbdeb8149a3149580bb9bfd407b3321cd48f0be631af955ac92c0e041"
+SRC_URI[sha256sum] = "27b15a797562a2971dce3ffe31bb216042ce0b995b39d768cf15f784cc757365"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"