libsoup: fix CVE-2025-4476

Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/440 (From OE-Core rev: 0b93d8cedfd102fcd723786b975a5cf684c2b0e8) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Changqing Li <changqing.li@windriver.com> 2025-06-03 13:20:55 +0800
committer: Steve Sakoman <steve@sakoman.com> 2025-06-13 09:01:26 -0700
commit: e8d14bbbc11e32cc7641e47ead536d62421646b0 (patch)
tree: cc967a703ca2ff2b3023aa30f3099d31e0bdab59
parent: 2526655f7613098af2409367004785f5ab89fd83 (diff)
download: poky-e8d14bbbc11e32cc7641e47ead536d62421646b0.tar.gz
2 files changed, 41 insertions, 1 deletions
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch
new file mode 100644
index 0000000000..d0b1f12709
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch
@@ -0,0 +1,39 @@
+From 71d33e37139fee6216ad2bf4e926f987076a6cff Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Thu, 8 May 2025 09:27:01 -0500
+Subject: [PATCH] auth-digest: fix crash in
+ soup_auth_digest_get_protection_space()
+We need to validate the Domain parameter in the WWW-Authenticate header.
+Unfortunately this crash only occurs when listening on default ports 80
+and 443, so there's no good way to test for this. The test would require
+running as root.
+Fixes #440
+CVE: CVE-2025-4476
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/457/diffs?commit_id=e64c221f9c7d09b48b610c5626b3b8c400f0907c]
+Signed-off-by: Changqing Li <changqing.li@windriver.c
+---
+ libsoup/auth/soup-auth-digest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
+index d8bb291..292f204 100644
+--- a/libsoup/auth/soup-auth-digest.c
+++ b/libsoup/auth/soup-auth-digest.c
+@@ -220,7 +220,7 @@ soup_auth_digest_get_protection_space (SoupAuth *auth, GUri *source_uri)
+                        if (uri &&
+                             g_strcmp0 (g_uri_get_scheme (uri), g_uri_get_scheme (source_uri)) == 0 &&
+                            g_uri_get_port (uri) == g_uri_get_port (source_uri) &&
+-                           !strcmp (g_uri_get_host (uri), g_uri_get_host (source_uri)))
+                           !g_strcmp0 (g_uri_get_host (uri), g_uri_get_host (source_uri)))
+                                dir = g_strdup (g_uri_get_path (uri));
+                        else
+                                dir = NULL;
+-- 
+2.34.1
diff --git a/meta/recipes-support/libsoup/libsoup_3.6.5.bb b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
index 2faf50c223..2bed009e0a 100644
--- a/meta/recipes-support/libsoup/libsoup_3.6.5.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
@@ -12,7 +12,8 @@ DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl nghttp2"
 SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
 SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
-           file://CVE-2025-32914.patch"
+           file://CVE-2025-32914.patch \
+           file://CVE-2025-4476.patch"
 SRC_URI[sha256sum] = "6891765aac3e949017945c3eaebd8cc8216df772456dc9f460976fbdb7ada234"
 PROVIDES = "libsoup-3.0"
author	Changqing Li <changqing.li@windriver.com>	2025-06-03 13:20:55 +0800
committer	Steve Sakoman <steve@sakoman.com>	2025-06-13 09:01:26 -0700
commit	e8d14bbbc11e32cc7641e47ead536d62421646b0 (patch)
tree	cc967a703ca2ff2b3023aa30f3099d31e0bdab59
parent	2526655f7613098af2409367004785f5ab89fd83 (diff)
download	poky-e8d14bbbc11e32cc7641e47ead536d62421646b0.tar.gz

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch new file mode 100644 index 0000000000..d0b1f12709 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-4476.patch
@@ -0,0 +1,39 @@
		1	From 71d33e37139fee6216ad2bf4e926f987076a6cff Mon Sep 17 00:00:00 2001
		2	From: Michael Catanzaro <mcatanzaro@redhat.com>
		3	Date: Thu, 8 May 2025 09:27:01 -0500
		4	Subject: [PATCH] auth-digest: fix crash in
		5	soup_auth_digest_get_protection_space()
		6
		7	We need to validate the Domain parameter in the WWW-Authenticate header.
		8
		9	Unfortunately this crash only occurs when listening on default ports 80
		10	and 443, so there's no good way to test for this. The test would require
		11	running as root.
		12
		13	Fixes #440
		14
		15	CVE: CVE-2025-4476
		16	Upstream-Status: Backport
		17	[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/457/diffs?commit_id=e64c221f9c7d09b48b610c5626b3b8c400f0907c]
		18
		19	Signed-off-by: Changqing Li <changqing.li@windriver.c
		20	---
		21	libsoup/auth/soup-auth-digest.c \| 2 +-
		22	1 file changed, 1 insertion(+), 1 deletion(-)
		23
		24	diff --git a/libsoup/auth/soup-auth-digest.c b/libsoup/auth/soup-auth-digest.c
		25	index d8bb291..292f204 100644
		26	--- a/libsoup/auth/soup-auth-digest.c
		27	+++ b/libsoup/auth/soup-auth-digest.c
		28	@@ -220,7 +220,7 @@ soup_auth_digest_get_protection_space (SoupAuth auth, GUri source_uri)
		29	if (uri &&
		30	g_strcmp0 (g_uri_get_scheme (uri), g_uri_get_scheme (source_uri)) == 0 &&
		31	g_uri_get_port (uri) == g_uri_get_port (source_uri) &&
		32	- !strcmp (g_uri_get_host (uri), g_uri_get_host (source_uri)))
		33	+ !g_strcmp0 (g_uri_get_host (uri), g_uri_get_host (source_uri)))
		34	dir = g_strdup (g_uri_get_path (uri));
		35	else
		36	dir = NULL;
		37	--
		38	2.34.1
		39


diff --git a/meta/recipes-support/libsoup/libsoup_3.6.5.bb b/meta/recipes-support/libsoup/libsoup_3.6.5.bb index 2faf50c223..2bed009e0a 100644 --- a/meta/recipes-support/libsoup/libsoup_3.6.5.bb +++ b/meta/recipes-support/libsoup/libsoup_3.6.5.bb
@@ -12,7 +12,8 @@ DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl nghttp2"
12	SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"	12	SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
13		13
14	SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \	14	SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
15	file://CVE-2025-32914.patch"	15	file://CVE-2025-32914.patch \
		16	file://CVE-2025-4476.patch"
16	SRC_URI[sha256sum] = "6891765aac3e949017945c3eaebd8cc8216df772456dc9f460976fbdb7ada234"	17	SRC_URI[sha256sum] = "6891765aac3e949017945c3eaebd8cc8216df772456dc9f460976fbdb7ada234"
17		18
18	PROVIDES = "libsoup-3.0"	19	PROVIDES = "libsoup-3.0"