1 files changed, 56 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch
new file mode 100644
index 0000000000..106f907168
--- /dev/null
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch
@@ -0,0 +1,56 @@
+From 2eacbd762332795e00692ddab2515c6da23198d3 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 12 May 2025 14:06:41 +0800
+Subject: [PATCH] sniffer: Add better coverage of skip_insignificant_space()
+CVE: CVE-2025-2784
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435/diffs?commit_id=242a10fbb12dbdc12d254bd8fc8669a0ac055304;
+ https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/442/diffs?commit_id=c415ad0b6771992e66c70edf373566c6e247089d]
+Test code is not added since it uses some functions not defined in
+version 2.74. These tests are not used now, so just ignore them.
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-content-sniffer.c |  9 +++----
+ 1 files changed, 3 insertions(+), 4 deletions(-)
+diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
+index 5f2896e..9554636 100644
+--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
+@@ -612,8 +612,10 @@ sniff_text_or_binary (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+ }
+ 
+ static gboolean
+-skip_insignificant_space (const char *resource, int *pos, int resource_length)
+skip_insignificant_space (const char *resource, gsize *pos, gsize resource_length)
+ {
+       if (*pos >= resource_length)
+               return TRUE;
+        while ((resource[*pos] == '\x09') ||
+               (resource[*pos] == '\x20') ||
+               (resource[*pos] == '\x0A') ||
+@@ -632,7 +634,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+ {
+        const char *resource = (const char *)buffer->data;
+        int resource_length = MIN (512, buffer->length);
+-       int pos = 0;
+       gsize pos = 0;
+ 
+        if (resource_length < 3)
+                goto text_html;
+@@ -642,9 +644,6 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+                pos = 3;
+ 
+  look_for_tag:
+-       if (pos > resource_length)
+-               goto text_html;
+-
+        if (skip_insignificant_space (resource, &pos, resource_length))
+                goto text_html;
+-- 
+2.34.1

diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch new file mode 100644 index 0000000000..106f907168 --- /dev/null +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch
@@ -0,0 +1,56 @@
	1	From 2eacbd762332795e00692ddab2515c6da23198d3 Mon Sep 17 00:00:00 2001
	2	From: Changqing Li <changqing.li@windriver.com>
	3	Date: Mon, 12 May 2025 14:06:41 +0800
	4	Subject: [PATCH] sniffer: Add better coverage of skip_insignificant_space()
	5
	6	CVE: CVE-2025-2784
	7	Upstream-Status: Backport
	8	[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435/diffs?commit_id=242a10fbb12dbdc12d254bd8fc8669a0ac055304;
	9	https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/442/diffs?commit_id=c415ad0b6771992e66c70edf373566c6e247089d]
	10
	11	Test code is not added since it uses some functions not defined in
	12	version 2.74. These tests are not used now, so just ignore them.
	13
	14	Signed-off-by: Changqing Li <changqing.li@windriver.com>
	15	---
	16	libsoup/soup-content-sniffer.c \| 9 +++----
	17	1 files changed, 3 insertions(+), 4 deletions(-)
	18
	19	diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
	20	index 5f2896e..9554636 100644
	21	--- a/libsoup/soup-content-sniffer.c
	22	+++ b/libsoup/soup-content-sniffer.c
	23	@@ -612,8 +612,10 @@ sniff_text_or_binary (SoupContentSniffer sniffer, SoupBuffer buffer)
	24	}
	25
	26	static gboolean
	27	-skip_insignificant_space (const char resource, int pos, int resource_length)
	28	+skip_insignificant_space (const char resource, gsize pos, gsize resource_length)
	29	{
	30	+ if (*pos >= resource_length)
	31	+ return TRUE;
	32	while ((resource[*pos] == '\x09') \|\|
	33	(resource[*pos] == '\x20') \|\|
	34	(resource[*pos] == '\x0A') \|\|
	35	@@ -632,7 +634,7 @@ sniff_feed_or_html (SoupContentSniffer sniffer, SoupBuffer buffer)
	36	{
	37	const char resource = (const char )buffer->data;
	38	int resource_length = MIN (512, buffer->length);
	39	- int pos = 0;
	40	+ gsize pos = 0;
	41
	42	if (resource_length < 3)
	43	goto text_html;
	44	@@ -642,9 +644,6 @@ sniff_feed_or_html (SoupContentSniffer sniffer, SoupBuffer buffer)
	45	pos = 3;
	46
	47	look_for_tag:
	48	- if (pos > resource_length)
	49	- goto text_html;
	50	-
	51	if (skip_insignificant_space (resource, &pos, resource_length))
	52	goto text_html;
	53
	54	--
	55	2.34.1
	56