diff options
| author | Vijay Anusuri <vanusuri@mvista.com> | 2025-06-13 11:14:48 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-06-20 08:06:29 -0700 |
| commit | ca51d99bf3906e6eb45b4fa92d13ef7a1fa626ae (patch) | |
| tree | e8de928b8f2cf89bc05d4858243941bb86d750b5 | |
| parent | 07f522869ca5ca98735e64c234e25b0b00558075 (diff) | |
| download | poky-ca51d99bf3906e6eb45b4fa92d13ef7a1fa626ae.tar.gz | |
libsoup-2.4: Fix CVE-2025-32050
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323]
(From OE-Core rev: c5afbcf487cb7331f641c4dd2c7a972b4cd3c787)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch | 28 | ||||
| -rw-r--r-- | meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb | 1 |
2 files changed, 29 insertions, 0 deletions
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch new file mode 100644 index 0000000000..474eb465a6 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32050.patch | |||
| @@ -0,0 +1,28 @@ | |||
| 1 | From 9bb0a55de55c6940ced811a64fbca82fe93a9323 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Patrick Griffis <pgriffis@igalia.com> | ||
| 3 | Date: Mon, 28 Oct 2024 12:29:48 -0500 | ||
| 4 | Subject: [PATCH] Fix using int instead of size_t for strcspn return | ||
| 5 | |||
| 6 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323] | ||
| 7 | CVE: CVE-2025-32050 | ||
| 8 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
| 9 | --- | ||
| 10 | libsoup/soup-headers.c | 2 +- | ||
| 11 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 12 | |||
| 13 | diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c | ||
| 14 | index 613e1905..a5f7a7f6 100644 | ||
| 15 | --- a/libsoup/soup-headers.c | ||
| 16 | +++ b/libsoup/soup-headers.c | ||
| 17 | @@ -907,7 +907,7 @@ append_param_quoted (GString *string, | ||
| 18 | const char *name, | ||
| 19 | const char *value) | ||
| 20 | { | ||
| 21 | - int len; | ||
| 22 | + gsize len; | ||
| 23 | |||
| 24 | g_string_append (string, name); | ||
| 25 | g_string_append (string, "=\""); | ||
| 26 | -- | ||
| 27 | GitLab | ||
| 28 | |||
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb index 5e8a141dc5..6b227b0503 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb | |||
| @@ -34,6 +34,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ | |||
| 34 | file://CVE-2025-32914.patch \ | 34 | file://CVE-2025-32914.patch \ |
| 35 | file://CVE-2025-2784-1.patch \ | 35 | file://CVE-2025-2784-1.patch \ |
| 36 | file://CVE-2025-2784-2.patch \ | 36 | file://CVE-2025-2784-2.patch \ |
| 37 | file://CVE-2025-32050.patch \ | ||
| 37 | " | 38 | " |
| 38 | SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159" | 39 | SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159" |
| 39 | 40 | ||
