diff options
| author | Vijay Anusuri <vanusuri@mvista.com> | 2025-05-22 15:30:27 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-05-28 08:46:32 -0700 |
| commit | cbbea142805de8d2c5d3e02f1874c6eeb450020a (patch) | |
| tree | 9fa53175b0a5f595cae6d8938265ce7b3ddbf56b | |
| parent | d8278fd9f9982eeaa8c3cf600898b992bd577e28 (diff) | |
| download | poky-cbbea142805de8d2c5d3e02f1874c6eeb450020a.tar.gz | |
libsoup-2.4: Fix CVE-2025-32912
Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f
(From OE-Core rev: e66218f6cda7de046bace6880ea5052900fd6605)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
3 files changed, 73 insertions, 0 deletions
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-1.patch new file mode 100644 index 0000000000..2a6f37cb58 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-1.patch | |||
| @@ -0,0 +1,41 @@ | |||
| 1 | From cd077513f267e43ce4b659eb18a1734d8a369992 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Patrick Griffis <pgriffis@igalia.com> | ||
| 3 | Date: Wed, 5 Feb 2025 14:03:05 -0600 | ||
| 4 | Subject: [PATCH 1/2] auth-digest: Handle missing nonce | ||
| 5 | |||
| 6 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992] | ||
| 7 | CVE: CVE-2025-32912 | ||
| 8 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
| 9 | --- | ||
| 10 | libsoup/soup-auth-digest.c | 2 +- | ||
| 11 | tests/auth-test.c | 1 + | ||
| 12 | 2 files changed, 2 insertions(+), 1 deletion(-) | ||
| 13 | |||
| 14 | diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c | ||
| 15 | index a1db188..f0edb81 100644 | ||
| 16 | --- a/libsoup/soup-auth-digest.c | ||
| 17 | +++ b/libsoup/soup-auth-digest.c | ||
| 18 | @@ -156,7 +156,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg, | ||
| 19 | guint qop_options; | ||
| 20 | gboolean ok = TRUE; | ||
| 21 | |||
| 22 | - if (!soup_auth_get_realm (auth)) | ||
| 23 | + if (!soup_auth_get_realm (auth) || !g_hash_table_contains (auth_params, "nonce")) | ||
| 24 | return FALSE; | ||
| 25 | |||
| 26 | g_free (priv->domain); | ||
| 27 | diff --git a/tests/auth-test.c b/tests/auth-test.c | ||
| 28 | index 6fb1e4a..343d7a5 100644 | ||
| 29 | --- a/tests/auth-test.c | ||
| 30 | +++ b/tests/auth-test.c | ||
| 31 | @@ -1629,6 +1629,7 @@ main (int argc, char **argv) | ||
| 32 | g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test); | ||
| 33 | g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test); | ||
| 34 | g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test); | ||
| 35 | + g_test_add_data_func ("/auth/missing-params/nonce-and-qop", "Digest realm=\"auth-test\"", do_missing_params_test); | ||
| 36 | |||
| 37 | ret = g_test_run (); | ||
| 38 | |||
| 39 | -- | ||
| 40 | 2.25.1 | ||
| 41 | |||
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-2.patch new file mode 100644 index 0000000000..4898068115 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-2.patch | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | From 910ebdcd3dd82386717a201c13c834f3a63eed7f Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Patrick Griffis <pgriffis@igalia.com> | ||
| 3 | Date: Sat, 8 Feb 2025 12:30:13 -0600 | ||
| 4 | Subject: [PATCH 2/2] digest-auth: Handle NULL nonce | ||
| 5 | |||
| 6 | `contains` only handles a missing nonce, `lookup` handles both missing and empty. | ||
| 7 | |||
| 8 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f] | ||
| 9 | CVE: CVE-2025-32912 | ||
| 10 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
| 11 | --- | ||
| 12 | libsoup/soup-auth-digest.c | 2 +- | ||
| 13 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 14 | |||
| 15 | diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c | ||
| 16 | index f0edb81..c49ffd9 100644 | ||
| 17 | --- a/libsoup/soup-auth-digest.c | ||
| 18 | +++ b/libsoup/soup-auth-digest.c | ||
| 19 | @@ -156,7 +156,7 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg, | ||
| 20 | guint qop_options; | ||
| 21 | gboolean ok = TRUE; | ||
| 22 | |||
| 23 | - if (!soup_auth_get_realm (auth) || !g_hash_table_contains (auth_params, "nonce")) | ||
| 24 | + if (!soup_auth_get_realm (auth) || !g_hash_table_lookup (auth_params, "nonce")) | ||
| 25 | return FALSE; | ||
| 26 | |||
| 27 | g_free (priv->domain); | ||
| 28 | -- | ||
| 29 | 2.25.1 | ||
| 30 | |||
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb index 4e7667402b..848ea6eb54 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb | |||
| @@ -28,6 +28,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ | |||
| 28 | file://CVE-2025-32910-3.patch \ | 28 | file://CVE-2025-32910-3.patch \ |
| 29 | file://CVE-2025-32911_CVE-2025-32913-1.patch \ | 29 | file://CVE-2025-32911_CVE-2025-32913-1.patch \ |
| 30 | file://CVE-2025-32911_CVE-2025-32913-2.patch \ | 30 | file://CVE-2025-32911_CVE-2025-32913-2.patch \ |
| 31 | file://CVE-2025-32912-1.patch \ | ||
| 32 | file://CVE-2025-32912-2.patch \ | ||
| 31 | " | 33 | " |
| 32 | SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159" | 34 | SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159" |
| 33 | 35 | ||