libsoup: Fix for CVE-2024-52530 and CVE-2024-52532

Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b & https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be & https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c (From OE-Core rev: 5c96ff64b5c29e589d776d23dbbed64ad526a997) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Vijay Anusuri <vanusuri@mvista.com> 2024-11-19 11:31:17 +0530
committer: Steve Sakoman <steve@sakoman.com> 2024-11-27 06:27:25 -0800
commit: bac0039c98e2f54c97915f583135dfd2f762f8b9 (patch)
tree: 05b8eb0092b3011aac72e1c2f1c01e4cc7ab6ead
parent: 86be079fa42760ecb9a9652df87b00a8f350098d (diff)
download: poky-bac0039c98e2f54c97915f583135dfd2f762f8b9.tar.gz
4 files changed, 232 insertions, 1 deletions
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch b/meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch
new file mode 100644
index 0000000000..bd62a748eb
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch
@@ -0,0 +1,149 @@
+From 04df03bc092ac20607f3e150936624d4f536e68b Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 8 Jul 2024 12:33:15 -0500
+Subject: [PATCH] headers: Strictly don't allow NUL bytes
+In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem.
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b]
+CVE: CVE-2024-52530
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c      | 15 +++------
+ tests/header-parsing-test.c | 62 +++++++++++++++++--------------------
+ 2 files changed, 32 insertions(+), 45 deletions(-)
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index a0cf351ac..f30ee467a 100644
+--- a/libsoup/soup-headers.c
+++ b/libsoup/soup-headers.c
+@@ -51,13 +51,14 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+         * ignorable trailing whitespace.
+         */
+ 
+       /* No '\0's are allowed */
+       if (memchr (str, '\0', len))
+               return FALSE;
+
+        /* Skip over the Request-Line / Status-Line */
+        headers_start = memchr (str, '\n', len);
+        if (!headers_start)
+                return FALSE;
+-       /* No '\0's in the Request-Line / Status-Line */
+-       if (memchr (str, '\0', headers_start - str))
+-               return FALSE;
+ 
+        /* We work on a copy of the headers, which we can write '\0's
+         * into, so that we don't have to individually g_strndup and
+@@ -69,14 +70,6 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+        headers_copy[copy_len] = '\0';
+        value_end = headers_copy;
+ 
+-       /* There shouldn't be any '\0's in the headers already, but
+-        * this is the web we're talking about.
+-        */
+-       while ((p = memchr (headers_copy, '\0', copy_len))) {
+-               memmove (p, p + 1, copy_len - (p - headers_copy));
+-               copy_len--;
+-       }
+-
+        while (*(value_end + 1)) {
+                name = value_end + 1;
+                name_end = strchr (name, ':');
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index edf8eebb3..715c2c6f2 100644
+--- a/tests/header-parsing-test.c
+++ b/tests/header-parsing-test.c
+@@ -358,24 +358,6 @@ static struct RequestTest {
+          }
+        },
+ 
+-       { "NUL in header name", "760832",
+-         "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
+-         SOUP_STATUS_OK,
+-         "GET", "/", SOUP_HTTP_1_1,
+-         { { "Host", "example.com" },
+-           { NULL }
+-         }
+-       },
+-
+-       { "NUL in header value", "760832",
+-         "GET / HTTP/1.1\r\nHost: example\x00" "com\r\n", 35,
+-         SOUP_STATUS_OK,
+-         "GET", "/", SOUP_HTTP_1_1,
+-         { { "Host", "examplecom" },
+-           { NULL }
+-         }
+-       },
+-
+        /************************/
+        /*** INVALID REQUESTS ***/
+        /************************/
+@@ -448,6 +430,21 @@ static struct RequestTest {
+          SOUP_STATUS_EXPECTATION_FAILED,
+          NULL, NULL, -1,
+          { { NULL } }
+       },
+
+       // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
+       { "NUL in header name", NULL,
+         "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
+         SOUP_STATUS_BAD_REQUEST,
+         NULL, NULL, -1,
+         { { NULL } }
+       },
+
+       { "NUL in header value", NULL,
+         "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
+         SOUP_STATUS_BAD_REQUEST,
+           NULL, NULL, -1,
+         { { NULL } }
+        }
+ };
+ static const int num_reqtests = G_N_ELEMENTS (reqtests);
+@@ -620,22 +617,6 @@ static struct ResponseTest {
+            { NULL } }
+        },
+ 
+-       { "NUL in header name", "760832",
+-         "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
+-         SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+-         { { "Foo", "bar" },
+-           { NULL }
+-         }
+-       },
+-
+-       { "NUL in header value", "760832",
+-         "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
+-         SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+-         { { "Foo", "bar" },
+-           { NULL }
+-         }
+-       },
+-
+        /********************************/
+        /*** VALID CONTINUE RESPONSES ***/
+        /********************************/
+@@ -768,6 +749,19 @@ static struct ResponseTest {
+          { { NULL }
+          }
+        },
+
+       // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
+       { "NUL in header name", NULL,
+         "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
+         -1, 0, NULL,
+         { { NULL } }
+       },
+
+       { "NUL in header value", "760832",
+         "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
+         -1, 0, NULL,
+         { { NULL } }
+       },
+ };
+ static const int num_resptests = G_N_ELEMENTS (resptests);
+ 
+-- 
+GitLab
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch
new file mode 100644
index 0000000000..8fdf50aed4
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch
@@ -0,0 +1,36 @@
+From 6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Wed, 11 Sep 2024 11:52:11 +0200
+Subject: [PATCH] websocket: process the frame as soon as we read data
+Otherwise we can enter in a read loop because we were not
+validating the data until the all the data was read.
+Fixes #391
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be]
+CVE: CVE-2024-52532
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/websocket/soup-websocket-connection.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/libsoup/websocket/soup-websocket-connection.c b/libsoup/websocket/soup-websocket-connection.c
+index a1a730473..a14481340 100644
+--- a/libsoup/websocket/soup-websocket-connection.c
+++ b/libsoup/websocket/soup-websocket-connection.c
+@@ -1199,9 +1199,9 @@ soup_websocket_connection_read (SoupWebsocketConnection *self)
+                }
+ 
+                priv->incoming->len = len + count;
+-       } while (count > 0);
+ 
+-       process_incoming (self);
+               process_incoming (self);
+       } while (count > 0 && !priv->close_sent && !priv->io_closing);
+ 
+        if (end) {
+                if (!priv->close_sent || !priv->close_received) {
+-- 
+GitLab
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch
new file mode 100644
index 0000000000..e4e2d03d58
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch
@@ -0,0 +1,42 @@
+From 29b96fab2512666d7241e46c98cc45b60b795c0c Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Wed, 2 Oct 2024 11:17:19 +0200
+Subject: [PATCH] websocket-test: disconnect error copy after the test ends
+Otherwise the server will have already sent a few more wrong
+bytes and the client will continue getting errors to copy
+but the error is already != NULL and it will assert
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c]
+CVE: CVE-2024-52532
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ tests/websocket-test.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+diff --git a/tests/websocket-test.c b/tests/websocket-test.c
+index 06c443bb5..6a48c1f9b 100644
+--- a/tests/websocket-test.c
+++ b/tests/websocket-test.c
+@@ -1539,8 +1539,9 @@ test_receive_invalid_encode_length_64 (Test *test,
+        GError *error = NULL;
+        InvalidEncodeLengthTest context = { test, NULL };
+        guint i;
+       guint error_id;
+ 
+-       g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
+       error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
+        g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received);
+ 
+        /* We use 127(\x7f) as payload length with 65535 extended length */
+@@ -1553,6 +1554,7 @@ test_receive_invalid_encode_length_64 (Test *test,
+        WAIT_UNTIL (error != NULL || received != NULL);
+        g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR);
+        g_clear_error (&error);
+        g_signal_handler_disconnect (test->client, error_id);
+        g_assert_null (received);
+ 
+         g_thread_join (thread);
+-- 
+GitLab
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index 59cc4a1d0a..919fef5107 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -11,7 +11,11 @@ DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl nghttp2"
 SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
-SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz"
+SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
+           file://CVE-2024-52530.patch \
+           file://CVE-2024-52532-1.patch \
+           file://CVE-2024-52532-2.patch \
+          "
 SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
 PROVIDES = "libsoup-3.0"
author	Vijay Anusuri <vanusuri@mvista.com>	2024-11-19 11:31:17 +0530
committer	Steve Sakoman <steve@sakoman.com>	2024-11-27 06:27:25 -0800
commit	bac0039c98e2f54c97915f583135dfd2f762f8b9 (patch)
tree	05b8eb0092b3011aac72e1c2f1c01e4cc7ab6ead
parent	86be079fa42760ecb9a9652df87b00a8f350098d (diff)
download	poky-bac0039c98e2f54c97915f583135dfd2f762f8b9.tar.gz

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch b/meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch new file mode 100644 index 0000000000..bd62a748eb --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch
@@ -0,0 +1,149 @@
		1	From 04df03bc092ac20607f3e150936624d4f536e68b Mon Sep 17 00:00:00 2001
		2	From: Patrick Griffis <pgriffis@igalia.com>
		3	Date: Mon, 8 Jul 2024 12:33:15 -0500
		4	Subject: [PATCH] headers: Strictly don't allow NUL bytes
		5
		6	In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem.
		7
		8	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b]
		9	CVE: CVE-2024-52530
		10	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		11	---
		12	libsoup/soup-headers.c \| 15 +++------
		13	tests/header-parsing-test.c \| 62 +++++++++++++++++--------------------
		14	2 files changed, 32 insertions(+), 45 deletions(-)
		15
		16	diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
		17	index a0cf351ac..f30ee467a 100644
		18	--- a/libsoup/soup-headers.c
		19	+++ b/libsoup/soup-headers.c
		20	@@ -51,13 +51,14 @@ soup_headers_parse (const char str, int len, SoupMessageHeaders dest)
		21	* ignorable trailing whitespace.
		22	*/
		23
		24	+ /* No '\0's are allowed */
		25	+ if (memchr (str, '\0', len))
		26	+ return FALSE;
		27	+
		28	/* Skip over the Request-Line / Status-Line */
		29	headers_start = memchr (str, '\n', len);
		30	if (!headers_start)
		31	return FALSE;
		32	- /* No '\0's in the Request-Line / Status-Line */
		33	- if (memchr (str, '\0', headers_start - str))
		34	- return FALSE;
		35
		36	/* We work on a copy of the headers, which we can write '\0's
		37	* into, so that we don't have to individually g_strndup and
		38	@@ -69,14 +70,6 @@ soup_headers_parse (const char str, int len, SoupMessageHeaders dest)
		39	headers_copy[copy_len] = '\0';
		40	value_end = headers_copy;
		41
		42	- /* There shouldn't be any '\0's in the headers already, but
		43	- * this is the web we're talking about.
		44	- */
		45	- while ((p = memchr (headers_copy, '\0', copy_len))) {
		46	- memmove (p, p + 1, copy_len - (p - headers_copy));
		47	- copy_len--;
		48	- }
		49	-
		50	while (*(value_end + 1)) {
		51	name = value_end + 1;
		52	name_end = strchr (name, ':');
		53	diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
		54	index edf8eebb3..715c2c6f2 100644
		55	--- a/tests/header-parsing-test.c
		56	+++ b/tests/header-parsing-test.c
		57	@@ -358,24 +358,6 @@ static struct RequestTest {
		58	}
		59	},
		60
		61	- { "NUL in header name", "760832",
		62	- "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
		63	- SOUP_STATUS_OK,
		64	- "GET", "/", SOUP_HTTP_1_1,
		65	- { { "Host", "example.com" },
		66	- { NULL }
		67	- }
		68	- },
		69	-
		70	- { "NUL in header value", "760832",
		71	- "GET / HTTP/1.1\r\nHost: example\x00" "com\r\n", 35,
		72	- SOUP_STATUS_OK,
		73	- "GET", "/", SOUP_HTTP_1_1,
		74	- { { "Host", "examplecom" },
		75	- { NULL }
		76	- }
		77	- },
		78	-
		79	/************************/
		80	/* INVALID REQUESTS */
		81	/************************/
		82	@@ -448,6 +430,21 @@ static struct RequestTest {
		83	SOUP_STATUS_EXPECTATION_FAILED,
		84	NULL, NULL, -1,
		85	{ { NULL } }
		86	+ },
		87	+
		88	+ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
		89	+ { "NUL in header name", NULL,
		90	+ "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
		91	+ SOUP_STATUS_BAD_REQUEST,
		92	+ NULL, NULL, -1,
		93	+ { { NULL } }
		94	+ },
		95	+
		96	+ { "NUL in header value", NULL,
		97	+ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
		98	+ SOUP_STATUS_BAD_REQUEST,
		99	+ NULL, NULL, -1,
		100	+ { { NULL } }
		101	}
		102	};
		103	static const int num_reqtests = G_N_ELEMENTS (reqtests);
		104	@@ -620,22 +617,6 @@ static struct ResponseTest {
		105	{ NULL } }
		106	},
		107
		108	- { "NUL in header name", "760832",
		109	- "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
		110	- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
		111	- { { "Foo", "bar" },
		112	- { NULL }
		113	- }
		114	- },
		115	-
		116	- { "NUL in header value", "760832",
		117	- "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
		118	- SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
		119	- { { "Foo", "bar" },
		120	- { NULL }
		121	- }
		122	- },
		123	-
		124	/********************************/
		125	/* VALID CONTINUE RESPONSES */
		126	/********************************/
		127	@@ -768,6 +749,19 @@ static struct ResponseTest {
		128	{ { NULL }
		129	}
		130	},
		131	+
		132	+ // https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
		133	+ { "NUL in header name", NULL,
		134	+ "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
		135	+ -1, 0, NULL,
		136	+ { { NULL } }
		137	+ },
		138	+
		139	+ { "NUL in header value", "760832",
		140	+ "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
		141	+ -1, 0, NULL,
		142	+ { { NULL } }
		143	+ },
		144	};
		145	static const int num_resptests = G_N_ELEMENTS (resptests);
		146
		147	--
		148	GitLab
		149


diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch new file mode 100644 index 0000000000..8fdf50aed4 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch
@@ -0,0 +1,36 @@
		1	From 6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be Mon Sep 17 00:00:00 2001
		2	From: Ignacio Casal Quinteiro <qignacio@amazon.com>
		3	Date: Wed, 11 Sep 2024 11:52:11 +0200
		4	Subject: [PATCH] websocket: process the frame as soon as we read data
		5
		6	Otherwise we can enter in a read loop because we were not
		7	validating the data until the all the data was read.
		8
		9	Fixes #391
		10
		11	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be]
		12	CVE: CVE-2024-52532
		13	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		14	---
		15	libsoup/websocket/soup-websocket-connection.c \| 4 ++--
		16	1 file changed, 2 insertions(+), 2 deletions(-)
		17
		18	diff --git a/libsoup/websocket/soup-websocket-connection.c b/libsoup/websocket/soup-websocket-connection.c
		19	index a1a730473..a14481340 100644
		20	--- a/libsoup/websocket/soup-websocket-connection.c
		21	+++ b/libsoup/websocket/soup-websocket-connection.c
		22	@@ -1199,9 +1199,9 @@ soup_websocket_connection_read (SoupWebsocketConnection *self)
		23	}
		24
		25	priv->incoming->len = len + count;
		26	- } while (count > 0);
		27
		28	- process_incoming (self);
		29	+ process_incoming (self);
		30	+ } while (count > 0 && !priv->close_sent && !priv->io_closing);
		31
		32	if (end) {
		33	if (!priv->close_sent \|\| !priv->close_received) {
		34	--
		35	GitLab
		36


diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch new file mode 100644 index 0000000000..e4e2d03d58 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch
@@ -0,0 +1,42 @@
		1	From 29b96fab2512666d7241e46c98cc45b60b795c0c Mon Sep 17 00:00:00 2001
		2	From: Ignacio Casal Quinteiro <qignacio@amazon.com>
		3	Date: Wed, 2 Oct 2024 11:17:19 +0200
		4	Subject: [PATCH] websocket-test: disconnect error copy after the test ends
		5
		6	Otherwise the server will have already sent a few more wrong
		7	bytes and the client will continue getting errors to copy
		8	but the error is already != NULL and it will assert
		9
		10	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c]
		11	CVE: CVE-2024-52532
		12	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		13	---
		14	tests/websocket-test.c \| 4 +++-
		15	1 file changed, 3 insertions(+), 1 deletion(-)
		16
		17	diff --git a/tests/websocket-test.c b/tests/websocket-test.c
		18	index 06c443bb5..6a48c1f9b 100644
		19	--- a/tests/websocket-test.c
		20	+++ b/tests/websocket-test.c
		21	@@ -1539,8 +1539,9 @@ test_receive_invalid_encode_length_64 (Test *test,
		22	GError *error = NULL;
		23	InvalidEncodeLengthTest context = { test, NULL };
		24	guint i;
		25	+ guint error_id;
		26
		27	- g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
		28	+ error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
		29	g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received);
		30
		31	/* We use 127(\x7f) as payload length with 65535 extended length */
		32	@@ -1553,6 +1554,7 @@ test_receive_invalid_encode_length_64 (Test *test,
		33	WAIT_UNTIL (error != NULL \|\| received != NULL);
		34	g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR);
		35	g_clear_error (&error);
		36	+ g_signal_handler_disconnect (test->client, error_id);
		37	g_assert_null (received);
		38
		39	g_thread_join (thread);
		40	--
		41	GitLab
		42


diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb index 59cc4a1d0a..919fef5107 100644 --- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb +++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -11,7 +11,11 @@ DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl nghttp2"
11		11
12	SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"	12	SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
13		13
14	SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz"	14	SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
		15	file://CVE-2024-52530.patch \
		16	file://CVE-2024-52532-1.patch \
		17	file://CVE-2024-52532-2.patch \
		18	"
15	SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"	19	SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
16		20
17	PROVIDES = "libsoup-3.0"	21	PROVIDES = "libsoup-3.0"