From patchwork Fri Jun 13 05:44:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vijay Anusuri X-Patchwork-Id: 64881 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36D61C61DB2 for ; Fri, 13 Jun 2025 05:45:08 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web11.3301.1749793506568140146 for ; Thu, 12 Jun 2025 22:45:06 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@mvista.com header.s=google header.b=jg9onEMn; spf=pass (domain: mvista.com, ip: 209.85.210.177, mailfrom: vanusuri@mvista.com) Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-74865da80c4so1138137b3a.3 for ; Thu, 12 Jun 2025 22:45:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista.com; s=google; t=1749793505; x=1750398305; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=83rMAAMwWZwlcIpjAOZuGpq6/XtvSqQexaSK3zZYX/o=; b=jg9onEMnyTEAf5i2lp/2La0WHCgIq4kU/kMWgy3ZmrHDeyXg566sMZhjT9flT32OoB vX/Onydn3bw17VBFFPWOw3KlwIjILkfI0SAc3wRlukrw6GwLC6MVq/d84E6zkyoyi+iR +tNfHQC0cgonYwg2msE08Dz9yA1xxCASjQCNM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749793505; x=1750398305; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=83rMAAMwWZwlcIpjAOZuGpq6/XtvSqQexaSK3zZYX/o=; b=AKZeOS6idsUqRbyajjhOnqxFoGHHvapw01ZAiFM59zP0Gwa5EZcEXTptGPF1EYL7Tj kF3mU9VUPFsS9Gkl7b5IyGNXYC2IynNtxrIb+GJqFVrIIPYLr53g2c57Y/glrLE16lKq OlWrZr572TA2AmmigMrNj6U54TcAEQnnGNRDJ08sfs/Q08SNjJZMxOdhfFyR+S4XPANK 31m4V20IpTRBXGtRPCqxPnni3EIcm/jD2XlQkSUsH+qvGEy+w//Ii6E5+5Lg69ld48/P 6hOMmKKlVNCkgsfCSeKZ+8hRgVUJrM2X1H0M91QAIItxQfRVz1FyPVnc+p4o67j71DQJ PUvA== X-Gm-Message-State: AOJu0YyJkm0MSh3lkCqHfu8ymTBc4+JxnuX+fikFMY9V0CzwTqZ334i/ Rq3EDXysFIiTIHmu9U71918IoE+qPHLhPrg+vtvluxPFz25bI4WZX48GfhS+fCgCXX+LePsynSb sRVcI X-Gm-Gg: ASbGnctTQW+Ag2pd5V7DSLyRdgo3VQYc71onnQGep+lICdjnEViMpqH1PqTmaT6PSSv kFsNo/QkYZWntlY8TFGZtWDw2IDRG1yxOxwGiCfyUfmhi7t1VY7O3+JJCEkLcnyBJCwwi4HvZFQ PzigK0fWF5c5FQXCM4ZDijvcwtTcZJA9QaSkmJyYpUyeCy9XAc910kvC245RwDdjr8MnzxQ0fRu plTj3Jsf6LmsMZQlJa6DnNG5gC9OZnzAxLb+6LS1bs8k+vP4MCkPvqHZcEDUIZLg3L8j+LYkuih vYJvd1zgSHAmkECZ7dwb6mBVQcmlQuPZX6HvGuwsdngJ6nYgxpDZjGOrPerF46ZbFqDFAPPU X-Google-Smtp-Source: AGHT+IGOvCBpBIbyo2pc5sWWf08kO/eWZ8HFfTXx3zcA3aLGfRzhvlk95MACuhAI7DXEFMMg+C9B5w== X-Received: by 2002:a05:6a00:3cd2:b0:742:aecc:c46d with SMTP id d2e1a72fcca58-7488f6e7e26mr2444160b3a.5.1749793505476; Thu, 12 Jun 2025 22:45:05 -0700 (PDT) Received: from MVIN00020.mvista.com ([49.207.197.22]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-748900ad24csm764910b3a.109.2025.06.12.22.45.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jun 2025 22:45:04 -0700 (PDT) From: vanusuri@mvista.com To: openembedded-core@lists.openembedded.org Cc: Vijay Anusuri Subject: [OE-core][kirkstone][PATCH 1/9] libsoup-2.4: Fix CVE-2025-2784 Date: Fri, 13 Jun 2025 11:14:46 +0530 Message-Id: <20250613054454.112590-1-vanusuri@mvista.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 13 Jun 2025 05:45:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218576 From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/242a10fbb12dbdc12d254bd8fc8669a0ac055304 & https://gitlab.gnome.org/GNOME/libsoup/-/commit/c415ad0b6771992e66c70edf373566c6e247089d] https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435 Signed-off-by: Vijay Anusuri --- .../libsoup/libsoup-2.4/CVE-2025-2784-1.patch | 52 +++++++ .../libsoup/libsoup-2.4/CVE-2025-2784-2.patch | 135 ++++++++++++++++++ .../libsoup/libsoup-2.4_2.74.2.bb | 2 + 3 files changed, 189 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-1.patch create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-2.patch diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-1.patch new file mode 100644 index 0000000000..bc2538329f --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-1.patch @@ -0,0 +1,52 @@ +From 242a10fbb12dbdc12d254bd8fc8669a0ac055304 Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Wed, 5 Feb 2025 14:39:42 -0600 +Subject: [PATCH] sniffer: Fix potential overflow + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches/CVE-2025-2784-1.patch?h=ubuntu/focal-security +Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/242a10fbb12dbdc12d254bd8fc8669a0ac055304] +CVE: CVE-2025-2784 +Signed-off-by: Vijay Anusuri +--- + libsoup/content-sniffer/soup-content-sniffer.c | 2 +- + tests/meson.build | 4 +++- + tests/resources/whitespace.html | Bin 0 -> 512 bytes + tests/sniffing-test.c | 5 +++++ + tests/soup-tests.gresource.xml | 1 + + 5 files changed, 10 insertions(+), 2 deletions(-) + create mode 100644 tests/resources/whitespace.html + +--- libsoup2.4-2.70.0.orig/libsoup/soup-content-sniffer.c ++++ libsoup2.4-2.70.0/libsoup/soup-content-sniffer.c +@@ -642,7 +642,7 @@ sniff_feed_or_html (SoupContentSniffer * + pos = 3; + + look_for_tag: +- if (pos > resource_length) ++ if (pos >= resource_length) + goto text_html; + + if (skip_insignificant_space (resource, &pos, resource_length)) +--- libsoup2.4-2.70.0.orig/tests/sniffing-test.c ++++ libsoup2.4-2.70.0/tests/sniffing-test.c +@@ -601,6 +601,11 @@ main (int argc, char **argv) + "type/text_html; charset=UTF-8/test.html => text/html; charset=UTF-8", + do_sniffing_test); + ++ /* Test hitting skip_insignificant_space() with number of bytes equaling resource_length. */ ++ g_test_add_data_func ("/sniffing/whitespace", ++ "type/text_html/whitespace.html => text/html", ++ do_sniffing_test); ++ + /* Test that disabling the sniffer works correctly */ + g_test_add_data_func ("/sniffing/disabled", + "/text_or_binary/home.gif", +--- libsoup2.4-2.70.0.orig/tests/soup-tests.gresource.xml ++++ libsoup2.4-2.70.0/tests/soup-tests.gresource.xml +@@ -25,5 +25,6 @@ + resources/text.txt + resources/text_binary.txt + resources/tux.webp ++ resources/whitespace.html + + diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-2.patch new file mode 100644 index 0000000000..c9d9c04087 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784-2.patch @@ -0,0 +1,135 @@ +From c415ad0b6771992e66c70edf373566c6e247089d Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Tue, 18 Feb 2025 14:29:50 -0600 +Subject: [PATCH] sniffer: Add better coverage of skip_insignificant_space() + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches/CVE-2025-2784-2.patch?h=ubuntu/focal-security +Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/c415ad0b6771992e66c70edf373566c6e247089d] +CVE: CVE-2025-2784 +Signed-off-by: Vijay Anusuri +--- + .../content-sniffer/soup-content-sniffer.c | 10 ++-- + tests/resources/whitespace.html | Bin 512 -> 0 bytes + tests/sniffing-test.c | 53 ++++++++++++++++-- + tests/soup-tests.gresource.xml | 1 - + 4 files changed, 53 insertions(+), 11 deletions(-) + delete mode 100644 tests/resources/whitespace.html + +--- libsoup2.4-2.70.0.orig/libsoup/soup-content-sniffer.c ++++ libsoup2.4-2.70.0/libsoup/soup-content-sniffer.c +@@ -612,8 +612,11 @@ sniff_text_or_binary (SoupContentSniffer + } + + static gboolean +-skip_insignificant_space (const char *resource, int *pos, int resource_length) ++skip_insignificant_space (const char *resource, gsize *pos, gsize resource_length) + { ++ if (*pos >= resource_length) ++ return TRUE; ++ + while ((resource[*pos] == '\x09') || + (resource[*pos] == '\x20') || + (resource[*pos] == '\x0A') || +@@ -632,7 +635,7 @@ sniff_feed_or_html (SoupContentSniffer * + { + const char *resource = (const char *)buffer->data; + int resource_length = MIN (512, buffer->length); +- int pos = 0; ++ gsize pos = 0; + + if (resource_length < 3) + goto text_html; +@@ -642,9 +645,6 @@ sniff_feed_or_html (SoupContentSniffer * + pos = 3; + + look_for_tag: +- if (pos >= resource_length) +- goto text_html; +- + if (skip_insignificant_space (resource, &pos, resource_length)) + goto text_html; + +--- libsoup2.4-2.70.0.orig/tests/sniffing-test.c ++++ libsoup2.4-2.70.0/tests/sniffing-test.c +@@ -432,6 +432,53 @@ test_disabled (gconstpointer data) + soup_uri_free (uri); + } + ++static const gsize MARKUP_LENGTH = strlen (""); ++ ++static void ++do_skip_whitespace_test (void) ++{ ++ SoupContentSniffer *sniffer = soup_content_sniffer_new (); ++ SoupMessage *msg = soup_message_new (SOUP_METHOD_GET, "http://example.org"); ++ const char *test_cases[] = { ++ "", ++ "response_headers, "text/html", NULL); ++ ++ guint i; ++ for (i = 0; i < G_N_ELEMENTS (test_cases); i++) { ++ const char *trailing_data = test_cases[i]; ++ gsize leading_zeros = 512 - MARKUP_LENGTH - strlen (trailing_data); ++ gsize testsize = MARKUP_LENGTH + leading_zeros + strlen (trailing_data); ++ guint8 *data = g_malloc0 (testsize); ++ guint8 *p = data; ++ char *content_type; ++ GBytes *buffer; ++ ++ /* Format of $trailing_data */ ++ memcpy (p, "", strlen ("-->")); ++ p += strlen ("-->"); ++ if (strlen (trailing_data)) ++ memcpy (p, trailing_data, strlen (trailing_data)); ++ /* Purposefully not NUL terminated. */ ++ ++ buffer = g_bytes_new_take (g_steal_pointer (&data), testsize); ++ content_type = soup_content_sniffer_sniff (sniffer, msg, (SoupBuffer *) buffer, NULL); ++ ++ g_free (content_type); ++ g_bytes_unref (buffer); ++ } ++ ++ g_object_unref (msg); ++ g_object_unref (sniffer); ++} ++ + int + main (int argc, char **argv) + { +@@ -601,16 +648,13 @@ main (int argc, char **argv) + "type/text_html; charset=UTF-8/test.html => text/html; charset=UTF-8", + do_sniffing_test); + +- /* Test hitting skip_insignificant_space() with number of bytes equaling resource_length. */ +- g_test_add_data_func ("/sniffing/whitespace", +- "type/text_html/whitespace.html => text/html", +- do_sniffing_test); +- + /* Test that disabling the sniffer works correctly */ + g_test_add_data_func ("/sniffing/disabled", + "/text_or_binary/home.gif", + test_disabled); + ++ g_test_add_func ("/sniffing/whitespace", do_skip_whitespace_test); ++ + ret = g_test_run (); + + soup_uri_free (base_uri); +--- libsoup2.4-2.70.0.orig/tests/soup-tests.gresource.xml ++++ libsoup2.4-2.70.0/tests/soup-tests.gresource.xml +@@ -25,6 +25,5 @@ + resources/text.txt + resources/text_binary.txt + resources/tux.webp +- resources/whitespace.html + + diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb index bb15e8b926..5e8a141dc5 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb @@ -32,6 +32,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-32912-1.patch \ file://CVE-2025-32912-2.patch \ file://CVE-2025-32914.patch \ + file://CVE-2025-2784-1.patch \ + file://CVE-2025-2784-2.patch \ " SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159" From patchwork Fri Jun 13 05:44:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vijay Anusuri X-Patchwork-Id: 64883 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18A11C7114A for ; Fri, 13 Jun 2025 05:45:18 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web11.3302.1749793511047027845 for ; Thu, 12 Jun 2025 22:45:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@mvista.com header.s=google header.b=ZW5WhJxW; spf=pass (domain: mvista.com, ip: 209.85.210.179, mailfrom: vanusuri@mvista.com) Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-739b3fe7ce8so1483886b3a.0 for ; Thu, 12 Jun 2025 22:45:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista.com; s=google; t=1749793510; x=1750398310; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7YKtKVgkChbmp6jddBcEZqZ7A4L7PdbvG0iMu1hwvA0=; b=ZW5WhJxWFXdgHxScawHHdYrvmSOqK6M7DuWwXdruZK2vFuX5Bv819V0Bfitc9MUP8V DVKBsEQl3ivwvhyr6uJxzd2pSXLx7Oor2uCRM4RCi82FfVs+lwC1wIH2Cp1ptxEe3Cva 5yMs82OfNcw7cTZd4kUiZSiY63BQp9/rPAKPg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749793510; x=1750398310; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7YKtKVgkChbmp6jddBcEZqZ7A4L7PdbvG0iMu1hwvA0=; b=tFfF7B7qs0bBlmsQNy6XyrpfvBwgkRAf7AjXitPi3A/ZODPQDEV7wm2OvhikDo8eh3 tcW8+GYT0RwAAS9LAWJgp5cQO/U6HTG32k2ioQ5jm41cHVV7plZfacZa3DzLl+Io+bTL CN11qLmElaZVbMK0ItTe4NWqAO0yT7R7FqMqhYtNXxYsmGqiKXe8NAerNOPNEyd6RAWw XO2TLs2ja7r3DdY2LRPEVIgklfXtNQT9wH8rZ7OarZ8ZuQMhnsAxhHc6lZQvjwhgbTUx aaihIhweXNl6w+gZaZ5TN9pQ1L8W0ipUOSU4Ml/jqrr57LOnZbZAweBxLQ9PMPuTbsYh MYTg== X-Gm-Message-State: AOJu0Yy7Ae5mbEI1T0uVhm1uDBjkdzeFmC/fqlm9L43Qmu0wsySYjC7y wr+t+1ZJqmIu77NU/QVM/gzCz7BVbDYlzI6xGPLWPdBjXVihAnKwE6K5mjJwG6gzsu5x3eF05xv XbD9I X-Gm-Gg: ASbGnct8IwnfpGp5qYhCkJs35l8ESgYNcuT9ZIWfU8dOGM9XnvqkSHYuSoPYrx1MCXK MR0BHMvv0fqj+zLMkMTue+R+HFqXFfnMnAFQdomadzVmUl3NF7UWOBC7qPDkXXEencv3MWsXXSj hJad38wpmeytH8PTjurjcogsDgCR5cn0yJYbEEn5QbRG9LKZlpJ/UUMwNeK7QXN5fYI6AmJqxXg kE5Y+GBYclUkq5LcDz4wLWZ7y5EmJXTBTuIf8nn65ek4SPfLwvmClgKj93c0snu92J0MWBoRtlS JMzTW6K8mQ6IuupQWykyZeJIOwzXVntTot2LUGI81/X1pSLSfxmeWLB7Cji8zRUXfQKyXHCu X-Google-Smtp-Source: AGHT+IGgUOnbi85G5omNfkVdp5nK12Y+QsyhmBi7Kc/4IgbjZ6LWaRRUHYgXTNUKY/pT+JwESV95Gg== X-Received: by 2002:a05:6a00:2d0e:b0:736:4e67:d631 with SMTP id d2e1a72fcca58-7488f746e46mr2696751b3a.23.1749793509459; Thu, 12 Jun 2025 22:45:09 -0700 (PDT) Received: from MVIN00020.mvista.com ([49.207.197.22]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-748900ad24csm764910b3a.109.2025.06.12.22.45.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jun 2025 22:45:08 -0700 (PDT) From: vanusuri@mvista.com To: openembedded-core@lists.openembedded.org Cc: Vijay Anusuri Subject: [OE-core][kirkstone][PATCH 2/9] libsoup: Fix CVE-2025-2784 Date: Fri, 13 Jun 2025 11:14:47 +0530 Message-Id: <20250613054454.112590-2-vanusuri@mvista.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20250613054454.112590-1-vanusuri@mvista.com> References: <20250613054454.112590-1-vanusuri@mvista.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 13 Jun 2025 05:45:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218577 From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/242a10fbb12dbdc12d254bd8fc8669a0ac055304 & https://gitlab.gnome.org/GNOME/libsoup/-/commit/c415ad0b6771992e66c70edf373566c6e247089d] https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435 Signed-off-by: Vijay Anusuri --- .../libsoup/libsoup/CVE-2025-2784-1.patch | 73 +++++++++ .../libsoup/libsoup/CVE-2025-2784-2.patch | 140 ++++++++++++++++++ meta/recipes-support/libsoup/libsoup_3.0.7.bb | 2 + 3 files changed, 215 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-2784-1.patch create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-2784-2.patch diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-2784-1.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-2784-1.patch new file mode 100644 index 0000000000..d46886c57f --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-2784-1.patch @@ -0,0 +1,73 @@ +From 242a10fbb12dbdc12d254bd8fc8669a0ac055304 Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Wed, 5 Feb 2025 14:39:42 -0600 +Subject: [PATCH] sniffer: Fix potential overflow + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/242a10fbb12dbdc12d254bd8fc8669a0ac055304] +CVE: CVE-2025-2784 +Signed-off-by: Vijay Anusuri +--- + libsoup/content-sniffer/soup-content-sniffer.c | 2 +- + tests/meson.build | 4 +++- + tests/sniffing-test.c | 5 +++++ + tests/soup-tests.gresource.xml | 1 + + 4 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c +index d7c46c8..648ea04 100644 +--- a/libsoup/content-sniffer/soup-content-sniffer.c ++++ b/libsoup/content-sniffer/soup-content-sniffer.c +@@ -666,7 +666,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer) + pos = 3; + + look_for_tag: +- if (pos > resource_length) ++ if (pos >= resource_length) + goto text_html; + + if (skip_insignificant_space (resource, &pos, resource_length)) +diff --git a/tests/meson.build b/tests/meson.build +index 7851e57..450becb 100644 +--- a/tests/meson.build ++++ b/tests/meson.build +@@ -92,7 +92,9 @@ tests = [ + {'name': 'session'}, + {'name': 'server-auth'}, + {'name': 'server'}, +- {'name': 'sniffing'}, ++ {'name': 'sniffing', ++ 'depends': [test_resources], ++ }, + {'name': 'socket'}, + {'name': 'ssl', + 'dependencies': [gnutls_dep], +diff --git a/tests/sniffing-test.c b/tests/sniffing-test.c +index 6116719..b542817 100644 +--- a/tests/sniffing-test.c ++++ b/tests/sniffing-test.c +@@ -512,6 +512,11 @@ main (int argc, char **argv) + "type/text_html; charset=UTF-8/test.html => text/html; charset=UTF-8", + do_sniffing_test); + ++ /* Test hitting skip_insignificant_space() with number of bytes equaling resource_length. */ ++ g_test_add_data_func ("/sniffing/whitespace", ++ "type/text_html/whitespace.html => text/html", ++ do_sniffing_test); ++ + /* Test that disabling the sniffer works correctly */ + g_test_add_data_func ("/sniffing/disabled", + "/text_or_binary/home.gif", +diff --git a/tests/soup-tests.gresource.xml b/tests/soup-tests.gresource.xml +index 9c08d17..cbef1d4 100644 +--- a/tests/soup-tests.gresource.xml ++++ b/tests/soup-tests.gresource.xml +@@ -25,5 +25,6 @@ + resources/text.txt + resources/text_binary.txt + resources/tux.webp ++ resources/whitespace.html + + +-- +2.25.1 + diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-2784-2.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-2784-2.patch new file mode 100644 index 0000000000..5ac837f9b8 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-2784-2.patch @@ -0,0 +1,140 @@ +From c415ad0b6771992e66c70edf373566c6e247089d Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Tue, 18 Feb 2025 14:29:50 -0600 +Subject: [PATCH] sniffer: Add better coverage of skip_insignificant_space() + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/c415ad0b6771992e66c70edf373566c6e247089d] +CVE: CVE-2025-2784 +Signed-off-by: Vijay Anusuri +--- + .../content-sniffer/soup-content-sniffer.c | 10 ++-- + tests/sniffing-test.c | 53 +++++++++++++++++-- + tests/soup-tests.gresource.xml | 1 - + 3 files changed, 53 insertions(+), 11 deletions(-) + +diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c +index 648ea04..ebe8f6d 100644 +--- a/libsoup/content-sniffer/soup-content-sniffer.c ++++ b/libsoup/content-sniffer/soup-content-sniffer.c +@@ -635,8 +635,11 @@ sniff_text_or_binary (SoupContentSniffer *sniffer, GBytes *buffer) + } + + static gboolean +-skip_insignificant_space (const char *resource, int *pos, int resource_length) ++skip_insignificant_space (const char *resource, gsize *pos, gsize resource_length) + { ++ if (*pos >= resource_length) ++ return TRUE; ++ + while ((resource[*pos] == '\x09') || + (resource[*pos] == '\x20') || + (resource[*pos] == '\x0A') || +@@ -656,7 +659,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer) + gsize resource_length; + const char *resource = g_bytes_get_data (buffer, &resource_length); + resource_length = MIN (512, resource_length); +- int pos = 0; ++ gsize pos = 0; + + if (resource_length < 3) + goto text_html; +@@ -666,9 +669,6 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer) + pos = 3; + + look_for_tag: +- if (pos >= resource_length) +- goto text_html; +- + if (skip_insignificant_space (resource, &pos, resource_length)) + goto text_html; + +diff --git a/tests/sniffing-test.c b/tests/sniffing-test.c +index b542817..7857732 100644 +--- a/tests/sniffing-test.c ++++ b/tests/sniffing-test.c +@@ -342,6 +342,52 @@ test_disabled (gconstpointer data) + g_uri_unref (uri); + } + ++static const gsize MARKUP_LENGTH = strlen (""); ++ ++static void ++do_skip_whitespace_test (void) ++{ ++ SoupContentSniffer *sniffer = soup_content_sniffer_new (); ++ SoupMessage *msg = soup_message_new (SOUP_METHOD_GET, "http://example.org"); ++ const char *test_cases[] = { ++ "", ++ "$trailing_data ++ memcpy (p, "", strlen ("-->")); ++ p += strlen ("-->"); ++ if (strlen (trailing_data)) ++ memcpy (p, trailing_data, strlen (trailing_data)); ++ // Purposefully not NUL terminated. ++ ++ buffer = g_bytes_new_take (g_steal_pointer (&data), testsize); ++ content_type = soup_content_sniffer_sniff (sniffer, msg, buffer, NULL); ++ ++ g_free (content_type); ++ g_bytes_unref (buffer); ++ } ++ ++ g_object_unref (msg); ++ g_object_unref (sniffer); ++} ++ + int + main (int argc, char **argv) + { +@@ -512,16 +558,13 @@ main (int argc, char **argv) + "type/text_html; charset=UTF-8/test.html => text/html; charset=UTF-8", + do_sniffing_test); + +- /* Test hitting skip_insignificant_space() with number of bytes equaling resource_length. */ +- g_test_add_data_func ("/sniffing/whitespace", +- "type/text_html/whitespace.html => text/html", +- do_sniffing_test); +- + /* Test that disabling the sniffer works correctly */ + g_test_add_data_func ("/sniffing/disabled", + "/text_or_binary/home.gif", + test_disabled); + ++ g_test_add_func ("/sniffing/whitespace", do_skip_whitespace_test); ++ + ret = g_test_run (); + + g_uri_unref (base_uri); +diff --git a/tests/soup-tests.gresource.xml b/tests/soup-tests.gresource.xml +index cbef1d4..9c08d17 100644 +--- a/tests/soup-tests.gresource.xml ++++ b/tests/soup-tests.gresource.xml +@@ -25,6 +25,5 @@ + resources/text.txt + resources/text_binary.txt + resources/tux.webp +- resources/whitespace.html + + +-- +2.25.1 + diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb index 87ffb34f7d..74110b21c3 100644 --- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb +++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb @@ -30,6 +30,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-32912-1.patch \ file://CVE-2025-32912-2.patch \ file://CVE-2025-32914.patch \ + file://CVE-2025-2784-1.patch \ + file://CVE-2025-2784-2.patch \ " SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8" From patchwork Fri Jun 13 05:44:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vijay Anusuri X-Patchwork-Id: 64882 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17B34C61DB2 for ; Fri, 13 Jun 2025 05:45:18 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web10.3365.1749793515344910238 for ; Thu, 12 Jun 2025 22:45:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@mvista.com header.s=google header.b=Pncsolir; spf=pass (domain: mvista.com, ip: 209.85.210.180, mailfrom: vanusuri@mvista.com) Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-747c2cc3419so1474140b3a.2 for ; Thu, 12 Jun 2025 22:45:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista.com; s=google; t=1749793514; x=1750398314; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=45aii2Y3JRwxcJuBJnnQpbJJrp2O7ThE3dTZrkQbOD8=; b=Pncsolir0GgJavHi/WZ9CbPqdNVJyARHVFpVjCLKZVqyKh0mARUc/ZK0aSfHVKa33O IgbpvI4MkB1P3Mm5ftA/zyQ0M8+WsKCWm3q76cJXAEqXJ1mwMwTnUH4C/7DtVviyZg1B e0Bt4ciqvxF9TYBOaBPX699FAB2DEVgRCvmSQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749793514; x=1750398314; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=45aii2Y3JRwxcJuBJnnQpbJJrp2O7ThE3dTZrkQbOD8=; b=BTG14ovYGXtR2n9zMK7T1qVcjXmXM1n1mksrCjPyCddQL8Hp3Zbev1zd7fDpXTWg67 GUpJnRJnOfBvcEueA3f6HiKWcwMSArA72p00uj8imkKjbShlf4ESjukZDtMAnyMRV9l3 yh/o5L8zk2Q2URom1ETYXMMukRm40NfsBY4LpuWIx21hZVpKEIIFNh0LQc928l3aD3hF yGa9rozJkJl9r8btsQM8IWnCIr335+Qxz0hJER3jZSxmoZ3UrgQ6dNB8sELyvc9GUrmZ 2EUn0icZpxJpdVnxbrpzV0AOntRELJcJ4XY2qktIf6aB0pTFzKLbN0g6BTF1Z9oNV/TW jQfw== X-Gm-Message-State: AOJu0YwBKrFUJ509j9C4yv3lym0OlocoYaZoR34WEN9O7fiF0czKKZH3 sDYVrQvzLPRsU27cHlylFCFUT+NTlfeSuqB6l9eph4sLqrkEq+JkZHcVYKN6jJvEH8GkIXFGc0i eHY2c X-Gm-Gg: ASbGnctTbeB4r4rHDIPI6UHymhLlRbFXEkTUEHw+/G4OyZL1nJM55Jk41RMIDmY0Yaf /AzRCaLDhICwUfoYB/U9XItDHkHRkftsBvQzWMxnygM1oQbvT3nhUiamITSAZfPKoxhsGDpPB8W d4GaVGFrCL2UE0aZW406WG0JjafdIl3/wSgk2z2LPgyYNijaR1AbN+W3qplmqTbfwAAS3OGRwdw HhBBzbJC/BR1JcpRqCZ/cXt/rGoGFata0J9+OqSEoE3eiVZ6dhgdDRJqU9PzjXGYuT5MlspoIFR JYNt8hvItdH4E9Y3PR1vxVBQu1BliAGwxIzHUl/P3C/HwP0GE6x9hjgdE01a70yCdiOso+HEU2J YrncCwpg= X-Google-Smtp-Source: AGHT+IFsfOBwfnJ72ZoKnylGQ+ADCeEso50ka52p6SADQQe11DrX4WjERnev6NgQ4pzxkGOI3IWEzQ== X-Received: by 2002:aa7:888b:0:b0:736:8c0f:7758 with SMTP id d2e1a72fcca58-7488f63d26bmr2575841b3a.10.1749793514337; Thu, 12 Jun 2025 22:45:14 -0700 (PDT) Received: from MVIN00020.mvista.com ([49.207.197.22]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-748900ad24csm764910b3a.109.2025.06.12.22.45.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jun 2025 22:45:13 -0700 (PDT) From: vanusuri@mvista.com To: openembedded-core@lists.openembedded.org Cc: Vijay Anusuri Subject: [OE-core][kirkstone][PATCH 3/9] libsoup-2.4: Fix CVE-2025-32050 Date: Fri, 13 Jun 2025 11:14:48 +0530 Message-Id: <20250613054454.112590-3-vanusuri@mvista.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20250613054454.112590-1-vanusuri@mvista.com> References: <20250613054454.112590-1-vanusuri@mvista.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 13 Jun 2025 05:45:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218578 From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323] Signed-off-by: Vijay Anusuri --- .../libsoup/libsoup-2.4/CVE-2025-32050.patch | 28 +++++++++++++++++++ .../libsoup/libsoup-2.4_2.74.2.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch new file mode 100644 index 0000000000..474eb465a6 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch @@ -0,0 +1,28 @@ +From 9bb0a55de55c6940ced811a64fbca82fe93a9323 Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Mon, 28 Oct 2024 12:29:48 -0500 +Subject: [PATCH] Fix using int instead of size_t for strcspn return + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323] +CVE: CVE-2025-32050 +Signed-off-by: Vijay Anusuri +--- + libsoup/soup-headers.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c +index 613e1905..a5f7a7f6 100644 +--- a/libsoup/soup-headers.c ++++ b/libsoup/soup-headers.c +@@ -907,7 +907,7 @@ append_param_quoted (GString *string, + const char *name, + const char *value) + { +- int len; ++ gsize len; + + g_string_append (string, name); + g_string_append (string, "=\""); +-- +GitLab + diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb index 5e8a141dc5..6b227b0503 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb @@ -34,6 +34,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-32914.patch \ file://CVE-2025-2784-1.patch \ file://CVE-2025-2784-2.patch \ + file://CVE-2025-32050.patch \ " SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159" From patchwork Fri Jun 13 05:44:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vijay Anusuri X-Patchwork-Id: 64884 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16C3DC61DB2 for ; Fri, 13 Jun 2025 05:45:28 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web11.3306.1749793520660051412 for ; Thu, 12 Jun 2025 22:45:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@mvista.com header.s=google header.b=B/J+KpuY; spf=pass (domain: mvista.com, ip: 209.85.210.170, mailfrom: vanusuri@mvista.com) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-747abb3cd0bso2100797b3a.1 for ; Thu, 12 Jun 2025 22:45:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista.com; s=google; t=1749793520; x=1750398320; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Z4ouwa8+oEJUxXY81zbpLkcX35SL6ophWkJu+StT08Y=; b=B/J+KpuYwP2iVs4hrNT+xiAKiM6a5d91hykwlI4BYcA0KG4n3Q0DoCa94hDcrmNrmy L5f/LWPvIwc/b6Lv0jB3lwUYoVqEiYdems/Y52e86f9T9xGbvAv+iNa1Ja/AVvKdIX7O F1o2xkJakMcswggnl8mSt1kYtoXzijEuPVADQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749793520; x=1750398320; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Z4ouwa8+oEJUxXY81zbpLkcX35SL6ophWkJu+StT08Y=; b=pH+xg9LkZ8ttGs85LCBOrIYLAWYo0hxaT2eYR+zkcZVM8tSZxoZPtNSLm5e9420X12 FB+1lF+6waJAKKt8Tuz0w63Dnmm78z/T7k7JKEEHdxJuYMP2iXjiHs750iSsFbuBCCFG tLyB8nb2wXfHI6ufsxrOpXDJassFp+O9FoExKtfNo1p7RinzRGYMFgkhwx9bp0DdeAc+ ACFtIz9fTLUFNWeRqvUP4Q4IA7bBGe9QkERfn4jrHsdas3r0snwlb2jf8x2xAB7okECg 76G1B32qiDIHNpdKtxF8cTLzteu/erzoLpz2j35oqi/0I+Cqqugmyo+V8jNe/lSKJHMF 47uA== X-Gm-Message-State: AOJu0YxxoD7pvKoLtgezRWpfMo9h6FbDsRshTign+e2TMEjYlmAMyYOT yAVnmZxfnUdD4Ka/sNQTfjuNfVx/EtedgmzUyehardUI8zmA5Tr3+CsRrISxhSsodb+w0mMMlks rKXDE X-Gm-Gg: ASbGncvrjW26MHHrrYrUujPd0tlT+0NZdR/L42UZPAMeiYbAlGkJQ717BDVThpHQtpI kIgSOKSKcvd6zb3WpL3pTuCV5uYOs0OH1NOb6wVv0oq44HvFz/rpcluIjcSClJrLYN/afF2rWr0 RDPIJHqpehwhUqzQJA5JU/4jFoSO863GooYsM+D5psbg5GvnbN4OADgPTBbug5tpu2TWfco8rUZ guKtI3olh6TShlX03mRzxQ5N0ciIPKKA3ypH8rfvkLvMptSKGeuXHJwYdiir9EalxQEEa2gtvSg aDKZafzIaPjRNi5al/O0at1QUx1PawKXe3OwGRgrhLyfiMsXeEg6V++GRp1h8CKv+EOkjfDE X-Google-Smtp-Source: AGHT+IF1RReuuSJ7ecXW1FVAaSN/w6tu0B5qFs+697U3qEM0J5bfmt/HA7niR01Ktcn0tdknHPTEpg== X-Received: by 2002:a05:6a20:2448:b0:21f:52ed:23cc with SMTP id adf61e73a8af0-21faef32ba8mr1781341637.15.1749793519574; Thu, 12 Jun 2025 22:45:19 -0700 (PDT) Received: from MVIN00020.mvista.com ([49.207.197.22]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-748900ad24csm764910b3a.109.2025.06.12.22.45.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jun 2025 22:45:19 -0700 (PDT) From: vanusuri@mvista.com To: openembedded-core@lists.openembedded.org Cc: Vijay Anusuri Subject: [OE-core][kirkstone][PATCH 4/9] libsoup: Fix CVE-2025-32050 Date: Fri, 13 Jun 2025 11:14:49 +0530 Message-Id: <20250613054454.112590-4-vanusuri@mvista.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20250613054454.112590-1-vanusuri@mvista.com> References: <20250613054454.112590-1-vanusuri@mvista.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 13 Jun 2025 05:45:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218579 From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323] Signed-off-by: Vijay Anusuri --- .../libsoup/libsoup/CVE-2025-32050.patch | 28 +++++++++++++++++++ meta/recipes-support/libsoup/libsoup_3.0.7.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch new file mode 100644 index 0000000000..474eb465a6 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32050.patch @@ -0,0 +1,28 @@ +From 9bb0a55de55c6940ced811a64fbca82fe93a9323 Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Mon, 28 Oct 2024 12:29:48 -0500 +Subject: [PATCH] Fix using int instead of size_t for strcspn return + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323] +CVE: CVE-2025-32050 +Signed-off-by: Vijay Anusuri +--- + libsoup/soup-headers.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c +index 613e1905..a5f7a7f6 100644 +--- a/libsoup/soup-headers.c ++++ b/libsoup/soup-headers.c +@@ -907,7 +907,7 @@ append_param_quoted (GString *string, + const char *name, + const char *value) + { +- int len; ++ gsize len; + + g_string_append (string, name); + g_string_append (string, "=\""); +-- +GitLab + diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb index 74110b21c3..27aab1468f 100644 --- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb +++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb @@ -32,6 +32,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-32914.patch \ file://CVE-2025-2784-1.patch \ file://CVE-2025-2784-2.patch \ + file://CVE-2025-32050.patch \ " SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8" From patchwork Fri Jun 13 05:44:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vijay Anusuri X-Patchwork-Id: 64885 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17B43C7114A for ; Fri, 13 Jun 2025 05:45:28 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web11.3307.1749793524498676240 for ; Thu, 12 Jun 2025 22:45:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@mvista.com header.s=google header.b=QxTqa65g; spf=pass (domain: mvista.com, ip: 209.85.210.174, mailfrom: vanusuri@mvista.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-7425bd5a83aso1639708b3a.0 for ; Thu, 12 Jun 2025 22:45:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista.com; s=google; t=1749793523; x=1750398323; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qP4Bbid2OGfEsoHMvRCNLYIk7baWGsyN/3OaoiEexsc=; b=QxTqa65gv5CF8Fc5guGWm8C8ZhEMuWR/yAt6gkSgJZusfqyKwGc5j0suK86s+LZagd fqerLU7O/nU0jBEKVJlY/moObVNb8gU2aomoMhyrCsBxLp0HDpW6HvBFpsPYLdRdTwHZ DPQjPEZHXl26+y1BKYfCqC9Xo0v/2s04unAjA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749793523; x=1750398323; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qP4Bbid2OGfEsoHMvRCNLYIk7baWGsyN/3OaoiEexsc=; b=sepXGus1J8tPyxzzBEpavZcO2MxRpx9JZkIFUpvQkFEXbJC41/YDRoa4mdGtbDVXm3 dKo2VtSSEeYV/Vq1DILlNaMlq9iKryG5BhKMsTDVlPdPa49qplbpkQ65PSxKxfRWPiDI bFMImRfwtNkUTIIkAz5hhO6sXB3RoVmv7XB+E3znL2pLjhB8tB3RuJZNRC7zLD1LrSlZ Wgmu6r7yYXQJavqR5eDW/VuMsUZiWzGPPnHgX4R04U9ezvd/Kr+acUuNzYA1K2r5+15z icgD8UYLUyL52radZ3JYx+brUjST8nSJ1ZYkntVjAhqgThmBFSyXQMzPN1d0wZbdb6ed mssA== X-Gm-Message-State: AOJu0YxbltkOInEfWoQEEupW/qFk1Bj+BLSJRBYFbCkSinBc0/Fek5Z0 qFi21mQiz/KS4kUWGs0klUzYj5fDXfbRAOtZdxduFXe5zH/cNXgD8k6P4LsPMPObf3LiA43SUi/ z06bk X-Gm-Gg: ASbGncvf/fvajK7Hfy4uJ0VpR49+p4lgFIEGGnMSDMSCGzbojhJd+L48dIpRNTSa4bt tdgzvQE6zv0S1Mw3xqXNWq45rpNHdh/PBB3cnLKsrrCLJkokogoBpFJBcOxk3Aj+i3WmqN21K22 a9wOEQRX2S22G5NOdhsoQg/b/n79II2d1jcOAhwBx/PDTwX8uin0Oah/uTSDkAkSxbD2g6s9U8h v3AWk5wKkrRq9KM9aNx2MnM4ZpoOVjyj1+34tzLM6wNs0gLCVIDCamqIyI8bLKnT1jZWhOhJF55 NFsVH1Bytg1JcOoB0UKK2L2bqqXiSreEy71M9Yt3vP2RHUDIR4xKcJwZY6TrQOfFPimoQieQ X-Google-Smtp-Source: AGHT+IGcw80ylsehpMPwasQnLbBlEYDexecSexn0fPWSo85IQGeVPGblJhn0ymiY2ImgUbyrRgB/pg== X-Received: by 2002:a05:6a00:188d:b0:742:a77b:8bc with SMTP id d2e1a72fcca58-7488f6e4af2mr2675494b3a.2.1749793523539; Thu, 12 Jun 2025 22:45:23 -0700 (PDT) Received: from MVIN00020.mvista.com ([49.207.197.22]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-748900ad24csm764910b3a.109.2025.06.12.22.45.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jun 2025 22:45:22 -0700 (PDT) From: vanusuri@mvista.com To: openembedded-core@lists.openembedded.org Cc: Vijay Anusuri Subject: [OE-core][kirkstone][PATCH 5/9] libsoup-2.4: Fix CVE-2025-32052 Date: Fri, 13 Jun 2025 11:14:50 +0530 Message-Id: <20250613054454.112590-5-vanusuri@mvista.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20250613054454.112590-1-vanusuri@mvista.com> References: <20250613054454.112590-1-vanusuri@mvista.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 13 Jun 2025 05:45:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218580 From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652] Signed-off-by: Vijay Anusuri --- .../libsoup/libsoup-2.4/CVE-2025-32052.patch | 30 +++++++++++++++++++ .../libsoup/libsoup-2.4_2.74.2.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch new file mode 100644 index 0000000000..152b70fd9d --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32052.patch @@ -0,0 +1,30 @@ +From f182429e5b1fc034050510da20c93256c4fa9652 Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Sat, 16 Nov 2024 12:07:30 -0600 +Subject: [PATCH] Fix heap buffer overflow in soup_content_sniffer_sniff + +Co-Author: Ar Jun + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652] +CVE: CVE-2025-32052 +Signed-off-by: Vijay Anusuri +--- + libsoup/content-sniffer/soup-content-sniffer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c +index de0985eac..b62e48889 100644 +--- a/libsoup/soup-content-sniffer.c ++++ b/libsoup/soup-content-sniffer.c +@@ -524,7 +524,7 @@ sniff_unknown (SoupContentSniffer *sniffer, GBytes *buffer, + guint index_pattern = 0; + gboolean skip_row = FALSE; + +- while ((index_stream < resource_length) && ++ while ((index_stream < resource_length - 1) && + (index_pattern <= type_row->pattern_length)) { + /* Skip insignificant white space ("WS" in the spec) */ + if (type_row->pattern[index_pattern] == ' ') { +-- +GitLab + diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb index 6b227b0503..f9358773e4 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb @@ -35,6 +35,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-2784-1.patch \ file://CVE-2025-2784-2.patch \ file://CVE-2025-32050.patch \ + file://CVE-2025-32052.patch \ " SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159" From patchwork Fri Jun 13 05:44:51 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vijay Anusuri X-Patchwork-Id: 64887 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16C97C61DB2 for ; Fri, 13 Jun 2025 05:45:38 +0000 (UTC) Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) by mx.groups.io with SMTP id smtpd.web10.3368.1749793528364430154 for ; Thu, 12 Jun 2025 22:45:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@mvista.com header.s=google header.b=RGqLvJ8x; spf=pass (domain: mvista.com, ip: 209.85.215.170, mailfrom: vanusuri@mvista.com) Received: by mail-pg1-f170.google.com with SMTP id 41be03b00d2f7-b26f5f47ba1so1477707a12.1 for ; Thu, 12 Jun 2025 22:45:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista.com; s=google; t=1749793527; x=1750398327; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KXLMFDBmV/Hw7QROb7QwkAUCad2c7l0qgxZ1Ohiktbo=; b=RGqLvJ8xWHXmAKzgteXBLiMNAp37YT0J1+6S637Ufk2BzaaskcslfC81NUe65z5shQ iMuD1LpOloX3GDq5TabCjiLnD8ukqrMFnEo2RtcP5WJb14o0dpsGX5iffZo+3K+8p2Vm 845U9//Btq03s+ygw4r+1SsbvCmBHQzHiQ0G0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749793527; x=1750398327; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KXLMFDBmV/Hw7QROb7QwkAUCad2c7l0qgxZ1Ohiktbo=; b=n8tj9xgNwqgp85AoTfigTCDt6hNF15bsoTJAjBHBHPrcxfmdHNLSwGcVoONUJnoQUc iUXAVYiw1j99CoQMAeYQipT6aNarAQSrzhuMDVPdwlpIyHCMxr7o+G1axFAL48jw5GL2 wmgMD4lAxyHGZfR16DSPpTJ+D7QWOxooyipMURbSsjptfrj4ZkkeLZWky2fddAdE2SAx ohGOERpqUKcIJ0LBCc5i6azyryzC/WlmutbAtD0+i24d0ldJUKwtwyOP/sArZAP8WvOY ufxDS7kzItE2HR9wOrPGfEEcIiVtQjs1bO8LhnCRUVLHMN1LaCdKoyJGA7XkSgN1Kwrr yN0Q== X-Gm-Message-State: AOJu0YxQmfo17wjE52GMRPG6X4CA1D2jnb42lh5JoROh+QUWD5+Rop7y U5TvwI5coYZr+roremvAi5mhIuEmQudjh+XEnHb3te0M9N2X2i17xEaysNa0tECJ0KF4ykEiChI /2cmM X-Gm-Gg: ASbGncvSqFntorg619+GWdDPAK1EZDAkb2VlsqPhn/M37fGUaUgF4wL+RgWE9peY+TZ 3YPvHGuON4UBUempsqLW1w1jKUkX6+RUvrbAlaDdY5UVQfEXKciGy2DkPIj+kO68sphXJKb6Bxx UD6Xgl2xggQFCM6/f6PS1Kdcdoomnqn2KKrAOUqHAo+EBzGhu5+saIs5V7F1TKuY2uqG2x4GGm8 ntKQKxZZxWyqOZn+dt5JDusoakUp7BX6wSED73InqeO7huhiFrwErhSXRq4IGla+y2f/Ic12NJe VqU6F7wkeU5d25qPlXb6TxjIU7gyHyvUjlnsl/gOwAiOaKDopP57DPj27RtR60CfbuRLNZW1 X-Google-Smtp-Source: AGHT+IE835wBW7X/GegoDjPweVEemjLCGzHTXDSRBbTC2Akmrj23em+q7K8/YCMOCTfC7kFSOG7rHA== X-Received: by 2002:a05:6a20:748c:b0:21f:a883:d1dd with SMTP id adf61e73a8af0-21facbdebf9mr2351259637.14.1749793527229; Thu, 12 Jun 2025 22:45:27 -0700 (PDT) Received: from MVIN00020.mvista.com ([49.207.197.22]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-748900ad24csm764910b3a.109.2025.06.12.22.45.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jun 2025 22:45:26 -0700 (PDT) From: vanusuri@mvista.com To: openembedded-core@lists.openembedded.org Cc: Vijay Anusuri Subject: [OE-core][kirkstone][PATCH 6/9] libsoup: Fix CVE-2025-32052 Date: Fri, 13 Jun 2025 11:14:51 +0530 Message-Id: <20250613054454.112590-6-vanusuri@mvista.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20250613054454.112590-1-vanusuri@mvista.com> References: <20250613054454.112590-1-vanusuri@mvista.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 13 Jun 2025 05:45:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218581 From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652] Signed-off-by: Vijay Anusuri --- .../libsoup/libsoup/CVE-2025-32052.patch | 30 +++++++++++++++++++ meta/recipes-support/libsoup/libsoup_3.0.7.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch new file mode 100644 index 0000000000..fca43e24ac --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32052.patch @@ -0,0 +1,30 @@ +From f182429e5b1fc034050510da20c93256c4fa9652 Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Sat, 16 Nov 2024 12:07:30 -0600 +Subject: [PATCH] Fix heap buffer overflow in soup_content_sniffer_sniff + +Co-Author: Ar Jun + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652] +CVE: CVE-2025-32052 +Signed-off-by: Vijay Anusuri +--- + libsoup/content-sniffer/soup-content-sniffer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c +index de0985eac..b62e48889 100644 +--- a/libsoup/content-sniffer/soup-content-sniffer.c ++++ b/libsoup/content-sniffer/soup-content-sniffer.c +@@ -524,7 +524,7 @@ sniff_unknown (SoupContentSniffer *sniffer, GBytes *buffer, + guint index_pattern = 0; + gboolean skip_row = FALSE; + +- while ((index_stream < resource_length) && ++ while ((index_stream < resource_length - 1) && + (index_pattern <= type_row->pattern_length)) { + /* Skip insignificant white space ("WS" in the spec) */ + if (type_row->pattern[index_pattern] == ' ') { +-- +GitLab + diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb index 27aab1468f..26fe52937b 100644 --- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb +++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb @@ -33,6 +33,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-2784-1.patch \ file://CVE-2025-2784-2.patch \ file://CVE-2025-32050.patch \ + file://CVE-2025-32052.patch \ " SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8" From patchwork Fri Jun 13 05:44:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vijay Anusuri X-Patchwork-Id: 64888 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 267AEC71135 for ; Fri, 13 Jun 2025 05:45:38 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web11.3310.1749793532706482583 for ; Thu, 12 Jun 2025 22:45:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@mvista.com header.s=google header.b=TNfa1PHT; spf=pass (domain: mvista.com, ip: 209.85.210.182, mailfrom: vanusuri@mvista.com) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-74865da80c4so1138338b3a.3 for ; Thu, 12 Jun 2025 22:45:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista.com; s=google; t=1749793532; x=1750398332; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zG/++mNqO3nnIIV/JGN2rSX9p7RAXfTZC4WUGqNwFwA=; b=TNfa1PHTS0L9eOrdHSlV/IplkjtOaleTHpTV7jK2kt3iFZ9cu9jVNWfNX1GgsJ9GWC bLTr9SSFpZ2/XoIWCxdDAL9hHGlIilJrv2DxvidFbbp1r2/aTwMx/nn2/b+4uEn3hJPf 8UWvHF1VybpZJFPl44sayH1PcZ5rF3BObhvrs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749793532; x=1750398332; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zG/++mNqO3nnIIV/JGN2rSX9p7RAXfTZC4WUGqNwFwA=; b=GELKKujXnzD6AMllHKh8m5I6uD0tzUXvu/UWVas1oArvYPjCeIxdRUKiKgJiyoAHCS Q1LaxnAmJeA4bjPj7olTMCbXgSmS+iNohPPTrqE4jWZgqkDSEEMrnOBbp1MF0qcGvgZ5 XNkpl4CQOBdCEXWPPDypXxO3Zokw91Zp2z8wufl0vOrO2uA1Ndp5zqFvJMev3jwIt+4c Uy0xj4ZLQ7OrBn0RZygCxpli3yHtSBivdiCQMu4OoYFmUvsfHE0SCgcC0Nyd/5Z0BFva 5cXOiJbb8g4hzHBrmlwRuPgOs6aYDCofkINgh3yu8+jXM5+gkkg577ydZjqUUlwOGwAG mjyA== X-Gm-Message-State: AOJu0YwHng8rmV9QEUogB24QwxIGfxmijaHhhxsLBLvgWIaqRi/Hfgnn 92F5qIZSW0eC0QrUhiW1ymu5gi5iSBXh8kaII92IF3WRO6GDBRImsIEeUYEx7rprbqmMzd6IvtV yP5kP X-Gm-Gg: ASbGncsYi8WfUnxruHae6Tn4OD6M8Ixet/3wbN3JUHW2tvUi+cCZ+Wz/N6WAUxzpdyW aLepGSM6kz4kgPg71zVJUKwe32Dm1U8oLDxEuWHEpT9FTfkw+oOnOtXFocAUC+6LT+N5+5HoKpi qKwgY/i9Y2dy6Qro4Eq9MSmZ4ZuvOEj/Nh7BaeQ/MuV1GykV3Z9IgCLZOU9RTIufXpO2MCGWxg7 uAHt5yomB+HTWXEkm2kZcLWzmH9OtKjWjChOzesIiFOYQnU6S5byODlirABFL0/h+hGY3cL/vpY bhZLM/jOdaapRKxpT20A2SlEv0pIVLggMsy4iFH/DP5Ound18KIq8klhyEBV9TXRboNpyMJO X-Google-Smtp-Source: AGHT+IGovTJozzU2geslKbrr4TI6bgUqjq9FxYYCzViIyrFPjG4tfv3VwGicRKicPDxXPbD0Ix628A== X-Received: by 2002:a05:6a00:1746:b0:740:9abe:4d94 with SMTP id d2e1a72fcca58-7488f803098mr2562903b3a.21.1749793531612; Thu, 12 Jun 2025 22:45:31 -0700 (PDT) Received: from MVIN00020.mvista.com ([49.207.197.22]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-748900ad24csm764910b3a.109.2025.06.12.22.45.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jun 2025 22:45:31 -0700 (PDT) From: vanusuri@mvista.com To: openembedded-core@lists.openembedded.org Cc: Vijay Anusuri Subject: [OE-core][kirkstone][PATCH 7/9] libsoup-2.4: Fix CVE-2025-32053 Date: Fri, 13 Jun 2025 11:14:52 +0530 Message-Id: <20250613054454.112590-7-vanusuri@mvista.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20250613054454.112590-1-vanusuri@mvista.com> References: <20250613054454.112590-1-vanusuri@mvista.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 13 Jun 2025 05:45:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218582 From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a] Signed-off-by: Vijay Anusuri --- .../libsoup/libsoup-2.4/CVE-2025-32053.patch | 38 +++++++++++++++++++ .../libsoup/libsoup-2.4_2.74.2.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch new file mode 100644 index 0000000000..139e8936a0 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch @@ -0,0 +1,38 @@ +From eaed42ca8d40cd9ab63764e3d63641180505f40a Mon Sep 17 00:00:00 2001 +From: Ar Jun +Date: Mon, 18 Nov 2024 14:59:51 -0600 +Subject: [PATCH] Fix heap buffer overflow in + soup-content-sniffer.c:sniff_feed_or_html() + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a] +CVE: CVE-2025-32053 +Signed-off-by: Vijay Anusuri +--- + libsoup/content-sniffer/soup-content-sniffer.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c +index b62e4888..5a181ff1 100644 +--- a/libsoup/soup-content-sniffer.c ++++ b/libsoup/soup-content-sniffer.c +@@ -641,7 +641,7 @@ skip_insignificant_space (const char *resource, int *pos, int resource_length) + (resource[*pos] == '\x0D')) { + *pos = *pos + 1; + +- if (*pos > resource_length) ++ if (*pos >= resource_length) + return TRUE; + } + +@@ -704,7 +704,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer) + do { + pos++; + +- if (pos > resource_length) ++ if ((pos + 1) > resource_length) + goto text_html; + } while (resource[pos] != '>'); + +-- +GitLab + diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb index f9358773e4..61ebebeacd 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb @@ -36,6 +36,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-2784-2.patch \ file://CVE-2025-32050.patch \ file://CVE-2025-32052.patch \ + file://CVE-2025-32053.patch \ " SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159" From patchwork Fri Jun 13 05:44:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vijay Anusuri X-Patchwork-Id: 64886 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16DCBC7114A for ; Fri, 13 Jun 2025 05:45:38 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web11.3311.1749793536965330044 for ; Thu, 12 Jun 2025 22:45:37 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@mvista.com header.s=google header.b=YKAKk9vv; spf=pass (domain: mvista.com, ip: 209.85.210.180, mailfrom: vanusuri@mvista.com) Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-742caef5896so1640478b3a.3 for ; Thu, 12 Jun 2025 22:45:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista.com; s=google; t=1749793536; x=1750398336; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6+s2nC+Hm+6KINXb/aOd5OghlH3ucM/ZisS290/w0uA=; b=YKAKk9vv2cPXUXbzS2yzpb1MiH2pcNsp54ndxN95F5jd3q8CaJyGf305tZP++BC+Bs rl5jSkEMpoXM1fWDVrwVgwGs3sjgoMwt0XJX90bjlxtZkhe7ywIAG9MQnAscE3oqPfY+ zk8wLpM/hSFva1Um1JTzoGpqC8KrHVEo0pYRY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749793536; x=1750398336; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6+s2nC+Hm+6KINXb/aOd5OghlH3ucM/ZisS290/w0uA=; b=pvcxt1rYziNwu7/+FS3V0/r5AXq+dyxlgSE4mbWgdyQvP2jGLmQVNb5cC4xm2CMjlT n80YZyaK9jJGxqGE6DT0VFgwstJAhzeCcRa/zcCQJNRMTX5YSyD6HG4AryvBSiQMGmLu 69098Q1RLHzLjsxOi6GkcP0ZHQq2sJWmSb3fbOPFNUJWm46wQdhRbjx4FxGiXTdFYbEl Npl/XpMx7JFz32OIEw6WpKzlM85XMaSdHTGD8Co6oliwebRt9a9Op1vrxnjpO4bjjWtc kCkuaZYt7/+3EPbIOuqj45fToYJY9qeGGBolZHYQWihY0e1noFaB5xr8YbVvfyGit99/ FiWA== X-Gm-Message-State: AOJu0Yy53d236vS1OZlSCRz6xwvDLHYZl3OMCYIdxNTrdaE2Vx1KgJ9T KUV5N8SG1I+RsikH8eecGEp6ZXDrDiIyua84ic2qh4aeevpZxfH4pOckwmE3jhFyVZTpXisxCyb zlfcQ X-Gm-Gg: ASbGncsWIpBeAdAvWfeeN8j+S31FSddocy4O/RHaMc5srJUUeP4kquALDoj84Drr/Et c1xBvJyNasmeXVBio4GH8OayyybKRSZZFe5faPlZ3X3A5FrnEf27Et0EfHOTXYlKEVdmoO7PMvi Yn4+3F3T/YExxX3RXTdl93MjNGaf1wGxAJbcOLh3L+9nNWfMo0cTuYbCViaQzepjptZzwmiK8tZ Rwx+tlFfmZl5wuv7eaL5rp2ZKMy+UyzhIjXk/5QEEX1P0VkqPuXMBYVawvbzPsjtoAwuFvuWSzn dASFQnitmbBkoShjJl/mqMF9zeKGVz6lxusxK0QJTuAKM446rL5xP7O5In7dyHsrr1GkPVNk X-Google-Smtp-Source: AGHT+IGKHEiuURyCGzi0ONfQp7/KvAHxc2VDcMTwKnT0IugMT69BqZGW0C3zrU7DGECBmVjO6x3yww== X-Received: by 2002:a05:6a00:4651:b0:742:aecc:c47c with SMTP id d2e1a72fcca58-7488f63e974mr2676688b3a.7.1749793535877; Thu, 12 Jun 2025 22:45:35 -0700 (PDT) Received: from MVIN00020.mvista.com ([49.207.197.22]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-748900ad24csm764910b3a.109.2025.06.12.22.45.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jun 2025 22:45:35 -0700 (PDT) From: vanusuri@mvista.com To: openembedded-core@lists.openembedded.org Cc: Vijay Anusuri Subject: [OE-core][kirkstone][PATCH 8/9] libsoup: Fix CVE-2025-32053 Date: Fri, 13 Jun 2025 11:14:53 +0530 Message-Id: <20250613054454.112590-8-vanusuri@mvista.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20250613054454.112590-1-vanusuri@mvista.com> References: <20250613054454.112590-1-vanusuri@mvista.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 13 Jun 2025 05:45:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218583 From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a] Signed-off-by: Vijay Anusuri --- .../libsoup/libsoup/CVE-2025-32053.patch | 38 +++++++++++++++++++ meta/recipes-support/libsoup/libsoup_3.0.7.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch new file mode 100644 index 0000000000..7860526620 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-32053.patch @@ -0,0 +1,38 @@ +From eaed42ca8d40cd9ab63764e3d63641180505f40a Mon Sep 17 00:00:00 2001 +From: Ar Jun +Date: Mon, 18 Nov 2024 14:59:51 -0600 +Subject: [PATCH] Fix heap buffer overflow in + soup-content-sniffer.c:sniff_feed_or_html() + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a] +CVE: CVE-2025-32053 +Signed-off-by: Vijay Anusuri +--- + libsoup/content-sniffer/soup-content-sniffer.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c +index b62e4888..5a181ff1 100644 +--- a/libsoup/content-sniffer/soup-content-sniffer.c ++++ b/libsoup/content-sniffer/soup-content-sniffer.c +@@ -641,7 +641,7 @@ skip_insignificant_space (const char *resource, int *pos, int resource_length) + (resource[*pos] == '\x0D')) { + *pos = *pos + 1; + +- if (*pos > resource_length) ++ if (*pos >= resource_length) + return TRUE; + } + +@@ -704,7 +704,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer) + do { + pos++; + +- if (pos > resource_length) ++ if ((pos + 1) > resource_length) + goto text_html; + } while (resource[pos] != '>'); + +-- +GitLab + diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb index 26fe52937b..a90f683cb8 100644 --- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb +++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb @@ -34,6 +34,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-2784-2.patch \ file://CVE-2025-32050.patch \ file://CVE-2025-32052.patch \ + file://CVE-2025-32053.patch \ " SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8" From patchwork Fri Jun 13 05:44:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vijay Anusuri X-Patchwork-Id: 64889 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18380C71135 for ; Fri, 13 Jun 2025 05:46:08 +0000 (UTC) Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.web10.3369.1749793541404398251 for ; Thu, 12 Jun 2025 22:45:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@mvista.com header.s=google header.b=J5NR8x5g; spf=pass (domain: mvista.com, ip: 209.85.210.181, mailfrom: vanusuri@mvista.com) Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-74264d1832eso1904417b3a.0 for ; Thu, 12 Jun 2025 22:45:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista.com; s=google; t=1749793540; x=1750398340; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=AJZY3/7wAmJ3dvqrnwxGV4YHfri7WJ/xsCGWE2FPkA0=; b=J5NR8x5g4GguiUugoPttA+Bun3LKA/798HoSZMvs069DirabVu4Wlcj+yNnrsI0rZ0 13lybwAXvnZDi7YeXnSnSL7Ssx5JRvFaCFuxHp/Uy+L4obUeob0zaMJfqLTjqhzLKCtA RMui7FSI1OaITpVXjZzF7GxEWFcOqV6xI/HR4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749793540; x=1750398340; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AJZY3/7wAmJ3dvqrnwxGV4YHfri7WJ/xsCGWE2FPkA0=; b=HRZhlDrlTYUZxPOHCvliNQrrEcQdeneZsn5AIo0KxvCH2MMm5rRF8ISdJJYzuSxXCR DPH6WANOfpggax9yOlFrJOPP6+M92yczZauF3rWdduL0Bq9oxX1ajF1Dnl5WeZumFsZI dgv4cikDCiNs1zzNLkdriRpMrkqnkj5r78dcj1F/yNqrwstsCa7sPZvY8bBP2MpZc+Z1 6A6EclBC9d9YojR+P580yC8WU0z5Pykqf0yBxrRZOV2CFspdhorhA4eIQ8PJcu7B0tm5 dpdvhDp9XM/xCOex38dJhxD40zW1O2OxdgyB6CFLpYJhpjbNJZgbEone+3UBoKd2KUOf 4gaw== X-Gm-Message-State: AOJu0YwMtNgvT2/scaGmK12ZHHq8FwanfMriaN/fk4YALNT+TFXJhTHP IJdewOv8GiYBW5Ci43tnHUkjowcZ5urKtmm80GY0B++pk8sRcxiyt01KlgBbPvi0t5moS7E4e8Z VGAlw X-Gm-Gg: ASbGncu6oGrYzjMRww5zeqB9VuSjobhnwTGPGEIVLPoi2yU5OhMhw2lOj/7QuZSPmWH pRUrYYEAJ3GYJEYHV0eXhGlbuQVaFawa/ZG2j758ZdyOONjRTNHpb5XLmLAAMgW++scwq84JjZB IMh2s+nIejCDikWn3pI8VQHP74U3C2h5AkDGU3j3bBnFEEAQaqH5Yk/itaCHUoaLrgGPuyyPaI6 GJ3K6s0RQGyrIg5fVXr9LDRD/P3AHbtq+t0dzxUNyc/ZvrF5i8+Ti5ilVsTqhUdUJv9sAEvS7Qi 0QT1YsSW7EOX6RTU1BfAqzQ30NYXSOxjT548xFLq2bG2b8slRDfZ6rTTAPvdvN4a45M0QPOA X-Google-Smtp-Source: AGHT+IERq4WxtYfuPYnjwoq7dRnTux+kDZBBNvg/zItIOtqLcARu3uI5mRT+shbZZULQ9tkawDMAQQ== X-Received: by 2002:a05:6a00:398e:b0:747:ee09:1fd2 with SMTP id d2e1a72fcca58-7488f79d9dbmr2717098b3a.12.1749793540434; Thu, 12 Jun 2025 22:45:40 -0700 (PDT) Received: from MVIN00020.mvista.com ([49.207.197.22]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-748900ad24csm764910b3a.109.2025.06.12.22.45.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jun 2025 22:45:39 -0700 (PDT) From: vanusuri@mvista.com To: openembedded-core@lists.openembedded.org Cc: Vijay Anusuri Subject: [OE-core][kirkstone][PATCH 9/9] libsoup: Fix CVE-2025-46420 Date: Fri, 13 Jun 2025 11:14:54 +0530 Message-Id: <20250613054454.112590-9-vanusuri@mvista.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20250613054454.112590-1-vanusuri@mvista.com> References: <20250613054454.112590-1-vanusuri@mvista.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 13 Jun 2025 05:46:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218584 From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/c9083869ec2a3037e6df4bd86b45c419ba295f8e] Signed-off-by: Vijay Anusuri --- .../libsoup/libsoup/CVE-2025-46420.patch | 60 +++++++++++++++++++ meta/recipes-support/libsoup/libsoup_3.0.7.bb | 1 + 2 files changed, 61 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-46420.patch diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-46420.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-46420.patch new file mode 100644 index 0000000000..dbaec12f7d --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-46420.patch @@ -0,0 +1,60 @@ +From c9083869ec2a3037e6df4bd86b45c419ba295f8e Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Thu, 26 Dec 2024 18:31:42 -0600 +Subject: [PATCH] soup_header_parse_quality_list: Fix leak + +When iterating over the parsed list we now steal the allocated strings that we want and then free_full the list which may contain remaining strings. + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/c9083869ec2a3037e6df4bd86b45c419ba295f8e] +CVE: CVE-2025-46420 +Signed-off-by: Vijay Anusuri +--- + libsoup/soup-headers.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c +index a5f7a7f6..85385cea 100644 +--- a/libsoup/soup-headers.c ++++ b/libsoup/soup-headers.c +@@ -530,7 +530,7 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable) + GSList *unsorted; + QualityItem *array; + GSList *sorted, *iter; +- char *item, *semi; ++ char *semi; + const char *param, *equal, *value; + double qval; + int n; +@@ -543,9 +543,8 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable) + unsorted = soup_header_parse_list (header); + array = g_new0 (QualityItem, g_slist_length (unsorted)); + for (iter = unsorted, n = 0; iter; iter = iter->next) { +- item = iter->data; + qval = 1.0; +- for (semi = strchr (item, ';'); semi; semi = strchr (semi + 1, ';')) { ++ for (semi = strchr (iter->data, ';'); semi; semi = strchr (semi + 1, ';')) { + param = skip_lws (semi + 1); + if (*param != 'q') + continue; +@@ -577,15 +576,15 @@ soup_header_parse_quality_list (const char *header, GSList **unacceptable) + if (qval == 0.0) { + if (unacceptable) { + *unacceptable = g_slist_prepend (*unacceptable, +- item); ++ g_steal_pointer (&iter->data)); + } + } else { +- array[n].item = item; ++ array[n].item = g_steal_pointer (&iter->data); + array[n].qval = qval; + n++; + } + } +- g_slist_free (unsorted); ++ g_slist_free_full (unsorted, g_free); + + qsort (array, n, sizeof (QualityItem), sort_by_qval); + sorted = NULL; +-- +GitLab + diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb index a90f683cb8..67aa180612 100644 --- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb +++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb @@ -35,6 +35,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-32050.patch \ file://CVE-2025-32052.patch \ file://CVE-2025-32053.patch \ + file://CVE-2025-46420.patch \ " SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"