libsoup-2.4: fix CVE-2025-2784

Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/422 Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Changqing Li <changqing.li@windriver.com> 2025-06-13 14:54:25 +0800
committer: Khem Raj <raj.khem@gmail.com> 2025-06-13 13:11:23 -0700
commit: 4b861e84d9c7d2cce9797dbb8f991a02005f1c8c (patch)
tree: 61e462b1db64ec43a1f56cff6060913563c48bde
parent: f7b0f9cd33116902d553a4c2ef5c2a81a9bc1738 (diff)
download: meta-openembedded-4b861e84d9c7d2cce9797dbb8f991a02005f1c8c.tar.gz
2 files changed, 57 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch
new file mode 100644
index 0000000000..106f907168
--- /dev/null
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch
@@ -0,0 +1,56 @@
+From 2eacbd762332795e00692ddab2515c6da23198d3 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 12 May 2025 14:06:41 +0800
+Subject: [PATCH] sniffer: Add better coverage of skip_insignificant_space()
+CVE: CVE-2025-2784
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435/diffs?commit_id=242a10fbb12dbdc12d254bd8fc8669a0ac055304;
+ https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/442/diffs?commit_id=c415ad0b6771992e66c70edf373566c6e247089d]
+Test code is not added since it uses some functions not defined in
+version 2.74. These tests are not used now, so just ignore them.
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-content-sniffer.c |  9 +++----
+ 1 files changed, 3 insertions(+), 4 deletions(-)
+diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
+index 5f2896e..9554636 100644
+--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
+@@ -612,8 +612,10 @@ sniff_text_or_binary (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+ }
+ 
+ static gboolean
+-skip_insignificant_space (const char *resource, int *pos, int resource_length)
+skip_insignificant_space (const char *resource, gsize *pos, gsize resource_length)
+ {
+       if (*pos >= resource_length)
+               return TRUE;
+        while ((resource[*pos] == '\x09') ||
+               (resource[*pos] == '\x20') ||
+               (resource[*pos] == '\x0A') ||
+@@ -632,7 +634,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+ {
+        const char *resource = (const char *)buffer->data;
+        int resource_length = MIN (512, buffer->length);
+-       int pos = 0;
+       gsize pos = 0;
+ 
+        if (resource_length < 3)
+                goto text_html;
+@@ -642,9 +644,6 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+                pos = 3;
+ 
+  look_for_tag:
+-       if (pos > resource_length)
+-               goto text_html;
+-
+        if (skip_insignificant_space (resource, &pos, resource_length))
+                goto text_html;
+-- 
+2.34.1
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 03ec818ae5..db0bf1128f 100644
--- a/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -20,6 +20,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
           file://CVE-2024-52532-2.patch \
           file://CVE-2024-52532-3.patch \
           file://CVE-2025-32053.patch \
+           file://CVE-2025-2784.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
author	Changqing Li <changqing.li@windriver.com>	2025-06-13 14:54:25 +0800
committer	Khem Raj <raj.khem@gmail.com>	2025-06-13 13:11:23 -0700
commit	4b861e84d9c7d2cce9797dbb8f991a02005f1c8c (patch)
tree	61e462b1db64ec43a1f56cff6060913563c48bde
parent	f7b0f9cd33116902d553a4c2ef5c2a81a9bc1738 (diff)
download	meta-openembedded-4b861e84d9c7d2cce9797dbb8f991a02005f1c8c.tar.gz

diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch new file mode 100644 index 0000000000..106f907168 --- /dev/null +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch
@@ -0,0 +1,56 @@
		1	From 2eacbd762332795e00692ddab2515c6da23198d3 Mon Sep 17 00:00:00 2001
		2	From: Changqing Li <changqing.li@windriver.com>
		3	Date: Mon, 12 May 2025 14:06:41 +0800
		4	Subject: [PATCH] sniffer: Add better coverage of skip_insignificant_space()
		5
		6	CVE: CVE-2025-2784
		7	Upstream-Status: Backport
		8	[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435/diffs?commit_id=242a10fbb12dbdc12d254bd8fc8669a0ac055304;
		9	https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/442/diffs?commit_id=c415ad0b6771992e66c70edf373566c6e247089d]
		10
		11	Test code is not added since it uses some functions not defined in
		12	version 2.74. These tests are not used now, so just ignore them.
		13
		14	Signed-off-by: Changqing Li <changqing.li@windriver.com>
		15	---
		16	libsoup/soup-content-sniffer.c \| 9 +++----
		17	1 files changed, 3 insertions(+), 4 deletions(-)
		18
		19	diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
		20	index 5f2896e..9554636 100644
		21	--- a/libsoup/soup-content-sniffer.c
		22	+++ b/libsoup/soup-content-sniffer.c
		23	@@ -612,8 +612,10 @@ sniff_text_or_binary (SoupContentSniffer sniffer, SoupBuffer buffer)
		24	}
		25
		26	static gboolean
		27	-skip_insignificant_space (const char resource, int pos, int resource_length)
		28	+skip_insignificant_space (const char resource, gsize pos, gsize resource_length)
		29	{
		30	+ if (*pos >= resource_length)
		31	+ return TRUE;
		32	while ((resource[*pos] == '\x09') \|\|
		33	(resource[*pos] == '\x20') \|\|
		34	(resource[*pos] == '\x0A') \|\|
		35	@@ -632,7 +634,7 @@ sniff_feed_or_html (SoupContentSniffer sniffer, SoupBuffer buffer)
		36	{
		37	const char resource = (const char )buffer->data;
		38	int resource_length = MIN (512, buffer->length);
		39	- int pos = 0;
		40	+ gsize pos = 0;
		41
		42	if (resource_length < 3)
		43	goto text_html;
		44	@@ -642,9 +644,6 @@ sniff_feed_or_html (SoupContentSniffer sniffer, SoupBuffer buffer)
		45	pos = 3;
		46
		47	look_for_tag:
		48	- if (pos > resource_length)
		49	- goto text_html;
		50	-
		51	if (skip_insignificant_space (resource, &pos, resource_length))
		52	goto text_html;
		53
		54	--
		55	2.34.1
		56


diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb index 03ec818ae5..db0bf1128f 100644 --- a/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -20,6 +20,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
20	file://CVE-2024-52532-2.patch \	20	file://CVE-2024-52532-2.patch \
21	file://CVE-2024-52532-3.patch \	21	file://CVE-2024-52532-3.patch \
22	file://CVE-2025-32053.patch \	22	file://CVE-2025-32053.patch \
		23	file://CVE-2025-2784.patch \
23	"	24	"
24	SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"	25	SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
25		26