1 files changed, 94 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch
new file mode 100644
index 0000000000..019a35e3be
--- /dev/null
+++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch
@@ -0,0 +1,94 @@
+From eccfca1074fc485a0b60dfb9c8385429a226bf73 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Fri, 16 May 2025 13:19:38 +0800
+Subject: [PATCH] auth-digest: Handle missing nonce
+CVE: CVE-2025-32910
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417/diffs?commit_id=405a8a34597a44bd58c4759e7d5e23f02c3b556a]
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-auth-digest.c | 45 ++++++++++++++++++++++++++++----------
+ 1 files changed, 28 insertions(+), 10 deletions(-)
+diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
+index 0ab3499..10a8591 100644
+--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
+@@ -132,6 +132,19 @@ soup_auth_digest_get_qop (SoupAuthDigestQop qop)
+        return g_string_free (out, FALSE);
+ }
+ 
+static gboolean
+validate_params (SoupAuthDigest *auth_digest)
+{
+       SoupAuthDigestPrivate *priv = soup_auth_digest_get_instance_private (auth_digest);
+
+       if (priv->qop || priv->algorithm == SOUP_AUTH_DIGEST_ALGORITHM_MD5_SESS) {
+               if (!priv->nonce)
+                       return FALSE;
+       }
+
+       return TRUE;
+}
+
+ static gboolean
+ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+                         GHashTable *auth_params)
+@@ -169,17 +182,22 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
+        if (priv->algorithm == -1)
+                ok = FALSE;
+ 
+-       stale = g_hash_table_lookup (auth_params, "stale");
+-       if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
+-               recompute_hex_a1 (priv);
+-       else {
+-               g_free (priv->user);
+-               priv->user = NULL;
+-               g_free (priv->cnonce);
+-               priv->cnonce = NULL;
+-               memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
+-               memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
+-        }
+       if (!validate_params (auth_digest))
+               ok = FALSE;
+
+       if (ok) {
+               stale = g_hash_table_lookup (auth_params, "stale");
+               if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
+                       recompute_hex_a1 (priv);
+               else {
+                       g_free (priv->user);
+                       priv->user = NULL;
+                       g_free (priv->cnonce);
+                       priv->cnonce = NULL;
+                       memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
+                       memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
+               }
+       }
+ 
+        return ok;
+ }
+@@ -359,6 +377,8 @@ soup_auth_digest_compute_response (const char        *method,
+        if (qop) {
+                char tmp[9];
+ 
+               g_assert (cnonce);
+
+                g_snprintf (tmp, 9, "%.8x", nc);
+                g_checksum_update (checksum, (guchar *)tmp, strlen (tmp));
+                g_checksum_update (checksum, (guchar *)":", 1);
+@@ -422,6 +442,9 @@ soup_auth_digest_get_authorization (SoupAuth *auth, SoupMessage *msg)
+        g_return_val_if_fail (uri != NULL, NULL);
+        url = soup_uri_to_string (uri, TRUE);
+ 
+       g_assert (priv->nonce);
+       g_assert (!priv->qop || priv->cnonce);
+
+        soup_auth_digest_compute_response (msg->method, url, priv->hex_a1,
+                                           priv->qop, priv->nonce,
+                                           priv->cnonce, priv->nc,
+ 
+-- 
+2.34.1

diff --git a/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch new file mode 100644 index 0000000000..019a35e3be --- /dev/null +++ b/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch
@@ -0,0 +1,94 @@
	1	From eccfca1074fc485a0b60dfb9c8385429a226bf73 Mon Sep 17 00:00:00 2001
	2	From: Changqing Li <changqing.li@windriver.com>
	3	Date: Fri, 16 May 2025 13:19:38 +0800
	4	Subject: [PATCH] auth-digest: Handle missing nonce
	5
	6	CVE: CVE-2025-32910
	7	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417/diffs?commit_id=405a8a34597a44bd58c4759e7d5e23f02c3b556a]
	8
	9	Signed-off-by: Changqing Li <changqing.li@windriver.com>
	10	---
	11	libsoup/soup-auth-digest.c \| 45 ++++++++++++++++++++++++++++----------
	12	1 files changed, 28 insertions(+), 10 deletions(-)
	13
	14	diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
	15	index 0ab3499..10a8591 100644
	16	--- a/libsoup/soup-auth-digest.c
	17	+++ b/libsoup/soup-auth-digest.c
	18	@@ -132,6 +132,19 @@ soup_auth_digest_get_qop (SoupAuthDigestQop qop)
	19	return g_string_free (out, FALSE);
	20	}
	21
	22	+static gboolean
	23	+validate_params (SoupAuthDigest *auth_digest)
	24	+{
	25	+ SoupAuthDigestPrivate *priv = soup_auth_digest_get_instance_private (auth_digest);
	26	+
	27	+ if (priv->qop \|\| priv->algorithm == SOUP_AUTH_DIGEST_ALGORITHM_MD5_SESS) {
	28	+ if (!priv->nonce)
	29	+ return FALSE;
	30	+ }
	31	+
	32	+ return TRUE;
	33	+}
	34	+
	35	static gboolean
	36	soup_auth_digest_update (SoupAuth auth, SoupMessage msg,
	37	GHashTable *auth_params)
	38	@@ -169,17 +182,22 @@ soup_auth_digest_update (SoupAuth auth, SoupMessage msg,
	39	if (priv->algorithm == -1)
	40	ok = FALSE;
	41
	42	- stale = g_hash_table_lookup (auth_params, "stale");
	43	- if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
	44	- recompute_hex_a1 (priv);
	45	- else {
	46	- g_free (priv->user);
	47	- priv->user = NULL;
	48	- g_free (priv->cnonce);
	49	- priv->cnonce = NULL;
	50	- memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
	51	- memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
	52	- }
	53	+ if (!validate_params (auth_digest))
	54	+ ok = FALSE;
	55	+
	56	+ if (ok) {
	57	+ stale = g_hash_table_lookup (auth_params, "stale");
	58	+ if (stale && !g_ascii_strcasecmp (stale, "TRUE") && *priv->hex_urp)
	59	+ recompute_hex_a1 (priv);
	60	+ else {
	61	+ g_free (priv->user);
	62	+ priv->user = NULL;
	63	+ g_free (priv->cnonce);
	64	+ priv->cnonce = NULL;
	65	+ memset (priv->hex_urp, 0, sizeof (priv->hex_urp));
	66	+ memset (priv->hex_a1, 0, sizeof (priv->hex_a1));
	67	+ }
	68	+ }
	69
	70	return ok;
	71	}
	72	@@ -359,6 +377,8 @@ soup_auth_digest_compute_response (const char *method,
	73	if (qop) {
	74	char tmp[9];
	75
	76	+ g_assert (cnonce);
	77	+
	78	g_snprintf (tmp, 9, "%.8x", nc);
	79	g_checksum_update (checksum, (guchar *)tmp, strlen (tmp));
	80	g_checksum_update (checksum, (guchar *)":", 1);
	81	@@ -422,6 +442,9 @@ soup_auth_digest_get_authorization (SoupAuth auth, SoupMessage msg)
	82	g_return_val_if_fail (uri != NULL, NULL);
	83	url = soup_uri_to_string (uri, TRUE);
	84
	85	+ g_assert (priv->nonce);
	86	+ g_assert (!priv->qop \|\| priv->cnonce);
	87	+
	88	soup_auth_digest_compute_response (msg->method, url, priv->hex_a1,
	89	priv->qop, priv->nonce,
	90	priv->cnonce, priv->nc,
	91
	92	--
	93	2.34.1
	94