libsoup: fix CVE-2025-32907

Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/429 (From OE-Core rev: a729b18103081acf17420cf91ec202e86cc6be0d) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Changqing Li <changqing.li@windriver.com> 2025-06-03 17:21:03 +0800
committer: Steve Sakoman <steve@sakoman.com> 2025-06-11 08:17:34 -0700
commit: 33fc8121c911bee69caf7f7a060793b11172f33a (patch)
tree: ca54047b409feac0ea752be779cc5adaf83808fe
parent: c04a6271a429b22bfac6e1d94d016073bfad55b1 (diff)
download: poky-33fc8121c911bee69caf7f7a060793b11172f33a.tar.gz
3 files changed, 270 insertions, 0 deletions
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch
new file mode 100644
index 0000000000..41b7d276a4
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch
@@ -0,0 +1,200 @@
+From 7507b0713c2f02af1cd561ebb99477e0a099419d Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 15 Apr 2025 12:17:39 +0200
+Subject: [PATCH 1/2] soup-message-headers: Correct merge of ranges
+It had been skipping every second range, which generated an array
+of a lot of insane ranges, causing large memory usage by the server.
+Closes #428
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>
+CVE: CVE-2025-32907
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits]
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-message-headers.c |   1 +
+ tests/meson.build              |   1 +
+ tests/server-mem-limit-test.c  | 144 +++++++++++++++++++++++++++++++++
+ 3 files changed, 146 insertions(+)
+ create mode 100644 tests/server-mem-limit-test.c
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index ee7a3cb..f101d4b 100644
+--- a/libsoup/soup-message-headers.c
+++ b/libsoup/soup-message-headers.c
+@@ -1244,6 +1244,7 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders  *hdrs,
+                        if (cur->start <= prev->end) {
+                                prev->end = MAX (prev->end, cur->end);
+                                g_array_remove_index (array, i);
+                               i--;
+                        }
+                }
+        }
+diff --git a/tests/meson.build b/tests/meson.build
+index ee118a0..8e7b51d 100644
+--- a/tests/meson.build
+++ b/tests/meson.build
+@@ -102,6 +102,7 @@ tests = [
+   {'name': 'samesite'},
+   {'name': 'session'},
+   {'name': 'server-auth'},
+  {'name': 'server-mem-limit'},
+   {'name': 'server'},
+   {'name': 'sniffing',
+     'depends': [test_resources],
+diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c
+new file mode 100644
+index 0000000..98f1c40
+--- /dev/null
+++ b/tests/server-mem-limit-test.c
+@@ -0,0 +1,144 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/*
+ * Copyright (C) 2025 Red Hat <www.redhat.com>
+ */
+
+#include "test-utils.h"
+
+#include <sys/resource.h>
+
+/*
+ This test limits memory usage to trigger too large buffer allocation crash.
+ As restoring the limits back to what it was does not always work, it's split
+ out of the server-test.c test with copied minimal server code.
+ */
+
+typedef struct {
+       SoupServer *server;
+       GUri *base_uri, *ssl_base_uri;
+       GSList *handlers;
+} ServerData;
+
+static void
+server_setup_nohandler (ServerData *sd, gconstpointer test_data)
+{
+       sd->server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
+       sd->base_uri = soup_test_server_get_uri (sd->server, "http", NULL);
+       if (tls_available)
+               sd->ssl_base_uri = soup_test_server_get_uri (sd->server, "https", NULL);
+}
+
+static void
+server_add_handler (ServerData         *sd,
+                   const char         *path,
+                   SoupServerCallback  callback,
+                   gpointer            user_data,
+                   GDestroyNotify      destroy)
+{
+       soup_server_add_handler (sd->server, path, callback, user_data, destroy);
+       sd->handlers = g_slist_prepend (sd->handlers, g_strdup (path));
+}
+
+static void
+server_setup (ServerData *sd, gconstpointer test_data)
+{
+       server_setup_nohandler (sd, test_data);
+}
+
+static void
+server_teardown (ServerData *sd, gconstpointer test_data)
+{
+       GSList *iter;
+
+       for (iter = sd->handlers; iter; iter = iter->next)
+               soup_server_remove_handler (sd->server, iter->data);
+       g_slist_free_full (sd->handlers, g_free);
+
+       g_clear_pointer (&sd->server, soup_test_server_quit_unref);
+       g_clear_pointer (&sd->base_uri, g_uri_unref);
+       g_clear_pointer (&sd->ssl_base_uri, g_uri_unref);
+}
+
+static void
+server_file_callback (SoupServer        *server,
+                     SoupServerMessage *msg,
+                     const char        *path,
+                     GHashTable        *query,
+                     gpointer           data)
+{
+       void *mem;
+
+       g_assert_cmpstr (path, ==, "/file");
+       g_assert_cmpstr (soup_server_message_get_method (msg), ==, SOUP_METHOD_GET);
+
+       mem = g_malloc0 (sizeof (char) * 1024 * 1024);
+       /* fedora-scan CI claims a warning about possibly leaked `mem` variable, thus use
+          the copy and free it explicitly, to workaround the false positive; the g_steal_pointer()
+          did not help for the malloc-ed memory */
+       soup_server_message_set_response (msg, "application/octet-stream", SOUP_MEMORY_COPY, mem, sizeof (char) * 1024 *1024);
+       soup_server_message_set_status (msg, SOUP_STATUS_OK, NULL);
+       g_free (mem);
+}
+
+static void
+do_ranges_overlaps_test (ServerData *sd, gconstpointer test_data)
+{
+       SoupSession *session;
+       SoupMessage *msg;
+       GString *range;
+       GUri *uri;
+       const char *chunk = ",0,0,0,0,0,0,0,0,0,0,0";
+
+       g_test_bug ("428");
+
+       #ifdef G_OS_WIN32
+       g_test_skip ("Cannot run under windows");
+       return;
+       #endif
+
+       range = g_string_sized_new (99 * 1024);
+       g_string_append (range, "bytes=1024");
+       while (range->len < 99 * 1024)
+               g_string_append (range, chunk);
+
+       session = soup_test_session_new (NULL);
+       server_add_handler (sd, "/file", server_file_callback, NULL, NULL);
+
+       uri = g_uri_parse_relative (sd->base_uri, "/file", SOUP_HTTP_URI_FLAGS, NULL);
+
+       msg = soup_message_new_from_uri ("GET", uri);
+       soup_message_headers_append (soup_message_get_request_headers (msg), "Range", range->str);
+
+       soup_test_session_send_message (session, msg);
+
+       soup_test_assert_message_status (msg, SOUP_STATUS_PARTIAL_CONTENT);
+
+       g_object_unref (msg);
+
+       g_string_free (range, TRUE);
+       g_uri_unref (uri);
+
+       soup_test_session_abort_unref (session);
+}
+
+int
+main (int argc, char **argv)
+{
+       int ret;
+
+       test_init (argc, argv, NULL);
+
+       #ifndef G_OS_WIN32
+       struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 };
+       /* limit memory usage, to trigger too large memory allocation abort */
+       g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0);
+       #endif
+
+       g_test_add ("/server-mem/range-overlaps", ServerData, NULL,
+                   server_setup, do_ranges_overlaps_test, server_teardown);
+
+       ret = g_test_run ();
+
+       test_cleanup ();
+       return ret;
+}
+-- 
+2.34.1
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch
new file mode 100644
index 0000000000..9c838a55af
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch
@@ -0,0 +1,68 @@
+From f31dfc357ffdd8d18d3593a06cd4acb888eaba70 Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 13 May 2025 14:20:46 +0200
+Subject: [PATCH 2/2] server-mem-limit-test: Limit memory usage only when not
+ built witha sanitizer
+A build with -Db_sanitize=address crashes with failed mmap(), which is done
+inside libasan. The test requires 20.0TB of virtual memory when running with
+the sanitizer, which is beyond unsigned integer limits and may not trigger
+the bug anyway.
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>
+CVE: CVE-2025-32907
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits]
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ meson.build                   |  4 ++++
+ tests/server-mem-limit-test.c | 13 +++++++++----
+ 2 files changed, 13 insertions(+), 4 deletions(-)
+diff --git a/meson.build b/meson.build
+index d4110da..74323ea 100644
+--- a/meson.build
+++ b/meson.build
+@@ -357,6 +357,10 @@ configinc = include_directories('.')
+ 
+ prefix = get_option('prefix')
+ 
+if get_option('b_sanitize') != 'none'
+  cdata.set_quoted('B_SANITIZE_OPTION', get_option('b_sanitize'))
+endif
+
+ cdata.set_quoted('PACKAGE_VERSION', soup_version)
+ cdata.set_quoted('LOCALEDIR', join_paths(prefix, get_option('localedir')))
+ cdata.set_quoted('GETTEXT_PACKAGE', libsoup_api_name)
+diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c
+index 98f1c40..65dc875 100644
+--- a/tests/server-mem-limit-test.c
+++ b/tests/server-mem-limit-test.c
+@@ -126,14 +126,19 @@ main (int argc, char **argv)
+ {
+        int ret;
+ 
+-       test_init (argc, argv, NULL);
+-
+-       #ifndef G_OS_WIN32
+-       struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 };
+       /* a build with an address sanitizer may crash on mmap() with the limit,
+          thus skip the limit set in such case, even it may not necessarily
+          trigger the bug if it regresses */
+       #if !defined(G_OS_WIN32) && !defined(B_SANITIZE_OPTION)
+       struct rlimit new_rlimit = { 1024UL * 1024UL * 1024UL * 2UL, 1024UL * 1024UL * 1024UL * 2UL };
+        /* limit memory usage, to trigger too large memory allocation abort */
+        g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0);
+       #else
+       g_message ("server-mem-limit-test: Running without memory limit");
+        #endif
+ 
+       test_init (argc, argv, NULL);
+
+        g_test_add ("/server-mem/range-overlaps", ServerData, NULL,
+                    server_setup, do_ranges_overlaps_test, server_teardown);
+ 
+-- 
+2.34.1
diff --git a/meta/recipes-support/libsoup/libsoup_3.4.4.bb b/meta/recipes-support/libsoup/libsoup_3.4.4.bb
index c19be9b5f4..687b14d9d6 100644
--- a/meta/recipes-support/libsoup/libsoup_3.4.4.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.4.4.bb
@@ -34,6 +34,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
           file://CVE-2025-4969.patch \
           file://CVE-2025-32908-1.patch \
           file://CVE-2025-32908-2.patch \
+           file://CVE-2025-32907-1.patch \
+           file://CVE-2025-32907-2.patch \
 "
 SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa"
author	Changqing Li <changqing.li@windriver.com>	2025-06-03 17:21:03 +0800
committer	Steve Sakoman <steve@sakoman.com>	2025-06-11 08:17:34 -0700
commit	33fc8121c911bee69caf7f7a060793b11172f33a (patch)
tree	ca54047b409feac0ea752be779cc5adaf83808fe
parent	c04a6271a429b22bfac6e1d94d016073bfad55b1 (diff)
download	poky-33fc8121c911bee69caf7f7a060793b11172f33a.tar.gz

diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch new file mode 100644 index 0000000000..41b7d276a4 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch
@@ -0,0 +1,200 @@
		1	From 7507b0713c2f02af1cd561ebb99477e0a099419d Mon Sep 17 00:00:00 2001
		2	From: Milan Crha <mcrha@redhat.com>
		3	Date: Tue, 15 Apr 2025 12:17:39 +0200
		4	Subject: [PATCH 1/2] soup-message-headers: Correct merge of ranges
		5
		6	It had been skipping every second range, which generated an array
		7	of a lot of insane ranges, causing large memory usage by the server.
		8
		9	Closes #428
		10
		11	Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>
		12
		13	CVE: CVE-2025-32907
		14	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits]
		15
		16	Signed-off-by: Changqing Li <changqing.li@windriver.com>
		17	---
		18	libsoup/soup-message-headers.c \| 1 +
		19	tests/meson.build \| 1 +
		20	tests/server-mem-limit-test.c \| 144 +++++++++++++++++++++++++++++++++
		21	3 files changed, 146 insertions(+)
		22	create mode 100644 tests/server-mem-limit-test.c
		23
		24	diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
		25	index ee7a3cb..f101d4b 100644
		26	--- a/libsoup/soup-message-headers.c
		27	+++ b/libsoup/soup-message-headers.c
		28	@@ -1244,6 +1244,7 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders *hdrs,
		29	if (cur->start <= prev->end) {
		30	prev->end = MAX (prev->end, cur->end);
		31	g_array_remove_index (array, i);
		32	+ i--;
		33	}
		34	}
		35	}
		36	diff --git a/tests/meson.build b/tests/meson.build
		37	index ee118a0..8e7b51d 100644
		38	--- a/tests/meson.build
		39	+++ b/tests/meson.build
		40	@@ -102,6 +102,7 @@ tests = [
		41	{'name': 'samesite'},
		42	{'name': 'session'},
		43	{'name': 'server-auth'},
		44	+ {'name': 'server-mem-limit'},
		45	{'name': 'server'},
		46	{'name': 'sniffing',
		47	'depends': [test_resources],
		48	diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c
		49	new file mode 100644
		50	index 0000000..98f1c40
		51	--- /dev/null
		52	+++ b/tests/server-mem-limit-test.c
		53	@@ -0,0 +1,144 @@
		54	+/* -- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -- */
		55	+/*
		56	+ * Copyright (C) 2025 Red Hat <www.redhat.com>
		57	+ */
		58	+
		59	+#include "test-utils.h"
		60	+
		61	+#include <sys/resource.h>
		62	+
		63	+/*
		64	+ This test limits memory usage to trigger too large buffer allocation crash.
		65	+ As restoring the limits back to what it was does not always work, it's split
		66	+ out of the server-test.c test with copied minimal server code.
		67	+ */
		68	+
		69	+typedef struct {
		70	+ SoupServer *server;
		71	+ GUri base_uri, ssl_base_uri;
		72	+ GSList *handlers;
		73	+} ServerData;
		74	+
		75	+static void
		76	+server_setup_nohandler (ServerData *sd, gconstpointer test_data)
		77	+{
		78	+ sd->server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
		79	+ sd->base_uri = soup_test_server_get_uri (sd->server, "http", NULL);
		80	+ if (tls_available)
		81	+ sd->ssl_base_uri = soup_test_server_get_uri (sd->server, "https", NULL);
		82	+}
		83	+
		84	+static void
		85	+server_add_handler (ServerData *sd,
		86	+ const char *path,
		87	+ SoupServerCallback callback,
		88	+ gpointer user_data,
		89	+ GDestroyNotify destroy)
		90	+{
		91	+ soup_server_add_handler (sd->server, path, callback, user_data, destroy);
		92	+ sd->handlers = g_slist_prepend (sd->handlers, g_strdup (path));
		93	+}
		94	+
		95	+static void
		96	+server_setup (ServerData *sd, gconstpointer test_data)
		97	+{
		98	+ server_setup_nohandler (sd, test_data);
		99	+}
		100	+
		101	+static void
		102	+server_teardown (ServerData *sd, gconstpointer test_data)
		103	+{
		104	+ GSList *iter;
		105	+
		106	+ for (iter = sd->handlers; iter; iter = iter->next)
		107	+ soup_server_remove_handler (sd->server, iter->data);
		108	+ g_slist_free_full (sd->handlers, g_free);
		109	+
		110	+ g_clear_pointer (&sd->server, soup_test_server_quit_unref);
		111	+ g_clear_pointer (&sd->base_uri, g_uri_unref);
		112	+ g_clear_pointer (&sd->ssl_base_uri, g_uri_unref);
		113	+}
		114	+
		115	+static void
		116	+server_file_callback (SoupServer *server,
		117	+ SoupServerMessage *msg,
		118	+ const char *path,
		119	+ GHashTable *query,
		120	+ gpointer data)
		121	+{
		122	+ void *mem;
		123	+
		124	+ g_assert_cmpstr (path, ==, "/file");
		125	+ g_assert_cmpstr (soup_server_message_get_method (msg), ==, SOUP_METHOD_GET);
		126	+
		127	+ mem = g_malloc0 (sizeof (char) * 1024 * 1024);
		128	+ /* fedora-scan CI claims a warning about possibly leaked `mem` variable, thus use
		129	+ the copy and free it explicitly, to workaround the false positive; the g_steal_pointer()
		130	+ did not help for the malloc-ed memory */
		131	+ soup_server_message_set_response (msg, "application/octet-stream", SOUP_MEMORY_COPY, mem, sizeof (char) * 1024 *1024);
		132	+ soup_server_message_set_status (msg, SOUP_STATUS_OK, NULL);
		133	+ g_free (mem);
		134	+}
		135	+
		136	+static void
		137	+do_ranges_overlaps_test (ServerData *sd, gconstpointer test_data)
		138	+{
		139	+ SoupSession *session;
		140	+ SoupMessage *msg;
		141	+ GString *range;
		142	+ GUri *uri;
		143	+ const char *chunk = ",0,0,0,0,0,0,0,0,0,0,0";
		144	+
		145	+ g_test_bug ("428");
		146	+
		147	+ #ifdef G_OS_WIN32
		148	+ g_test_skip ("Cannot run under windows");
		149	+ return;
		150	+ #endif
		151	+
		152	+ range = g_string_sized_new (99 * 1024);
		153	+ g_string_append (range, "bytes=1024");
		154	+ while (range->len < 99 * 1024)
		155	+ g_string_append (range, chunk);
		156	+
		157	+ session = soup_test_session_new (NULL);
		158	+ server_add_handler (sd, "/file", server_file_callback, NULL, NULL);
		159	+
		160	+ uri = g_uri_parse_relative (sd->base_uri, "/file", SOUP_HTTP_URI_FLAGS, NULL);
		161	+
		162	+ msg = soup_message_new_from_uri ("GET", uri);
		163	+ soup_message_headers_append (soup_message_get_request_headers (msg), "Range", range->str);
		164	+
		165	+ soup_test_session_send_message (session, msg);
		166	+
		167	+ soup_test_assert_message_status (msg, SOUP_STATUS_PARTIAL_CONTENT);
		168	+
		169	+ g_object_unref (msg);
		170	+
		171	+ g_string_free (range, TRUE);
		172	+ g_uri_unref (uri);
		173	+
		174	+ soup_test_session_abort_unref (session);
		175	+}
		176	+
		177	+int
		178	+main (int argc, char **argv)
		179	+{
		180	+ int ret;
		181	+
		182	+ test_init (argc, argv, NULL);
		183	+
		184	+ #ifndef G_OS_WIN32
		185	+ struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 };
		186	+ /* limit memory usage, to trigger too large memory allocation abort */
		187	+ g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0);
		188	+ #endif
		189	+
		190	+ g_test_add ("/server-mem/range-overlaps", ServerData, NULL,
		191	+ server_setup, do_ranges_overlaps_test, server_teardown);
		192	+
		193	+ ret = g_test_run ();
		194	+
		195	+ test_cleanup ();
		196	+ return ret;
		197	+}
		198	--
		199	2.34.1
		200


diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch new file mode 100644 index 0000000000..9c838a55af --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch
@@ -0,0 +1,68 @@
		1	From f31dfc357ffdd8d18d3593a06cd4acb888eaba70 Mon Sep 17 00:00:00 2001
		2	From: Milan Crha <mcrha@redhat.com>
		3	Date: Tue, 13 May 2025 14:20:46 +0200
		4	Subject: [PATCH 2/2] server-mem-limit-test: Limit memory usage only when not
		5	built witha sanitizer
		6
		7	A build with -Db_sanitize=address crashes with failed mmap(), which is done
		8	inside libasan. The test requires 20.0TB of virtual memory when running with
		9	the sanitizer, which is beyond unsigned integer limits and may not trigger
		10	the bug anyway.
		11
		12	Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>
		13
		14	CVE: CVE-2025-32907
		15	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits]
		16
		17	Signed-off-by: Changqing Li <changqing.li@windriver.com>
		18	---
		19	meson.build \| 4 ++++
		20	tests/server-mem-limit-test.c \| 13 +++++++++----
		21	2 files changed, 13 insertions(+), 4 deletions(-)
		22
		23	diff --git a/meson.build b/meson.build
		24	index d4110da..74323ea 100644
		25	--- a/meson.build
		26	+++ b/meson.build
		27	@@ -357,6 +357,10 @@ configinc = include_directories('.')
		28
		29	prefix = get_option('prefix')
		30
		31	+if get_option('b_sanitize') != 'none'
		32	+ cdata.set_quoted('B_SANITIZE_OPTION', get_option('b_sanitize'))
		33	+endif
		34	+
		35	cdata.set_quoted('PACKAGE_VERSION', soup_version)
		36	cdata.set_quoted('LOCALEDIR', join_paths(prefix, get_option('localedir')))
		37	cdata.set_quoted('GETTEXT_PACKAGE', libsoup_api_name)
		38	diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c
		39	index 98f1c40..65dc875 100644
		40	--- a/tests/server-mem-limit-test.c
		41	+++ b/tests/server-mem-limit-test.c
		42	@@ -126,14 +126,19 @@ main (int argc, char **argv)
		43	{
		44	int ret;
		45
		46	- test_init (argc, argv, NULL);
		47	-
		48	- #ifndef G_OS_WIN32
		49	- struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 };
		50	+ /* a build with an address sanitizer may crash on mmap() with the limit,
		51	+ thus skip the limit set in such case, even it may not necessarily
		52	+ trigger the bug if it regresses */
		53	+ #if !defined(G_OS_WIN32) && !defined(B_SANITIZE_OPTION)
		54	+ struct rlimit new_rlimit = { 1024UL * 1024UL * 1024UL * 2UL, 1024UL * 1024UL * 1024UL * 2UL };
		55	/* limit memory usage, to trigger too large memory allocation abort */
		56	g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0);
		57	+ #else
		58	+ g_message ("server-mem-limit-test: Running without memory limit");
		59	#endif
		60
		61	+ test_init (argc, argv, NULL);
		62	+
		63	g_test_add ("/server-mem/range-overlaps", ServerData, NULL,
		64	server_setup, do_ranges_overlaps_test, server_teardown);
		65
		66	--
		67	2.34.1
		68


diff --git a/meta/recipes-support/libsoup/libsoup_3.4.4.bb b/meta/recipes-support/libsoup/libsoup_3.4.4.bb index c19be9b5f4..687b14d9d6 100644 --- a/meta/recipes-support/libsoup/libsoup_3.4.4.bb +++ b/meta/recipes-support/libsoup/libsoup_3.4.4.bb
@@ -34,6 +34,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
34	file://CVE-2025-4969.patch \	34	file://CVE-2025-4969.patch \
35	file://CVE-2025-32908-1.patch \	35	file://CVE-2025-32908-1.patch \
36	file://CVE-2025-32908-2.patch \	36	file://CVE-2025-32908-2.patch \
		37	file://CVE-2025-32907-1.patch \
		38	file://CVE-2025-32907-2.patch \
37	"	39	"
38	SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa"	40	SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa"
39		41